Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
usyqs.exe - horse yard ... Prozess!

usyqs.exe - horse yard ... Prozess!


Plagegeister aller Art und deren Bekämpfung: usyqs.exe - horse yard ... Prozess!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 30.03.2013, 15:27   #1
Chrisman
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Hallo Leute,

glücklicherweise habe ich euch eine lange lange Zeit nicht gebraucht. d.h. mein System war sauber und lief rund.
usyqs.exe ist der plagegeist der mich nun leider verfolgt.
Mein Firefox öffnet unbekannte Seiten selbstständig (irgendwelche Werbeseiten) und usyqs.exe ist in meinen Prozessen drin, dahinter steht horse yard irgendwas.
Immer wenn ich, während dieser Prozess aktiv ist ein Video auf Youtube lade, oder andere Sachen die was damit zu tun haben, hängt der Firefox ewig und und dann stürzt das Video ab.

Leider ist mir google wenig hilfreich.
Das schlimmste aber ist, dass ich auch mit HijackThis nichts angezeigt bekomme, das darauf hinweist hier könnte etwas schlimmes sein.
Aktuell beende ich den Prozess usyqs.exe immer manuell über den Taskmanager daher kann ich ihn gerade nicht zeigen, aber ich fühle mich damit sicherer. QWeiß natürlich ned ob ich dadurch auch sicherer lebe

Ich versuchte nach Anleitung vorzugehen bzw dem was ich gelesen habe. Bitte weist mich darauf hin wenn ich irgendwo einen Fehler in der Vorbereitung gemacht habe.

EDIT:
die GMER logdatei kann ich leider nicht anhängen.
"Die Datei, die Sie anhängen möchten, ist zu groß. Die maximale Dateigröße für diesen Dateityp beträgt 97,7 KB. Ihre Datei ist 204,4 KB groß. "

Alt 30.03.2013, 16:17   #2
DerJazzer
/// Malwareteam
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Hallo und

Ich bin Christoph und möchte dir bei deinem Problem helfen.
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (Posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software außer Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen außer ich fordere Dich dazu auf. Erschwert mir nämlich das Auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein PC clean ist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Du scheinst da einige Infektionen auch älteren Datums drauf gehabt zu haben. Weißt du da etwas von?

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________
Alt 30.03.2013, 16:37   #3
Chrisman
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Hallo Christoph,

schonmal vorab herzlichen Dank dass du mir hilfst.
Also von vorherigen Infektionen habe ich nichts mitbekommen, lasse alle paar monate mal hickjackthis durchlaufen um nachzusehen obs Probleme gibt.

So hier das Log von Combofix:
Code:
ATTFilter
ComboFix 13-03-30.01 - Chris 30.03.2013  16:27:42.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.12286.7467 [GMT 1:00]
ausgeführt von:: c:\users\Chris\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Roaming\Heigti
c:\users\Chris\AppData\Roaming\Heigti\ogas.qik
c:\users\Chris\AppData\Roaming\Ircei
c:\users\Chris\AppData\Roaming\Ircei\ihodd.ehd
c:\users\Chris\AppData\Roaming\Xuzuxi
c:\users\Chris\AppData\Roaming\Xuzuxi\luadx.upm
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-28 bis 2013-03-30  ))))))))))))))))))))))))))))))
.
.
2013-03-30 15:33 . 2013-03-30 15:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-30 13:58 . 2013-03-30 13:58	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-30 13:58 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-30 13:58 . 2013-03-30 13:58	--------	d-----w-	c:\users\Chris\AppData\Local\Programs
2013-03-30 01:25 . 2013-03-30 01:25	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F79731-8D28-4843-8991-87A0907D79CB}\offreg.dll
2013-03-30 01:24 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F79731-8D28-4843-8991-87A0907D79CB}\mpengine.dll
2013-03-25 18:08 . 2013-03-25 18:08	--------	d-----w-	C:\Guild Wars 2
2013-03-25 16:15 . 2013-03-28 16:43	--------	d-----w-	c:\users\Chris\AppData\Roaming\Vidoe
2013-03-25 16:15 . 2013-03-27 17:34	--------	d-----w-	c:\users\Chris\AppData\Roaming\Cyape
2013-03-24 16:06 . 2013-03-24 16:06	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-24 16:06 . 2013-03-24 16:06	--------	d-----w-	c:\program files (x86)\Java
2013-03-23 07:26 . 2013-03-23 21:27	--------	d-----w-	c:\users\Chris\AppData\Roaming\Awesomium
2013-03-22 16:45 . 2013-03-22 16:45	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2013-03-22 16:45 . 2013-03-22 16:45	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-03-22 16:43 . 2013-03-22 21:00	--------	d-----w-	C:\Marvel Heroes Beta
2013-03-22 16:41 . 2013-03-22 16:42	--------	d-----w-	c:\programdata\bitraider
2013-03-18 22:17 . 2013-03-18 22:17	--------	d-----w-	c:\users\Chris\AppData\Local\Apps
2013-03-18 22:17 . 2013-03-19 16:52	--------	d-----w-	c:\users\Chris\AppData\Local\Deployment
2013-03-17 11:48 . 2013-03-20 20:26	--------	d-----w-	c:\users\Chris\AppData\Roaming\Might & Magic Heroes VI
2013-03-07 20:38 . 2013-03-07 20:38	--------	d-----w-	c:\program files (x86)\BlueStacks
2013-03-07 20:38 . 2013-03-07 20:38	--------	d-----w-	c:\programdata\BlueStacks
2013-03-06 19:20 . 2013-03-06 19:20	--------	d-----w-	c:\users\Chris\AppData\Local\Funcom
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-24 16:06 . 2012-07-26 15:18	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-24 16:06 . 2012-02-20 07:37	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-12 19:07 . 2012-04-05 12:02	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 19:07 . 2011-12-22 21:16	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-16 12:46 . 2011-12-22 21:58	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-02 17:38 . 2013-02-02 17:38	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2013-02-02 17:38 . 2013-02-02 17:38	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-02-02 17:38 . 2013-02-02 17:38	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2013-02-02 17:38 . 2013-02-02 17:38	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2013-01-28 16:28 . 2011-12-22 23:10	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-13 21:17 . 2013-02-28 07:15	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-28 07:15	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-28 07:15	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-28 07:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 07:15	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 07:15	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 07:15	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-28 07:15	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-28 07:15	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-28 07:14	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-28 07:14	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-28 07:14	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-28 07:14	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-28 07:14	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-28 07:14	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-28 07:14	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-28 07:14	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-28 07:15	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-28 07:15	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-28 07:14	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-28 07:15	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-28 07:14	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-28 07:14	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-28 07:14	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-28 07:14	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-28 07:14	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-28 07:14	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-28 07:14	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-28 07:14	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-28 07:15	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-28 07:15	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-28 07:14	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-28 07:14	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-28 07:14	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-28 07:15	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-28 07:14	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-28 07:15	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-28 07:15	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-28 07:14	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-28 07:14	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-01-08 05:40 . 2013-02-16 12:41	97792	----a-w-	c:\windows\system32\mshtmled.dll
2013-01-05 05:53 . 2013-02-16 12:41	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-16 12:41	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-16 12:41	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-28 07:15	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-28 07:15	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-16 12:41	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-16 12:41	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-16 12:41	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-16 12:41	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-16 12:41	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-16 12:41	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-16 12:41	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-16 12:41	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-16 12:41	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-16 12:41	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSU"="c:\program files (x86)\Medion AG\NSU\NSU.exe" [2011-10-20 1789440]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-26 1631144]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-09-28 136416]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-02-15 601976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-6-17 1370224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\bitraider\BRSptSvc.exe [2013-03-22 949528]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2012-11-25 25832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-12-22 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-02-15 71032]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-02-15 384888]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KGLOQPOD
*Deregistered* - kgloqpod
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{C335382D-59A1-40E1-8FAA-946B0AA697DB}: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\
FF - ExtSQL: 2013-02-15 09:29; jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack; c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\extensions\jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Vihaziruq - c:\users\Chris\AppData\Roaming\Ageqy\wyug.exe
AddRemove-Carte - c:\gamescampus\DE\Carte\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2945886007-329671581-1404254205-1000\Software\SecuROM\License information*]
"datasecu"=hex:a0,32,5d,64,cc,a6,ed,b9,a3,7d,9f,80,b5,3a,c8,5f,a1,0f,d7,82,d4,
   88,24,41,2b,23,0c,ee,02,62,19,c5,9a,66,56,3b,13,e2,d5,dc,ef,ca,d9,d7,9a,ce,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-30  16:35:00
ComboFix-quarantined-files.txt  2013-03-30 15:35
.
Vor Suchlauf: 31 Verzeichnis(se), 62.721.835.008 Bytes frei
Nach Suchlauf: 37 Verzeichnis(se), 70.295.601.152 Bytes frei
.
- - End Of File - - 2853DD8C31799C15DF47037F958605C1
__________________
Alt 30.03.2013, 18:10   #4
DerJazzer
/// Malwareteam
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Hi

HijackThis ist zwar ein bekanntes Tool, aber nicht mehr auf dem Stand der Zeit. Außerdem ist die automatische Logfileauswertung mit Vorsicht zu genießen.

Mache bitte Folgendes:

Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 3

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    DirLook::
C:\Users\Chris\AppData\Roaming\Ageqy
C:\Users\Chris\AppData\Roaming\Cyape
C:\Users\Chris\AppData\Roaming\Goefn
C:\Users\Chris\AppData\Roaming\Omerta
C:\Users\Chris\AppData\Roaming\Ryuz
C:\Users\Chris\AppData\Roaming\Ugyku
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!



Bitte poste in deiner nächsten Antwort
  • AdwCleaner-Log
  • JRT.txt
  • Combofix.txt

Außerdem bitte das Gmer-Log zippen und anhängen. Wenn sie zu groß ist (trotz zippen), aufteilen oder bei einem Filehoster hochladen und mir den Link posten.
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 30.03.2013, 19:19   #5
Chrisman
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Danke für die ausführliche Anleitung

Ok zuallererst, ich glaub ich habe was falsch gemacht.
Diese Collect and suspect Sache ist bei mir nicht aufgetaucht. Ansonsten sah alles zumindest so aus, als würde alles wunderbar funktionieren.

Hier die Logs:

ADWCleaner:
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 30/03/2013 um 18:45:16 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Chris - CHRIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Chris\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\foxydeal.sqlite
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\prefs.js

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1610 octets] - [30/03/2013 18:45:16]

########## EOF - C:\AdwCleaner[S1].txt - [1670 octets] ##########


JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.4 (03.29.2013:1)
OS: Windows 7 Professional x64
Ran by Chris on 30.03.2013 at 18:50:09,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] "C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\d1ovbg0f.default\extensions\jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack.xpi" 
Emptied folder: C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\d1ovbg0f.default\minidumps [234 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.03.2013 at 18:55:52,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Combofix:
Code:
ATTFilter
ComboFix 13-03-30.01 - Chris 30.03.2013  18:58:07.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.12286.9408 [GMT 1:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Chris\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-28 bis 2013-03-30  ))))))))))))))))))))))))))))))
.
.
2013-03-30 18:04 . 2013-03-30 18:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-30 17:57 . 2013-03-30 17:57	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F79731-8D28-4843-8991-87A0907D79CB}\offreg.dll
2013-03-30 13:58 . 2013-03-30 13:58	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-30 13:58 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-30 13:58 . 2013-03-30 13:58	--------	d-----w-	c:\users\Chris\AppData\Local\Programs
2013-03-30 01:24 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F79731-8D28-4843-8991-87A0907D79CB}\mpengine.dll
2013-03-25 18:08 . 2013-03-25 18:08	--------	d-----w-	C:\Guild Wars 2
2013-03-25 16:15 . 2013-03-28 16:43	--------	d-----w-	c:\users\Chris\AppData\Roaming\Vidoe
2013-03-25 16:15 . 2013-03-27 17:34	--------	d-----w-	c:\users\Chris\AppData\Roaming\Cyape
2013-03-24 16:06 . 2013-03-24 16:06	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-24 16:06 . 2013-03-24 16:06	--------	d-----w-	c:\program files (x86)\Java
2013-03-23 07:26 . 2013-03-23 21:27	--------	d-----w-	c:\users\Chris\AppData\Roaming\Awesomium
2013-03-22 16:45 . 2013-03-22 16:45	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2013-03-22 16:45 . 2013-03-22 16:45	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-03-22 16:43 . 2013-03-22 21:00	--------	d-----w-	C:\Marvel Heroes Beta
2013-03-22 16:41 . 2013-03-22 16:42	--------	d-----w-	c:\programdata\bitraider
2013-03-18 22:17 . 2013-03-18 22:17	--------	d-----w-	c:\users\Chris\AppData\Local\Apps
2013-03-18 22:17 . 2013-03-19 16:52	--------	d-----w-	c:\users\Chris\AppData\Local\Deployment
2013-03-17 11:48 . 2013-03-20 20:26	--------	d-----w-	c:\users\Chris\AppData\Roaming\Might & Magic Heroes VI
2013-03-07 20:38 . 2013-03-07 20:38	--------	d-----w-	c:\program files (x86)\BlueStacks
2013-03-07 20:38 . 2013-03-07 20:38	--------	d-----w-	c:\programdata\BlueStacks
2013-03-06 19:20 . 2013-03-06 19:20	--------	d-----w-	c:\users\Chris\AppData\Local\Funcom
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-24 16:06 . 2012-07-26 15:18	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-24 16:06 . 2012-02-20 07:37	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-12 19:07 . 2012-04-05 12:02	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 19:07 . 2011-12-22 21:16	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-16 12:46 . 2011-12-22 21:58	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-02 17:38 . 2013-02-02 17:38	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2013-02-02 17:38 . 2013-02-02 17:38	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-02-02 17:38 . 2013-02-02 17:38	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2013-02-02 17:38 . 2013-02-02 17:38	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2013-01-28 16:28 . 2011-12-22 23:10	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-13 21:17 . 2013-02-28 07:15	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-28 07:15	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-28 07:15	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-28 07:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 07:15	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 07:15	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 07:15	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-28 07:15	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-28 07:15	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-28 07:14	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-28 07:14	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-28 07:14	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-28 07:14	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-28 07:14	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-28 07:14	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-28 07:14	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-28 07:14	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-28 07:15	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-28 07:15	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-28 07:14	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-28 07:15	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-28 07:14	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-28 07:14	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-28 07:14	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-28 07:14	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-28 07:14	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-28 07:14	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-28 07:14	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-28 07:14	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-28 07:15	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-28 07:15	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-28 07:14	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-28 07:14	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-28 07:14	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-28 07:15	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-28 07:14	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-28 07:15	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-28 07:15	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-28 07:14	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-28 07:14	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-01-08 05:40 . 2013-02-16 12:41	97792	----a-w-	c:\windows\system32\mshtmled.dll
2013-01-05 05:53 . 2013-02-16 12:41	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-16 12:41	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-16 12:41	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-28 07:15	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-28 07:15	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-16 12:41	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-16 12:41	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-16 12:41	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-16 12:41	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-16 12:41	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-16 12:41	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-16 12:41	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-16 12:41	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-16 12:41	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-16 12:41	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Chris\AppData\Roaming\Ageqy ----
.
.
---- Directory of c:\users\Chris\AppData\Roaming\Cyape ----
.
2013-03-27 17:34 . 2013-03-29 18:29	10045	----a-w-	c:\users\Chris\AppData\Roaming\Cyape\taoc.olu
2013-03-26 16:47 . 2013-03-28 16:42	3519372	----a-w-	c:\users\Chris\AppData\Roaming\Cyape\taoc.tmp
.
---- Directory of c:\users\Chris\AppData\Roaming\Goefn ----
.
.
---- Directory of c:\users\Chris\AppData\Roaming\Omerta ----
.
2013-02-09 20:30 . 2013-02-09 20:30	245275	----a-w-	c:\users\Chris\AppData\Roaming\Omerta\screenshot.tga
2013-02-09 20:30 . 2013-02-09 20:30	3510580	----a-w-	c:\users\Chris\AppData\Roaming\Omerta\save\00020.auto.sav
2013-02-09 20:00 . 2013-02-09 20:00	3497806	----a-w-	c:\users\Chris\AppData\Roaming\Omerta\save\00019.auto.sav
2013-02-09 15:40 . 2013-02-09 20:30	4211	----a-w-	c:\users\Chris\AppData\Roaming\Omerta\logs\Omerta.exe-20130209-16.40.31-50f578b8.log
2013-02-05 21:00 . 2013-02-05 21:00	230330	----a-w-	c:\users\Chris\AppData\Roaming\Omerta\save\00014.sav
2013-02-05 21:00 . 2013-02-05 21:00	230337	----a-w-	c:\users\Chris\AppData\Roaming\Omerta\save\00013.city.sav
2013-02-05 20:07 . 2013-02-05 21:01	3753	----a-w-	c:\users\Chris\AppData\Roaming\Omerta\logs\Omerta.exe-20130205-21.07.39-50f578b8.log
2013-02-03 11:53 . 2013-02-09 18:50	675	----a-w-	c:\users\Chris\AppData\Roaming\Omerta\save\save.lua
2013-02-03 11:36 . 2013-02-09 20:30	3309440	----a-w-	c:\users\Chris\AppData\Roaming\Omerta\district_pluto
2013-02-03 11:17 . 2013-02-03 11:17	53	----a-w-	c:\users\Chris\AppData\Roaming\Omerta\UserId.lua
2013-02-03 11:17 . 2013-02-09 20:30	438	----a-w-	c:\users\Chris\AppData\Roaming\Omerta\DeveloperStorage.lua
2013-02-03 11:17 . 2013-02-03 17:36	5551	----a-w-	c:\users\Chris\AppData\Roaming\Omerta\logs\Omerta.exe-20130203-12.17.00-50f578b8.log
.
---- Directory of c:\users\Chris\AppData\Roaming\Ryuz ----
.
2012-02-13 19:19 . 2012-07-19 17:50	415853	----a-w-	c:\users\Chris\AppData\Roaming\Ryuz\tauqq.wai
.
---- Directory of c:\users\Chris\AppData\Roaming\Ugyku ----
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSU"="c:\program files (x86)\Medion AG\NSU\NSU.exe" [2011-10-20 1789440]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-26 1631144]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-09-28 136416]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-02-15 601976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-6-17 1370224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\bitraider\BRSptSvc.exe [2013-03-22 949528]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2012-11-25 25832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-12-22 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-02-15 71032]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-02-15 384888]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{C335382D-59A1-40E1-8FAA-946B0AA697DB}: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\
FF - ExtSQL: 2013-02-15 09:29; jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack; c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\extensions\jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Carte - c:\gamescampus\DE\Carte\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2945886007-329671581-1404254205-1000\Software\SecuROM\License information*]
"datasecu"=hex:a0,32,5d,64,cc,a6,ed,b9,a3,7d,9f,80,b5,3a,c8,5f,a1,0f,d7,82,d4,
   88,24,41,2b,23,0c,ee,02,62,19,c5,9a,66,56,3b,13,e2,d5,dc,ef,ca,d9,d7,9a,ce,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-30  19:06:13
ComboFix-quarantined-files.txt  2013-03-30 18:06
ComboFix2.txt  2013-03-30 15:35
.
Vor Suchlauf: 37 Verzeichnis(se), 70.712.918.016 Bytes frei
Nach Suchlauf: 38 Verzeichnis(se), 70.671.183.872 Bytes frei
.
- - End Of File - - D6EB2FC1C0552BBCCB0CA9B13AFC7675

Nun... GMER log kann ich das alte leider nicht mehr anbieten, das habe ich gelöscht nachdem ich es ein wenig verkackt habe es aufzuteilen (frag nicht, wollte es in 2 unterschiedliche .txt aufteilen und dann hab ich mich vertan, dann war alles durcheinander etc.)
Aber ich habe ein neues Log gemacht das ich mit anhänge... nun ist es nichtmal mehr halb so groß


EDIT:
Hatte gerade einen BLuescreen... ich glaub zum ersten Mal überhaupt seit Windows 7.
Wollts nur mitgeteilt haben nicht dass das irgendwie auf was wichtiges noch hinweist.

Geändert von Chrisman (30.03.2013 um 19:32 Uhr)

Alt 30.03.2013, 19:43   #6
DerJazzer
/// Malwareteam
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Hi

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Choose File
  • Kopiere nun folgendes in die Suchleiste
    Code:
    ATTFilter
    C:\Windows\System32\Drivers\adutddo4.SYS
  • und klicke auf Öffnen.
  • Klicke auf Scan It!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    This file was already analysed by VirusTotal...
    klicke auf Reanalyse.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.
__________________
--> usyqs.exe - horse yard ... Prozess!

Alt 30.03.2013, 19:54   #7
Chrisman
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Die Datei habe ich nicht auf meinem PC finden können.
Evtl ist die Datei verschwunden nachdem ich den PC neu starten musste wegen dem Bluescreen den ich hatte?

hxxp://imageshack.us/photo/my-images/593/unbenanntxra.png/
Hier ein screenshot davon


Der Prozess von usyqs.exe kommt übrigens nicht mehr
Geändert von Chrisman (30.03.2013 um 20:00 Uhr)

Alt 30.03.2013, 20:01   #8
DerJazzer
/// Malwareteam
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Mmmh, seltsam.

Mache mal Folgendes:

Schritt 1

Ein neues Gmer-Log bitte.

Schritt 2

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Schritt 3

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Bitte poste in deiner nächsten Antwort
  • Gmer-Log
  • TDSSKiller-Log
  • aswMBR.txt
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 30.03.2013, 20:38   #9
Chrisman
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


OK hat alles funktioniert.
Lediglich beim aswMBR da war die Version iene andere als in der Anleitung in deinem Link... insofern habe ich beim auswahlmenü neben dem scan knopf alles so belassen wie es war (quickscan war ausgewählt)

So, hier die logs:

GMER:

Code:
ATTFilter
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC35 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kgloqpod.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload                                                                                            fffff8800437ed64 12 bytes {MOV RAX, 0xfffffa800b3932a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text   C:\Windows\SysWOW64\PnkBstrA.exe[1408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                      0000000070de1a22 2 bytes [DE, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                      0000000070de1ad0 2 bytes [DE, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                      0000000070de1b08 2 bytes [DE, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                      0000000070de1bba 2 bytes [DE, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1408] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                      0000000070de1bda 2 bytes [DE, 70]
.text   C:\Program Files (x86)\BlueStacks\HD-Service.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                               0000000075951465 2 bytes [95, 75]
.text   C:\Program Files (x86)\BlueStacks\HD-Service.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                              00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Steam\Steam.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                   000000007548549c 5 bytes JMP 00000001000f0800
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000075951465 2 bytes [95, 75]
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000075951465 2 bytes [95, 75]
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000075951465 2 bytes [95, 75]
.text   C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2
?       C:\Windows\system32\mssprxy.dll [1452] entry point in ".rdata" section                                                                       0000000058a171e6
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000075951465 2 bytes [95, 75]
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4624] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                               000000007548549c 5 bytes JMP 00000001001c0800
.text   C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000075951465 2 bytes [95, 75]
.text   C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\BlueStacks\HD-Agent.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000075951465 2 bytes [95, 75]
.text   C:\Program Files (x86)\BlueStacks\HD-Agent.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075951465 2 bytes [95, 75]
.text   C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000075951465 2 bytes [95, 75]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2
?       C:\Windows\system32\mssprxy.dll [4852] entry point in ".rdata" section                                                                       0000000058a171e6
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5         000000007701f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15        000000007701f99b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5                      000000007701fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15                     000000007701fa17 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5                    000000007701fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15                   000000007701fb2f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5              000000007701fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15             000000007701fbdf 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                  000000007701fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15                 000000007701fc0f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5           000000007701fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15          000000007701fc27 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5             000000007701fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15            000000007701fc3f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5           000000007701fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15          000000007701fc6f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5            000000007701fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15           000000007701fcef 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5           000000007701fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15          000000007701fd07 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                     000000007701fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                    000000007701fd53 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5                  000000007701fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15                 000000007701fdb7 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5          000000007701fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15         000000007701fe4b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5                000000007701ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15               000000007701ff93 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                   0000000077020099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                  00000000770200a3 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5                 0000000077020781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15                000000007702078b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5                    0000000077020ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15                   0000000077021007 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5                   000000007702105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15                  0000000077021067 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5             00000000770210a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15            00000000770210af 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                   000000007702111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                  0000000077021127 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5      0000000077021321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15     000000007702132b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\kernel32.dll!CreateProcessW                  0000000074d4103d 5 bytes JMP 0000000100010030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\kernel32.dll!CreateProcessA                  0000000074d41072 5 bytes JMP 0000000100010070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW                  000000007548119f 5 bytes JMP 0000000100020030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW                    00000000754811cf 5 bytes JMP 0000000100020070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps                      0000000075074de0 5 bytes JMP 00000001001203b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!SelectObject                       0000000075074f70 5 bytes JMP 00000001001205f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!SetBkMode                          00000000750751a2 5 bytes JMP 00000001001208f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!SetTextColor                       000000007507522d 5 bytes JMP 0000000100120a30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!DeleteObject                       0000000075075689 5 bytes JMP 00000001001201b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!DeleteDC                           00000000750758b3 5 bytes JMP 0000000100120170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!GetCurrentObject                   0000000075076bad 5 bytes JMP 0000000100120370
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!SaveDC                             0000000075076e05 5 bytes JMP 0000000100120570
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!RestoreDC                          0000000075076ead 5 bytes JMP 0000000100120530
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode                  0000000075077180 5 bytes JMP 00000001001206b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!StretchDIBits                      0000000075077435 5 bytes JMP 0000000100120770
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!CreateDCA                          0000000075077bcc 5 bytes JMP 00000001001200b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!IntersectClipRect                  0000000075077dc4 5 bytes JMP 00000001001203f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!GetTextAlign                       0000000075077fd5 5 bytes JMP 0000000100120d70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW                    00000000750782b2 5 bytes JMP 0000000100120e30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!SetTextAlign                       0000000075078401 5 bytes JMP 00000001001209f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn                   000000007507879f 5 bytes JMP 00000001001202f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!SelectClipRgn                      0000000075078916 5 bytes JMP 00000001001205b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!ExtTextOutW                        0000000075078b7a 5 bytes JMP 0000000100120970
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!MoveToEx                           0000000075078ee6 5 bytes JMP 0000000100120470
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!GetFontData                        0000000075079875 5 bytes JMP 0000000100120c70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!GetTextFaceW                       0000000075079936 5 bytes JMP 0000000100120d30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!Rectangle                          000000007507a53a 5 bytes JMP 00000001001209b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!GetClipBox                         000000007507af9f 5 bytes JMP 0000000100120330
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!LineTo                             000000007507b9e5 5 bytes JMP 0000000100120430
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!SetICMMode                         000000007507bd55 5 bytes JMP 0000000100120db0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!CreateICW                          000000007507c040 5 bytes JMP 0000000100120130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W              000000007507c107 5 bytes JMP 0000000100120670
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!SetWorldTransform                  000000007507c269 5 bytes JMP 00000001001206f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA                    000000007507d1f1 5 bytes JMP 0000000100120df0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A              000000007507d349 5 bytes JMP 0000000100120630
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!ExtTextOutA                        000000007507dce4 5 bytes JMP 0000000100120930
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!CreateDCW                          000000007507e743 5 bytes JMP 00000001001200f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!ExtEscape                          00000000750803b7 5 bytes JMP 00000001001202b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!Escape                             0000000075081bda 5 bytes JMP 0000000100120270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!GetTextFaceA                       0000000075081e89 5 bytes JMP 0000000100120cf0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode                    0000000075084843 5 bytes JMP 0000000100120b30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!SetMiterLimit                      0000000075085690 5 bytes JMP 0000000100120b70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!EndPage                            0000000075086bde 5 bytes JMP 0000000100120230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!ResetDCW                           000000007508e2db 5 bytes JMP 0000000100120ab0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW                   000000007509940d 5 bytes JMP 0000000100120cb0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW        000000007509c621 5 bytes JMP 0000000100120bb0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!AddFontResourceW                   000000007509d2b2 5 bytes JMP 0000000100120bf0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW                000000007509d919 5 bytes JMP 0000000100120c30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!AbortDoc                           00000000750a3adc 5 bytes JMP 0000000100120030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!EndDoc                             00000000750a3f29 5 bytes JMP 00000001001201f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!StartPage                          00000000750a401a 5 bytes JMP 0000000100120730
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!StartDocW                          00000000750a4c51 5 bytes JMP 00000001001207f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!BeginPath                          00000000750a53fd 5 bytes JMP 0000000100120830
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!SelectClipPath                     00000000750a5454 5 bytes JMP 0000000100120af0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!CloseFigure                        00000000750a54af 5 bytes JMP 0000000100120070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!EndPath                            00000000750a5506 5 bytes JMP 0000000100120a70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!StrokePath                         00000000750a573f 5 bytes JMP 00000001001207b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!FillPath                           00000000750a57d2 5 bytes JMP 0000000100120870
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!PolylineTo                         00000000750a5c44 5 bytes JMP 00000001001204f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!PolyBezierTo                       00000000750a5cd5 5 bytes JMP 00000001001204b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\GDI32.dll!PolyDraw                           00000000750a5d87 5 bytes JMP 00000001001208b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!MapWindowPoints                   0000000076a78c40 5 bytes JMP 0000000100130570
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW          0000000076a79ebd 5 bytes JMP 00000001001302b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA          0000000076a80afa 5 bytes JMP 00000001001302f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!GetClientRect                     0000000076a80c62 7 bytes JMP 00000001001305b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!GetParent                         0000000076a80f68 7 bytes JMP 00000001001306f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!IsWindowVisible                   0000000076a8112d 7 bytes JMP 00000001001306b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!PostMessageW                      0000000076a812a5 5 bytes JMP 00000001001305f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!ScreenToClient                    0000000076a8227d 7 bytes JMP 0000000100130670
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!MonitorFromWindow                 0000000076a83150 7 bytes JMP 0000000100130630
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!SetCursor                         0000000076a841f6 5 bytes JMP 0000000100130530
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA           0000000076a868ef 5 bytes JMP 0000000100130270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW           0000000076a877fa 5 bytes JMP 0000000100130230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!GetTopWindow                      0000000076a87887 7 bytes JMP 0000000100130730
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable        0000000076a88676 5 bytes JMP 00000001001300f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber        0000000076a88696 5 bytes JMP 0000000100130330
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!CloseClipboard                    0000000076a88e8d 5 bytes JMP 00000001001300b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!OpenClipboard                     0000000076a88ecb 5 bytes JMP 0000000100130070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain              0000000076a8c17b 5 bytes JMP 0000000100130430
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats              0000000076a8c449 5 bytes JMP 00000001001301b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow            0000000076a8c468 5 bytes JMP 00000001001303f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!CountClipboardFormats             0000000076a8c486 5 bytes JMP 00000001001301f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                0000000076a8c4b6 5 bytes JMP 00000001001304b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout            0000000076a8d6c0 5 bytes JMP 00000001001304f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!GetClipboardOwner                 0000000076a8e360 5 bytes JMP 0000000100130370
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!SetClipboardData                  0000000076ab8e57 5 bytes JMP 0000000100130170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!SetCursorPos                      0000000076ab9cfd 5 bytes JMP 0000000100130770
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!GetClipboardData                  0000000076ab9f1d 5 bytes JMP 0000000100130030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!EmptyClipboard                    0000000076ad7cb9 5 bytes JMP 0000000100130130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!GetClipboardViewer                0000000076ad8111 5 bytes JMP 0000000100130470
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat        0000000076ad832f 5 bytes JMP 00000001001303b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer                0000000074b79606 5 bytes JMP 00000001001400f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle            0000000074b80581 5 bytes JMP 0000000100140130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext            0000000074b80bb9 5 bytes JMP 0000000100140270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken                0000000074b80c2e 5 bytes JMP 00000001001401b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA          0000000074b80f2e 5 bytes JMP 0000000100140070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA      0000000074b81096 5 bytes JMP 00000001001400b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\SspiCli.dll!EncryptMessage                   0000000074b8124e 5 bytes JMP 00000001001401f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\SspiCli.dll!DecryptMessage                   0000000074b8129d 5 bytes JMP 0000000100140230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA        0000000074b81527 5 bytes JMP 0000000100140030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA       0000000074b81590 5 bytes JMP 0000000100140170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\ole32.dll!OleSetClipboard                    0000000074ed0045 5 bytes JMP 0000000100150030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard              0000000074ed36b2 5 bytes JMP 0000000100150070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\ole32.dll!OleGetClipboard                    0000000074effdcd 5 bytes JMP 00000001001500b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000075951465 2 bytes [95, 75]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\BlueStacks\HD-Frontend.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075951465 2 bytes [95, 75]
.text   C:\Program Files (x86)\BlueStacks\HD-Frontend.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\BlueStacks\HD-Adb.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000075951465 2 bytes [95, 75]
.text   C:\Program Files (x86)\BlueStacks\HD-Adb.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Windows Media Player\wmplayer.exe[844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075951465 2 bytes [95, 75]
.text   C:\Program Files (x86)\Windows Media Player\wmplayer.exe[844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000759514bb 2 bytes [95, 75]
.text   ...                                                                                                                                          * 2

---- Devices - GMER 2.1 ----

Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                                  fffffa8009a2f2c0
Device  \Driver\atapi \Device\Ide\IdePort0                                                                                                           fffffa8009a2f2c0
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2                                                                                                  fffffa8009a2f2c0
Device  \Driver\atapi \Device\Ide\IdePort1                                                                                                           fffffa8009a2f2c0
Device  \Driver\atapi \Device\Ide\IdePort2                                                                                                           fffffa8009a2f2c0
Device  \Driver\atapi \Device\Ide\IdePort3                                                                                                           fffffa8009a2f2c0
Device  \Driver\aojxvpkn \Device\Scsi\aojxvpkn1Port4Path0Target0Lun0                                                                                 fffffa800b3752c0
Device  \Driver\aojxvpkn \Device\Scsi\aojxvpkn1                                                                                                      fffffa800b3752c0
Device  \Driver\aojxvpkn \Device\Scsi\aojxvpkn1Port4Path0Target1Lun0                                                                                 fffffa800b3752c0
Device  \FileSystem\Ntfs \Ntfs                                                                                                                       fffffa8009a332c0
Device  \Driver\usbehci \Device\USBPDO-5                                                                                                             fffffa800b32f2c0
Device  \Driver\usbohci \Device\USBFDO-3                                                                                                             fffffa800b3f62c0
Device  \Driver\usbohci \Device\USBPDO-1                                                                                                             fffffa800b3f62c0
Device  \Driver\cdrom \Device\CdRom0                                                                                                                 fffffa800b0d72c0
Device  \Driver\cdrom \Device\CdRom1                                                                                                                 fffffa800b0d72c0
Device  \Driver\cdrom \Device\CdRom2                                                                                                                 fffffa800b0d72c0
Device  \Driver\usbohci \Device\USBPDO-6                                                                                                             fffffa800b3f62c0
Device  \Driver\usbohci \Device\USBFDO-4                                                                                                             fffffa800b3f62c0
Device  \Driver\usbehci \Device\USBPDO-2                                                                                                             fffffa800b32f2c0
Device  \Driver\usbohci \Device\USBFDO-0                                                                                                             fffffa800b3f62c0
Device  \Driver\usbehci \Device\USBFDO-5                                                                                                             fffffa800b32f2c0
Device  \Driver\usbohci \Device\USBPDO-3                                                                                                             fffffa800b3f62c0
Device  \Driver\usbohci \Device\USBFDO-1                                                                                                             fffffa800b3f62c0
Device  \Driver\volmgr \Device\HarddiskVolume1                                                                                                       fffffa8009a2b2c0
Device  \Driver\volmgr \Device\FtControl                                                                                                             fffffa8009a2b2c0
Device  \Driver\volmgr \Device\VolMgrControl                                                                                                         fffffa8009a2b2c0
Device  \Driver\volmgr \Device\HarddiskVolume2                                                                                                       fffffa8009a2b2c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{C335382D-59A1-40E1-8FAA-946B0AA697DB}                                                                     fffffa800b1802c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                      fffffa800b1802c0
Device  \Driver\usbohci \Device\USBFDO-6                                                                                                             fffffa800b3f62c0
Device  \Driver\usbohci \Device\USBPDO-4                                                                                                             fffffa800b3f62c0
Device  \Driver\usbehci \Device\USBFDO-2                                                                                                             fffffa800b32f2c0
Device  \Driver\atapi \Device\ScsiPort0                                                                                                              fffffa8009a2f2c0
Device  \Driver\usbohci \Device\USBPDO-0                                                                                                             fffffa800b3f62c0
Device  \Driver\atapi \Device\ScsiPort1                                                                                                              fffffa8009a2f2c0
Device  \Driver\atapi \Device\ScsiPort2                                                                                                              fffffa8009a2f2c0
Device  \Driver\atapi \Device\ScsiPort3                                                                                                              fffffa8009a2f2c0
Device  \Driver\aojxvpkn \Device\ScsiPort4                                                                                                           fffffa800b3752c0

---- Trace I/O - GMER 2.1 ----

Trace   ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8009a2f2c0]<< spso.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys   fffffa8009a2f2c0
Trace   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800abe2060]                                                                              fffffa800abe2060
Trace   3 CLASSPNP.SYS[fffff880013ca43f] -> nt!IofCallDriver -> [0xfffffa8009b74520]                                                                 fffffa8009b74520
Trace   5 ACPI.sys[fffff880010437a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8009b76060]                                        fffffa8009b76060
Trace   \Driver\atapi[0xfffffa8009b5b060] -> IRP_MJ_CREATE -> 0xfffffa8009a2f2c0                                                                     fffffa8009a2f2c0

---- Modules - GMER 2.1 ----

Module  \SystemRoot\System32\Drivers\aojxvpkn.SYS                                                                                                    fffff880043ac000-fffff880043f1000 (282624 bytes)

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [2128:3704]                                                                                                  000007fefb649688

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                           771343423
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                           285507792
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                           1
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                          C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                          0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                          0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                       0xFB 0x1A 0x05 0x0D ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                 0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                              0xA0 0xE6 0x00 0x07 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                         0x68 0x5C 0xAA 0x3E ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                         0x22 0xD8 0xC9 0x79 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                         
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                              C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                              0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                              0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                           0x7A 0xE6 0x67 0x2E ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                     0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                  0xA0 0xE6 0x00 0x07 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                           
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                             0x68 0x5C 0xAA 0x3E ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                           
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                             0x22 0xD8 0xC9 0x79 ...

---- EOF - GMER 2.1 ----
TDSSKiller:
Code:
ATTFilter
20:06:56.0529 6136  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:06:56.0699 6136  ============================================================
20:06:56.0699 6136  Current date / time: 2013/03/30 20:06:56.0699
20:06:56.0699 6136  SystemInfo:
20:06:56.0699 6136  
20:06:56.0699 6136  OS Version: 6.1.7601 ServicePack: 1.0
20:06:56.0699 6136  Product type: Workstation
20:06:56.0699 6136  ComputerName: CHRIS-PC
20:06:56.0700 6136  UserName: Chris
20:06:56.0700 6136  Windows directory: C:\Windows
20:06:56.0700 6136  System windows directory: C:\Windows
20:06:56.0700 6136  Running under WOW64
20:06:56.0700 6136  Processor architecture: Intel x64
20:06:56.0700 6136  Number of processors: 4
20:06:56.0700 6136  Page size: 0x1000
20:06:56.0700 6136  Boot type: Normal boot
20:06:56.0700 6136  ============================================================
20:06:57.0799 6136  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:06:57.0802 6136  ============================================================
20:06:57.0802 6136  \Device\Harddisk0\DR0:
20:06:57.0807 6136  MBR partitions:
20:06:57.0807 6136  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:06:57.0807 6136  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:06:57.0807 6136  ============================================================
20:06:57.0809 6136  C: <-> \Device\Harddisk0\DR0\Partition2
20:06:57.0809 6136  ============================================================
20:06:57.0809 6136  Initialize success
20:06:57.0809 6136  ============================================================
20:09:35.0529 1764  ============================================================
20:09:35.0529 1764  Scan started
20:09:35.0529 1764  Mode: Manual; SigCheck; TDLFS; 
20:09:35.0529 1764  ============================================================
20:09:35.0981 1764  ================ Scan system memory ========================
20:09:35.0981 1764  System memory - ok
20:09:35.0981 1764  ================ Scan services =============================
20:09:36.0079 1764  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:09:36.0118 1764  1394ohci - ok
20:09:36.0134 1764  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:09:36.0147 1764  ACPI - ok
20:09:36.0156 1764  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:09:36.0167 1764  AcpiPmi - ok
20:09:36.0238 1764  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:09:36.0248 1764  AdobeARMservice - ok
20:09:36.0346 1764  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:36.0356 1764  AdobeFlashPlayerUpdateSvc - ok
20:09:36.0388 1764  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:09:36.0404 1764  adp94xx - ok
20:09:36.0431 1764  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:09:36.0444 1764  adpahci - ok
20:09:36.0457 1764  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:09:36.0467 1764  adpu320 - ok
20:09:36.0492 1764  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:09:36.0520 1764  AeLookupSvc - ok
20:09:36.0579 1764  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:09:36.0593 1764  AFD - ok
20:09:36.0617 1764  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:09:36.0626 1764  agp440 - ok
20:09:36.0636 1764  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:09:36.0646 1764  ALG - ok
20:09:36.0666 1764  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:09:36.0675 1764  aliide - ok
20:09:36.0707 1764  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:09:36.0722 1764  AMD External Events Utility - ok
20:09:36.0781 1764  AMD FUEL Service - ok
20:09:36.0795 1764  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:09:36.0804 1764  amdide - ok
20:09:36.0821 1764  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
20:09:36.0833 1764  amdiox64 - ok
20:09:36.0856 1764  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:09:36.0865 1764  AmdK8 - ok
20:09:37.0070 1764  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:09:37.0259 1764  amdkmdag - ok
20:09:37.0281 1764  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:09:37.0295 1764  amdkmdap - ok
20:09:37.0319 1764  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:09:37.0329 1764  AmdPPM - ok
20:09:37.0355 1764  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:09:37.0365 1764  amdsata - ok
20:09:37.0380 1764  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:09:37.0391 1764  amdsbs - ok
20:09:37.0403 1764  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:09:37.0412 1764  amdxata - ok
20:09:37.0480 1764  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:09:37.0489 1764  AntiVirSchedulerService - ok
20:09:37.0496 1764  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:09:37.0504 1764  AntiVirService - ok
20:09:37.0539 1764  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:09:37.0547 1764  AODDriver4.01 - ok
20:09:37.0563 1764  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:09:37.0571 1764  AODDriver4.2 - ok
20:09:37.0591 1764  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:09:37.0616 1764  AppID - ok
20:09:37.0636 1764  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:09:37.0662 1764  AppIDSvc - ok
20:09:37.0677 1764  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:09:37.0703 1764  Appinfo - ok
20:09:37.0746 1764  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:09:37.0755 1764  AppMgmt - ok
20:09:37.0767 1764  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
20:09:37.0776 1764  arc - ok
20:09:37.0794 1764  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:09:37.0803 1764  arcsas - ok
20:09:37.0846 1764  aspnet_state - ok
20:09:37.0864 1764  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:09:37.0891 1764  AsyncMac - ok
20:09:37.0903 1764  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:09:37.0911 1764  atapi - ok
20:09:37.0956 1764  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:09:37.0964 1764  AtiHDAudioService - ok
20:09:38.0118 1764  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:09:38.0223 1764  atikmdag - ok
20:09:38.0263 1764  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:09:38.0295 1764  AudioEndpointBuilder - ok
20:09:38.0303 1764  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:09:38.0334 1764  AudioSrv - ok
20:09:38.0362 1764  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:09:38.0380 1764  avgntflt - ok
20:09:38.0396 1764  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:09:38.0407 1764  avipbb - ok
20:09:38.0421 1764  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:09:38.0430 1764  avkmgr - ok
20:09:38.0455 1764  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:09:38.0469 1764  AxInstSV - ok
20:09:38.0508 1764  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:09:38.0521 1764  b06bdrv - ok
20:09:38.0550 1764  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:09:38.0561 1764  b57nd60a - ok
20:09:38.0582 1764  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:09:38.0591 1764  BDESVC - ok
20:09:38.0608 1764  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:09:38.0635 1764  Beep - ok
20:09:38.0666 1764  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:09:38.0700 1764  BFE - ok
20:09:38.0733 1764  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
20:09:38.0768 1764  BITS - ok
20:09:38.0804 1764  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:09:38.0814 1764  blbdrive - ok
20:09:38.0824 1764  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:09:38.0833 1764  bowser - ok
20:09:38.0887 1764  BRDriver64 - ok
20:09:39.0013 1764  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:09:39.0024 1764  BrFiltLo - ok
20:09:39.0034 1764  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:09:39.0044 1764  BrFiltUp - ok
20:09:39.0059 1764  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:09:39.0086 1764  BridgeMP - ok
20:09:39.0124 1764  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:09:39.0134 1764  Browser - ok
20:09:39.0149 1764  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:09:39.0159 1764  Brserid - ok
20:09:39.0171 1764  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:09:39.0181 1764  BrSerWdm - ok
20:09:39.0245 1764  [ A26AB8E6852D72CE129C3C3A61A21FEA ] BRSptSvc        C:\programdata\bitraider\BRSptSvc.exe
20:09:39.0265 1764  BRSptSvc - ok
20:09:39.0277 1764  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:09:39.0288 1764  BrUsbMdm - ok
20:09:39.0292 1764  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:09:39.0302 1764  BrUsbSer - ok
20:09:39.0413 1764  [ 173BBAE8027339608CBD5C5369BCDDDD ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
20:09:39.0427 1764  BstHdAndroidSvc - ok
20:09:39.0452 1764  [ 6EE2AB13C21AFE72E8622304CFAF97B5 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
20:09:39.0462 1764  BstHdDrv - ok
20:09:39.0474 1764  [ D9BD54860A00FE88B660D26E66EB075A ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
20:09:39.0487 1764  BstHdLogRotatorSvc - ok
20:09:39.0500 1764  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:09:39.0511 1764  BTHMODEM - ok
20:09:39.0547 1764  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:09:39.0574 1764  bthserv - ok
20:09:39.0585 1764  catchme - ok
20:09:39.0594 1764  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:09:39.0621 1764  cdfs - ok
20:09:39.0654 1764  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:09:39.0665 1764  cdrom - ok
20:09:39.0685 1764  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:09:39.0713 1764  CertPropSvc - ok
20:09:39.0738 1764  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
20:09:39.0749 1764  circlass - ok
20:09:39.0767 1764  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:09:39.0781 1764  CLFS - ok
20:09:39.0803 1764  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:39.0812 1764  clr_optimization_v2.0.50727_32 - ok
20:09:39.0855 1764  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:09:39.0863 1764  clr_optimization_v2.0.50727_64 - ok
20:09:39.0915 1764  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:39.0924 1764  clr_optimization_v4.0.30319_32 - ok
20:09:39.0950 1764  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:09:39.0959 1764  clr_optimization_v4.0.30319_64 - ok
20:09:39.0991 1764  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:09:40.0000 1764  CmBatt - ok
20:09:40.0009 1764  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:09:40.0018 1764  cmdide - ok
20:09:40.0059 1764  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
20:09:40.0079 1764  CNG - ok
20:09:40.0090 1764  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:09:40.0098 1764  Compbatt - ok
20:09:40.0116 1764  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:09:40.0128 1764  CompositeBus - ok
20:09:40.0141 1764  COMSysApp - ok
20:09:40.0149 1764  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:09:40.0158 1764  crcdisk - ok
20:09:40.0207 1764  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:09:40.0218 1764  CryptSvc - ok
20:09:40.0243 1764  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
20:09:40.0258 1764  CSC - ok
20:09:40.0274 1764  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
20:09:40.0289 1764  CscService - ok
20:09:40.0466 1764  [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc    C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
20:09:40.0473 1764  DAUpdaterSvc - ok
20:09:40.0501 1764  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:09:40.0533 1764  DcomLaunch - ok
20:09:40.0562 1764  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:09:40.0593 1764  defragsvc - ok
20:09:40.0615 1764  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:09:40.0642 1764  DfsC - ok
20:09:40.0676 1764  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:09:40.0685 1764  dg_ssudbus - ok
20:09:40.0709 1764  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:09:40.0720 1764  Dhcp - ok
20:09:40.0743 1764  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:09:40.0770 1764  discache - ok
20:09:40.0800 1764  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
20:09:40.0810 1764  Disk - ok
20:09:40.0835 1764  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
20:09:40.0844 1764  dmvsc - ok
20:09:40.0858 1764  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:09:40.0868 1764  Dnscache - ok
20:09:40.0885 1764  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:09:40.0914 1764  dot3svc - ok
20:09:40.0932 1764  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:09:40.0960 1764  DPS - ok
20:09:40.0979 1764  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:09:40.0990 1764  drmkaud - ok
20:09:41.0020 1764  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:09:41.0040 1764  DXGKrnl - ok
20:09:41.0058 1764  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:09:41.0086 1764  EapHost - ok
20:09:41.0142 1764  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:09:41.0213 1764  ebdrv - ok
20:09:41.0241 1764  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:09:41.0251 1764  EFS - ok
20:09:41.0294 1764  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:09:41.0311 1764  ehRecvr - ok
20:09:41.0326 1764  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:09:41.0337 1764  ehSched - ok
20:09:41.0370 1764  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:09:41.0386 1764  elxstor - ok
20:09:41.0395 1764  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:09:41.0404 1764  ErrDev - ok
20:09:41.0440 1764  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:09:41.0471 1764  EventSystem - ok
20:09:41.0492 1764  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:09:41.0520 1764  exfat - ok
20:09:41.0532 1764  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:09:41.0561 1764  fastfat - ok
20:09:41.0587 1764  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:09:41.0605 1764  Fax - ok
20:09:41.0619 1764  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:09:41.0628 1764  fdc - ok
20:09:41.0637 1764  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:09:41.0664 1764  fdPHost - ok
20:09:41.0676 1764  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:09:41.0703 1764  FDResPub - ok
20:09:41.0709 1764  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:09:41.0719 1764  FileInfo - ok
20:09:41.0735 1764  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:09:41.0763 1764  Filetrace - ok
20:09:41.0777 1764  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:09:41.0787 1764  flpydisk - ok
20:09:41.0804 1764  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:09:41.0817 1764  FltMgr - ok
20:09:41.0873 1764  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
20:09:41.0896 1764  FontCache - ok
20:09:41.0934 1764  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:09:41.0942 1764  FontCache3.0.0.0 - ok
20:09:41.0984 1764  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:09:41.0994 1764  FsDepends - ok
20:09:42.0033 1764  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:09:42.0042 1764  Fs_Rec - ok
20:09:42.0128 1764  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:09:42.0169 1764  fvevol - ok
20:09:42.0187 1764  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:09:42.0197 1764  gagp30kx - ok
20:09:42.0229 1764  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:09:42.0264 1764  gpsvc - ok
20:09:42.0277 1764  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:09:42.0288 1764  hcw85cir - ok
20:09:42.0321 1764  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:09:42.0335 1764  HdAudAddService - ok
20:09:42.0357 1764  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:09:42.0368 1764  HDAudBus - ok
20:09:42.0383 1764  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:09:42.0392 1764  HidBatt - ok
20:09:42.0410 1764  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:09:42.0421 1764  HidBth - ok
20:09:42.0439 1764  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:09:42.0450 1764  HidIr - ok
20:09:42.0477 1764  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
20:09:42.0504 1764  hidserv - ok
20:09:42.0530 1764  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:09:42.0539 1764  HidUsb - ok
20:09:42.0560 1764  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:09:42.0587 1764  hkmsvc - ok
20:09:42.0603 1764  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:09:42.0614 1764  HomeGroupListener - ok
20:09:42.0636 1764  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:09:42.0647 1764  HomeGroupProvider - ok
20:09:42.0656 1764  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:09:42.0665 1764  HpSAMD - ok
20:09:42.0697 1764  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:09:42.0731 1764  HTTP - ok
20:09:42.0743 1764  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:09:42.0751 1764  hwpolicy - ok
20:09:42.0770 1764  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:09:42.0781 1764  i8042prt - ok
20:09:42.0816 1764  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:09:42.0830 1764  iaStorV - ok
20:09:42.0866 1764  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:09:42.0887 1764  idsvc - ok
20:09:42.0903 1764  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:09:42.0912 1764  iirsp - ok
20:09:42.0941 1764  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:09:42.0978 1764  IKEEXT - ok
20:09:42.0992 1764  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:09:43.0000 1764  intelide - ok
20:09:43.0021 1764  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
20:09:43.0031 1764  intelppm - ok
20:09:43.0051 1764  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:09:43.0078 1764  IPBusEnum - ok
20:09:43.0092 1764  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:09:43.0118 1764  IpFilterDriver - ok
20:09:43.0159 1764  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:09:43.0173 1764  iphlpsvc - ok
20:09:43.0186 1764  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:09:43.0196 1764  IPMIDRV - ok
20:09:43.0211 1764  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:09:43.0239 1764  IPNAT - ok
20:09:43.0254 1764  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:09:43.0267 1764  IRENUM - ok
20:09:43.0285 1764  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:09:43.0295 1764  isapnp - ok
20:09:43.0307 1764  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:09:43.0318 1764  iScsiPrt - ok
20:09:43.0342 1764  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:09:43.0351 1764  kbdclass - ok
20:09:43.0364 1764  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:09:43.0373 1764  kbdhid - ok
20:09:43.0380 1764  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:09:43.0389 1764  KeyIso - ok
20:09:43.0417 1764  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:09:43.0427 1764  KSecDD - ok
20:09:43.0462 1764  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:09:43.0473 1764  KSecPkg - ok
20:09:43.0484 1764  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:09:43.0510 1764  ksthunk - ok
20:09:43.0528 1764  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:09:43.0560 1764  KtmRm - ok
20:09:43.0587 1764  [ B8E670D7EF61615FA03104552854FAC9 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
20:09:43.0595 1764  L1E - ok
20:09:43.0624 1764  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:09:43.0652 1764  LanmanServer - ok
20:09:43.0663 1764  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:09:43.0691 1764  LanmanWorkstation - ok
20:09:43.0746 1764  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:09:43.0759 1764  LBTServ - ok
20:09:43.0784 1764  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
20:09:43.0791 1764  LGBusEnum - ok
20:09:43.0806 1764  [ F705A641C18DF31B48B5DBDA94B425E4 ] LGPBTDD         C:\Windows\system32\Drivers\LGPBTDD.sys
20:09:43.0813 1764  LGPBTDD - ok
20:09:43.0836 1764  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
20:09:43.0843 1764  LGVirHid - ok
20:09:43.0872 1764  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:09:43.0881 1764  LHidFilt - ok
20:09:43.0908 1764  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:09:43.0935 1764  lltdio - ok
20:09:43.0958 1764  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:09:43.0993 1764  lltdsvc - ok
20:09:44.0005 1764  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:09:44.0033 1764  lmhosts - ok
20:09:44.0052 1764  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:09:44.0060 1764  LMouFilt - ok
20:09:44.0091 1764  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:09:44.0101 1764  LSI_FC - ok
20:09:44.0110 1764  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:09:44.0120 1764  LSI_SAS - ok
20:09:44.0130 1764  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:09:44.0140 1764  LSI_SAS2 - ok
20:09:44.0147 1764  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:09:44.0157 1764  LSI_SCSI - ok
20:09:44.0178 1764  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:09:44.0206 1764  luafv - ok
20:09:44.0241 1764  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:09:44.0248 1764  MBAMProtector - ok
20:09:44.0292 1764  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:09:44.0303 1764  MBAMScheduler - ok
20:09:44.0334 1764  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:09:44.0349 1764  MBAMService - ok
20:09:44.0446 1764  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
20:09:44.0458 1764  McComponentHostService - ok
20:09:44.0481 1764  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:09:44.0492 1764  Mcx2Svc - ok
20:09:44.0515 1764  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:09:44.0524 1764  megasas - ok
20:09:44.0550 1764  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:09:44.0562 1764  MegaSR - ok
20:09:44.0595 1764  [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
20:09:44.0602 1764  MemeoBackgroundService - ok
20:09:44.0639 1764  Microsoft SharePoint Workspace Audit Service - ok
20:09:44.0658 1764  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:09:44.0686 1764  MMCSS - ok
20:09:44.0702 1764  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:09:44.0729 1764  Modem - ok
20:09:44.0743 1764  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:09:44.0753 1764  monitor - ok
20:09:44.0770 1764  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:09:44.0779 1764  mouclass - ok
20:09:44.0799 1764  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:09:44.0808 1764  mouhid - ok
20:09:44.0815 1764  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:09:44.0824 1764  mountmgr - ok
20:09:44.0866 1764  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:09:44.0875 1764  MozillaMaintenance - ok
20:09:44.0887 1764  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:09:44.0898 1764  mpio - ok
20:09:44.0913 1764  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:09:44.0941 1764  mpsdrv - ok
20:09:44.0971 1764  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:09:45.0008 1764  MpsSvc - ok
20:09:45.0023 1764  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:09:45.0036 1764  MRxDAV - ok
20:09:45.0069 1764  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:09:45.0079 1764  mrxsmb - ok
20:09:45.0104 1764  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:09:45.0116 1764  mrxsmb10 - ok
20:09:45.0129 1764  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:09:45.0138 1764  mrxsmb20 - ok
20:09:45.0163 1764  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:09:45.0172 1764  msahci - ok
20:09:45.0187 1764  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:09:45.0197 1764  msdsm - ok
20:09:45.0213 1764  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:09:45.0225 1764  MSDTC - ok
20:09:45.0247 1764  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:09:45.0275 1764  Msfs - ok
20:09:45.0287 1764  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:09:45.0314 1764  mshidkmdf - ok
20:09:45.0323 1764  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:09:45.0332 1764  msisadrv - ok
20:09:45.0350 1764  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:09:45.0379 1764  MSiSCSI - ok
20:09:45.0385 1764  msiserver - ok
20:09:45.0410 1764  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:09:45.0436 1764  MSKSSRV - ok
20:09:45.0441 1764  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:09:45.0468 1764  MSPCLOCK - ok
20:09:45.0472 1764  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:09:45.0499 1764  MSPQM - ok
20:09:45.0517 1764  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:09:45.0530 1764  MsRPC - ok
20:09:45.0542 1764  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:09:45.0551 1764  mssmbios - ok
20:09:45.0556 1764  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:09:45.0584 1764  MSTEE - ok
20:09:45.0589 1764  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:09:45.0599 1764  MTConfig - ok
20:09:45.0626 1764  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:09:45.0633 1764  MTsensor - ok
20:09:45.0642 1764  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:09:45.0652 1764  Mup - ok
20:09:45.0680 1764  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:09:45.0711 1764  napagent - ok
20:09:45.0739 1764  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:09:45.0756 1764  NativeWifiP - ok
20:09:45.0812 1764  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:09:45.0836 1764  NDIS - ok
20:09:45.0848 1764  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:09:45.0877 1764  NdisCap - ok
20:09:45.0896 1764  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:09:45.0925 1764  NdisTapi - ok
20:09:45.0933 1764  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:09:45.0961 1764  Ndisuio - ok
20:09:45.0977 1764  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:09:46.0003 1764  NdisWan - ok
20:09:46.0013 1764  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:09:46.0040 1764  NDProxy - ok
20:09:46.0047 1764  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:09:46.0076 1764  NetBIOS - ok
20:09:46.0087 1764  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:09:46.0116 1764  NetBT - ok
20:09:46.0128 1764  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:09:46.0138 1764  Netlogon - ok
20:09:46.0167 1764  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:09:46.0198 1764  Netman - ok
20:09:46.0214 1764  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:09:46.0247 1764  netprofm - ok
20:09:46.0271 1764  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:09:46.0281 1764  NetTcpPortSharing - ok
20:09:46.0303 1764  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:09:46.0312 1764  nfrd960 - ok
20:09:46.0341 1764  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:09:46.0352 1764  NlaSvc - ok
20:09:46.0366 1764  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:09:46.0392 1764  Npfs - ok
20:09:46.0410 1764  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:09:46.0437 1764  nsi - ok
20:09:46.0444 1764  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:09:46.0471 1764  nsiproxy - ok
20:09:46.0532 1764  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:09:46.0577 1764  Ntfs - ok
20:09:46.0585 1764  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:09:46.0611 1764  Null - ok
20:09:46.0625 1764  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:09:46.0635 1764  nvraid - ok
20:09:46.0662 1764  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:09:46.0672 1764  nvstor - ok
20:09:46.0686 1764  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:09:46.0696 1764  nv_agp - ok
20:09:46.0705 1764  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:09:46.0713 1764  ohci1394 - ok
20:09:46.0768 1764  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:09:46.0777 1764  ose - ok
20:09:46.0872 1764  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:09:46.0976 1764  osppsvc - ok
20:09:47.0002 1764  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:09:47.0014 1764  p2pimsvc - ok
20:09:47.0037 1764  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:09:47.0051 1764  p2psvc - ok
20:09:47.0067 1764  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
20:09:47.0078 1764  Parport - ok
20:09:47.0114 1764  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:09:47.0124 1764  partmgr - ok
20:09:47.0137 1764  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:09:47.0153 1764  PcaSvc - ok
20:09:47.0172 1764  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:09:47.0204 1764  pci - ok
20:09:47.0212 1764  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:09:47.0221 1764  pciide - ok
20:09:47.0235 1764  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:09:47.0246 1764  pcmcia - ok
20:09:47.0258 1764  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:09:47.0267 1764  pcw - ok
20:09:47.0288 1764  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:09:47.0322 1764  PEAUTH - ok
20:09:47.0385 1764  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:09:47.0419 1764  PeerDistSvc - ok
20:09:47.0463 1764  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:09:47.0473 1764  PerfHost - ok
20:09:47.0519 1764  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:09:47.0575 1764  pla - ok
20:09:47.0603 1764  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:09:47.0617 1764  PlugPlay - ok
20:09:47.0653 1764  PnkBstrA - ok
20:09:47.0660 1764  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:09:47.0670 1764  PNRPAutoReg - ok
20:09:47.0685 1764  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:09:47.0696 1764  PNRPsvc - ok
20:09:47.0710 1764  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:09:47.0741 1764  PolicyAgent - ok
20:09:47.0768 1764  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:09:47.0799 1764  Power - ok
20:09:47.0816 1764  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:09:47.0843 1764  PptpMiniport - ok
20:09:47.0852 1764  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
20:09:47.0862 1764  Processor - ok
20:09:47.0895 1764  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:09:47.0905 1764  ProfSvc - ok
20:09:47.0918 1764  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:09:47.0927 1764  ProtectedStorage - ok
20:09:47.0938 1764  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:09:47.0964 1764  Psched - ok
20:09:47.0997 1764  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:09:48.0041 1764  ql2300 - ok
20:09:48.0058 1764  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:09:48.0069 1764  ql40xx - ok
20:09:48.0092 1764  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:09:48.0108 1764  QWAVE - ok
20:09:48.0123 1764  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:09:48.0136 1764  QWAVEdrv - ok
20:09:48.0150 1764  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:09:48.0176 1764  RasAcd - ok
20:09:48.0211 1764  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:09:48.0237 1764  RasAgileVpn - ok
20:09:48.0248 1764  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:09:48.0276 1764  RasAuto - ok
20:09:48.0289 1764  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:09:48.0315 1764  Rasl2tp - ok
20:09:48.0333 1764  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:09:48.0364 1764  RasMan - ok
20:09:48.0389 1764  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:09:48.0416 1764  RasPppoe - ok
20:09:48.0441 1764  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:09:48.0468 1764  RasSstp - ok
20:09:48.0482 1764  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:09:48.0510 1764  rdbss - ok
20:09:48.0524 1764  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:09:48.0535 1764  rdpbus - ok
20:09:48.0548 1764  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:09:48.0574 1764  RDPCDD - ok
20:09:48.0602 1764  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:09:48.0612 1764  RDPDR - ok
20:09:48.0628 1764  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:09:48.0655 1764  RDPENCDD - ok
20:09:48.0668 1764  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:09:48.0695 1764  RDPREFMP - ok
20:09:48.0747 1764  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:09:48.0755 1764  RdpVideoMiniport - ok
20:09:48.0787 1764  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:09:48.0797 1764  RDPWD - ok
20:09:48.0814 1764  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:09:48.0825 1764  rdyboost - ok
20:09:48.0850 1764  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:09:48.0878 1764  RemoteAccess - ok
20:09:48.0909 1764  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:09:48.0937 1764  RemoteRegistry - ok
20:09:48.0969 1764  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:09:48.0997 1764  RpcEptMapper - ok
20:09:49.0025 1764  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:09:49.0034 1764  RpcLocator - ok
20:09:49.0059 1764  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:09:49.0089 1764  RpcSs - ok
20:09:49.0109 1764  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:09:49.0135 1764  rspndr - ok
20:09:49.0158 1764  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:09:49.0166 1764  s3cap - ok
20:09:49.0175 1764  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:09:49.0184 1764  SamSs - ok
20:09:49.0198 1764  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:09:49.0207 1764  sbp2port - ok
20:09:49.0223 1764  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:09:49.0252 1764  SCardSvr - ok
20:09:49.0266 1764  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:09:49.0292 1764  scfilter - ok
20:09:49.0317 1764  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:09:49.0355 1764  Schedule - ok
20:09:49.0384 1764  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:09:49.0410 1764  SCPolicySvc - ok
20:09:49.0428 1764  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:09:49.0439 1764  SDRSVC - ok
20:09:49.0455 1764  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:09:49.0482 1764  secdrv - ok
20:09:49.0490 1764  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:09:49.0516 1764  seclogon - ok
20:09:49.0527 1764  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
20:09:49.0556 1764  SENS - ok
20:09:49.0569 1764  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:09:49.0578 1764  SensrSvc - ok
20:09:49.0594 1764  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:09:49.0604 1764  Serenum - ok
20:09:49.0611 1764  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:09:49.0621 1764  Serial - ok
20:09:49.0647 1764  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:09:49.0656 1764  sermouse - ok
20:09:49.0678 1764  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:09:49.0704 1764  SessionEnv - ok
20:09:49.0716 1764  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:09:49.0726 1764  sffdisk - ok
20:09:49.0730 1764  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:09:49.0740 1764  sffp_mmc - ok
20:09:49.0746 1764  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:09:49.0757 1764  sffp_sd - ok
20:09:49.0760 1764  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:09:49.0770 1764  sfloppy - ok
20:09:49.0792 1764  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:09:49.0822 1764  SharedAccess - ok
20:09:49.0844 1764  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:09:49.0873 1764  ShellHWDetection - ok
20:09:49.0897 1764  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:09:49.0907 1764  SiSRaid2 - ok
20:09:49.0916 1764  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:09:49.0926 1764  SiSRaid4 - ok
20:09:50.0201 1764  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:09:50.0355 1764  Skype C2C Service - ok
20:09:50.0443 1764  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:09:50.0453 1764  SkypeUpdate - ok
20:09:50.0480 1764  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:09:50.0508 1764  Smb - ok
20:09:50.0549 1764  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:09:50.0559 1764  SNMPTRAP - ok
20:09:50.0572 1764  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:09:50.0581 1764  spldr - ok
20:09:50.0623 1764  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:09:50.0637 1764  Spooler - ok
20:09:50.0712 1764  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:09:50.0793 1764  sppsvc - ok
20:09:50.0826 1764  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:09:50.0856 1764  sppuinotify - ok
20:09:50.0931 1764  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
20:09:50.0932 1764  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
20:09:50.0933 1764  sptd ( LockedFile.Multi.Generic ) - warning
20:09:50.0933 1764  sptd - detected LockedFile.Multi.Generic (1)
20:09:50.0964 1764  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:09:50.0979 1764  srv - ok
20:09:50.0994 1764  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:09:51.0008 1764  srv2 - ok
20:09:51.0016 1764  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:09:51.0026 1764  srvnet - ok
20:09:51.0056 1764  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:09:51.0084 1764  SSDPSRV - ok
20:09:51.0109 1764  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:09:51.0139 1764  SstpSvc - ok
20:09:51.0202 1764  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:09:51.0212 1764  ssudmdm - ok
20:09:51.0243 1764  Steam Client Service - ok
20:09:51.0295 1764  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:09:51.0304 1764  stexstor - ok
20:09:51.0333 1764  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:09:51.0353 1764  stisvc - ok
20:09:51.0365 1764  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:09:51.0374 1764  storflt - ok
20:09:51.0388 1764  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
20:09:51.0398 1764  StorSvc - ok
20:09:51.0418 1764  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:09:51.0428 1764  storvsc - ok
20:09:51.0440 1764  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:09:51.0449 1764  swenum - ok
20:09:51.0472 1764  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:09:51.0507 1764  swprv - ok
20:09:51.0574 1764  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:09:51.0615 1764  SysMain - ok
20:09:51.0625 1764  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:09:51.0638 1764  TabletInputService - ok
20:09:51.0651 1764  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:09:51.0682 1764  TapiSrv - ok
20:09:51.0699 1764  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:09:51.0729 1764  TBS - ok
20:09:51.0784 1764  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:09:51.0831 1764  Tcpip - ok
20:09:51.0868 1764  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:09:51.0901 1764  TCPIP6 - ok
20:09:51.0930 1764  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:09:51.0939 1764  tcpipreg - ok
20:09:51.0965 1764  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:09:51.0973 1764  TDPIPE - ok
20:09:52.0005 1764  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:09:52.0015 1764  TDTCP - ok
20:09:52.0024 1764  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:09:52.0050 1764  tdx - ok
20:09:52.0137 1764  [ 33966A658FF37E0C65D46E59F37E2380 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:09:52.0179 1764  TeamViewer7 - ok
20:09:52.0189 1764  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:09:52.0199 1764  TermDD - ok
20:09:52.0227 1764  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:09:52.0262 1764  TermService - ok
20:09:52.0274 1764  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:09:52.0288 1764  Themes - ok
20:09:52.0300 1764  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:09:52.0330 1764  THREADORDER - ok
20:09:52.0339 1764  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:09:52.0369 1764  TrkWks - ok
20:09:52.0396 1764  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:09:52.0425 1764  TrustedInstaller - ok
20:09:52.0449 1764  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:09:52.0477 1764  tssecsrv - ok
20:09:52.0521 1764  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:09:52.0531 1764  TsUsbFlt - ok
20:09:52.0551 1764  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:09:52.0560 1764  TsUsbGD - ok
20:09:52.0586 1764  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:09:52.0614 1764  tunnel - ok
20:09:52.0631 1764  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:09:52.0642 1764  uagp35 - ok
20:09:52.0661 1764  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:09:52.0692 1764  udfs - ok
20:09:52.0716 1764  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:09:52.0727 1764  UI0Detect - ok
20:09:52.0738 1764  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:09:52.0747 1764  uliagpkx - ok
20:09:52.0761 1764  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:09:52.0771 1764  umbus - ok
20:09:52.0800 1764  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:09:52.0810 1764  UmPass - ok
20:09:52.0836 1764  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
20:09:52.0847 1764  UmRdpService - ok
20:09:52.0866 1764  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:09:52.0899 1764  upnphost - ok
20:09:52.0920 1764  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:09:52.0930 1764  usbccgp - ok
20:09:52.0948 1764  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:09:52.0960 1764  usbcir - ok
20:09:52.0974 1764  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:09:52.0983 1764  usbehci - ok
20:09:53.0008 1764  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:09:53.0021 1764  usbhub - ok
20:09:53.0031 1764  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:09:53.0040 1764  usbohci - ok
20:09:53.0057 1764  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:09:53.0069 1764  usbprint - ok
20:09:53.0089 1764  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:09:53.0101 1764  usbscan - ok
20:09:53.0109 1764  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:09:53.0119 1764  USBSTOR - ok
20:09:53.0134 1764  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:09:53.0143 1764  usbuhci - ok
20:09:53.0176 1764  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:09:53.0205 1764  UxSms - ok
20:09:53.0212 1764  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:09:53.0221 1764  VaultSvc - ok
20:09:53.0238 1764  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:09:53.0246 1764  vdrvroot - ok
20:09:53.0273 1764  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:09:53.0306 1764  vds - ok
20:09:53.0317 1764  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:09:53.0328 1764  vga - ok
20:09:53.0336 1764  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:09:53.0364 1764  VgaSave - ok
20:09:53.0377 1764  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:09:53.0388 1764  vhdmp - ok
20:09:53.0402 1764  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:09:53.0412 1764  viaide - ok
20:09:53.0435 1764  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:09:53.0446 1764  vmbus - ok
20:09:53.0464 1764  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:09:53.0474 1764  VMBusHID - ok
20:09:53.0488 1764  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:09:53.0497 1764  volmgr - ok
20:09:53.0512 1764  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:09:53.0526 1764  volmgrx - ok
20:09:53.0543 1764  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:09:53.0557 1764  volsnap - ok
20:09:53.0587 1764  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:09:53.0597 1764  vsmraid - ok
20:09:53.0630 1764  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:09:53.0688 1764  VSS - ok
20:09:53.0705 1764  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:09:53.0716 1764  vwifibus - ok
20:09:53.0735 1764  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:09:53.0769 1764  W32Time - ok
20:09:53.0785 1764  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:09:53.0793 1764  WacomPen - ok
20:09:53.0812 1764  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:09:53.0839 1764  WANARP - ok
20:09:53.0843 1764  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:09:53.0869 1764  Wanarpv6 - ok
20:09:53.0954 1764  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:09:53.0993 1764  wbengine - ok
20:09:54.0013 1764  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:09:54.0030 1764  WbioSrvc - ok
20:09:54.0048 1764  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:09:54.0065 1764  wcncsvc - ok
20:09:54.0077 1764  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:09:54.0087 1764  WcsPlugInService - ok
20:09:54.0112 1764  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
20:09:54.0121 1764  Wd - ok
20:09:54.0164 1764  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:09:54.0186 1764  Wdf01000 - ok
20:09:54.0200 1764  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:09:54.0215 1764  WdiServiceHost - ok
20:09:54.0219 1764  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:09:54.0234 1764  WdiSystemHost - ok
20:09:54.0248 1764  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:09:54.0264 1764  WebClient - ok
20:09:54.0273 1764  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:09:54.0306 1764  Wecsvc - ok
20:09:54.0321 1764  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:09:54.0351 1764  wercplsupport - ok
20:09:54.0388 1764  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:09:54.0417 1764  WerSvc - ok
20:09:54.0441 1764  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:09:54.0469 1764  WfpLwf - ok
20:09:54.0485 1764  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:09:54.0494 1764  WIMMount - ok
20:09:54.0506 1764  WinDefend - ok
20:09:54.0510 1764  WinHttpAutoProxySvc - ok
20:09:54.0554 1764  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:09:54.0585 1764  Winmgmt - ok
20:09:54.0622 1764  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:09:54.0689 1764  WinRM - ok
20:09:54.0724 1764  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:09:54.0735 1764  WinUsb - ok
20:09:54.0770 1764  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:09:54.0795 1764  Wlansvc - ok
20:09:54.0902 1764  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:09:54.0956 1764  wlidsvc - ok
20:09:54.0980 1764  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:09:54.0990 1764  WmiAcpi - ok
20:09:55.0023 1764  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:09:55.0035 1764  wmiApSrv - ok
20:09:55.0061 1764  WMPNetworkSvc - ok
20:09:55.0085 1764  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:09:55.0095 1764  WPCSvc - ok
20:09:55.0110 1764  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:09:55.0121 1764  WPDBusEnum - ok
20:09:55.0136 1764  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:09:55.0162 1764  ws2ifsl - ok
20:09:55.0173 1764  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
20:09:55.0188 1764  wscsvc - ok
20:09:55.0191 1764  WSearch - ok
20:09:55.0255 1764  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:09:55.0316 1764  wuauserv - ok
20:09:55.0348 1764  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:09:55.0360 1764  WudfPf - ok
20:09:55.0387 1764  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:09:55.0397 1764  WUDFRd - ok
20:09:55.0405 1764  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:09:55.0415 1764  wudfsvc - ok
20:09:55.0429 1764  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:09:55.0446 1764  WwanSvc - ok
20:09:55.0497 1764  X6va011 - ok
20:09:55.0509 1764  ================ Scan global ===============================
20:09:55.0525 1764  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:09:55.0572 1764  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:09:55.0579 1764  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:09:55.0592 1764  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:09:55.0614 1764  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:09:55.0617 1764  [Global] - ok
20:09:55.0617 1764  ================ Scan MBR ==================================
20:09:55.0625 1764  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:09:55.0789 1764  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:09:55.0789 1764  \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:09:55.0790 1764  ================ Scan VBR ==================================
20:09:55.0793 1764  [ 558B38A28B86203AFC18D2D1E882F66E ] \Device\Harddisk0\DR0\Partition1
20:09:55.0794 1764  \Device\Harddisk0\DR0\Partition1 - ok
20:09:55.0819 1764  [ F875E74C215660D7658A9CD9073FEA34 ] \Device\Harddisk0\DR0\Partition2
20:09:55.0820 1764  \Device\Harddisk0\DR0\Partition2 - ok
20:09:55.0820 1764  ============================================================
20:09:55.0820 1764  Scan finished
20:09:55.0820 1764  ============================================================
20:09:55.0830 5668  Detected object count: 2
20:09:55.0830 5668  Actual detected object count: 2
20:10:13.0403 5668  sptd ( LockedFile.Multi.Generic ) - skipped by user
20:10:13.0403 5668  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
20:10:13.0405 5668  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:10:13.0405 5668  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
20:10:59.0634 5960  Deinitialize success

nvm... ich depp....
der scan vom asw war noch garned fertig. man kann dennoch schon nen log speichern lol ^^ sry
dauert noch etwas scheinbar


jetzt aber:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-30 20:11:25
-----------------------------
20:11:25.224    OS Version: Windows x64 6.1.7601 Service Pack 1
20:11:25.224    Number of processors: 4 586 0x402
20:11:25.224    ComputerName: CHRIS-PC  UserName: Chris
20:11:28.585    Initialize success
20:17:29.252    AVAST engine defs: 13033000
20:27:34.122    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:27:34.123    Disk 0 Vendor: ST3500418AS CC35 Size: 476940MB BusType: 3
20:27:34.155    Disk 0 MBR read successfully
20:27:34.157    Disk 0 MBR scan
20:27:34.172    Disk 0 Windows 7 default MBR code
20:27:34.185    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:27:34.198    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
20:27:34.231    Disk 0 scanning C:\Windows\system32\drivers
20:27:46.889    Service scanning
20:28:07.132    Modules scanning
20:28:07.136    Disk 0 trace - called modules:
20:28:07.152    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8009a2f2c0]<<spso.sys ataport.SYS pciide.sys 
20:28:07.154    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800abe2060]
20:28:07.158    3 CLASSPNP.SYS[fffff880013ca43f] -> nt!IofCallDriver -> [0xfffffa8009b74520]
20:28:07.162    5 ACPI.sys[fffff880010437a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8009b76060]
20:28:07.169    \Driver\atapi[0xfffffa8009b5b060] -> IRP_MJ_CREATE -> 0xfffffa8009a2f2c0
20:28:10.466    AVAST engine scan C:\Windows
20:28:14.554    AVAST engine scan C:\Windows\system32
20:32:11.065    AVAST engine scan C:\Windows\system32\drivers
20:32:23.123    AVAST engine scan C:\Users\Chris
20:35:11.761    Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
20:41:44.876    AVAST engine scan C:\ProgramData
20:45:53.973    Scan finished successfully
20:47:56.329    Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
20:47:56.333    The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
20:48:24.019    Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
20:48:24.023    The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
Geändert von Chrisman (30.03.2013 um 20:54 Uhr)

Alt 30.03.2013, 21:14   #10
DerJazzer
/// Malwareteam
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Hi

dacht ich's mir doch - das ist noch ein blinder Passagier drauf. Mal schauen ob wir den verjagen können:

Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
C:\Users\Chris\AppData\Roaming\Ageqy
C:\Users\Chris\AppData\Roaming\Cyape
C:\Users\Chris\AppData\Roaming\Goefn
C:\Users\Chris\AppData\Roaming\Ryuz
C:\Users\Chris\AppData\Roaming\Ugyku
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2

Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan. Mache während dem Scan nichts am Rechner
  • Gehe sicher das bei
    Zitat:
    TDSS File System
    Cure ( default ) angehakt ist ! Bei
    Zitat:
    sptd
    wähle Skip.
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt Poste den Inhalt bitte hier in deinen Thread.

Schritt 3

Ein neues Gmer-Log bitte.

Schritt 4

Ein neues (weiteres) TDSSKiller-Log.

Schritt 5

Zum Schluss ein neues aswMBR-Log.

Bitte poste in deiner nächsten Antwort
  • OTL-Fixlog
  • TDSSKiller-Log nach dem Reboot
  • Gmer-Log
  • ein weiteres neues TDSSKiller-Log
  • aswMBR.txt

Die MBR.dat auf deinem Desktop ist ein Backup. Bitte erstmal nicht löschen!
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 31.03.2013, 10:46   #11
Chrisman
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Ok ich glaube wir sind an einem Punkt angelangt wo es schwierig wird.

OTL hat nicht funktioniert, siehe Log.

TDSS hat auch nicht funktioniert. Bzw. schon funktioniert aber die Option Cure hatte ich nicht, siehe beiliegender Screenshot.

OTL LOG:
Code:
ATTFilter
Error: Unable to interpret <C:\Users\Chris\AppData\Roaming\Ageqy> in the current context!
Error: Unable to interpret <C:\Users\Chris\AppData\Roaming\Cyape> in the current context!
Error: Unable to interpret <C:\Users\Chris\AppData\Roaming\Goefn> in the current context!
Error: Unable to interpret <C:\Users\Chris\AppData\Roaming\Ryuz> in the current context!
Error: Unable to interpret <C:\Users\Chris\AppData\Roaming\Ugyku> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03312013_111251
TDSSKILLER LOG:

Code:
ATTFilter
11:16:33.0660 2792  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:16:33.0823 2792  ============================================================
11:16:33.0824 2792  Current date / time: 2013/03/31 11:16:33.0823
11:16:33.0824 2792  SystemInfo:
11:16:33.0824 2792  
11:16:33.0824 2792  OS Version: 6.1.7601 ServicePack: 1.0
11:16:33.0824 2792  Product type: Workstation
11:16:33.0824 2792  ComputerName: CHRIS-PC
11:16:33.0824 2792  UserName: Chris
11:16:33.0824 2792  Windows directory: C:\Windows
11:16:33.0824 2792  System windows directory: C:\Windows
11:16:33.0824 2792  Running under WOW64
11:16:33.0824 2792  Processor architecture: Intel x64
11:16:33.0824 2792  Number of processors: 4
11:16:33.0824 2792  Page size: 0x1000
11:16:33.0824 2792  Boot type: Normal boot
11:16:33.0824 2792  ============================================================
11:16:34.0690 2792  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:16:34.0693 2792  ============================================================
11:16:34.0693 2792  \Device\Harddisk0\DR0:
11:16:34.0693 2792  MBR partitions:
11:16:34.0693 2792  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:16:34.0693 2792  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
11:16:34.0693 2792  ============================================================
11:16:34.0722 2792  C: <-> \Device\Harddisk0\DR0\Partition2
11:16:34.0722 2792  ============================================================
11:16:34.0722 2792  Initialize success
11:16:34.0722 2792  ============================================================
11:16:47.0421 1352  ============================================================
11:16:47.0421 1352  Scan started
11:16:47.0421 1352  Mode: Manual; SigCheck; TDLFS; 
11:16:47.0421 1352  ============================================================
11:16:48.0253 1352  ================ Scan system memory ========================
11:16:48.0253 1352  System memory - ok
11:16:48.0253 1352  ================ Scan services =============================
11:16:48.0334 1352  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
11:16:48.0371 1352  1394ohci - ok
11:16:48.0381 1352  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:16:48.0393 1352  ACPI - ok
11:16:48.0403 1352  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:16:48.0414 1352  AcpiPmi - ok
11:16:48.0485 1352  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:16:48.0494 1352  AdobeARMservice - ok
11:16:48.0601 1352  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:16:48.0612 1352  AdobeFlashPlayerUpdateSvc - ok
11:16:48.0642 1352  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:16:48.0656 1352  adp94xx - ok
11:16:48.0678 1352  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:16:48.0690 1352  adpahci - ok
11:16:48.0704 1352  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:16:48.0714 1352  adpu320 - ok
11:16:48.0739 1352  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:16:48.0766 1352  AeLookupSvc - ok
11:16:48.0830 1352  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
11:16:48.0842 1352  AFD - ok
11:16:48.0864 1352  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:16:48.0873 1352  agp440 - ok
11:16:48.0882 1352  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:16:48.0892 1352  ALG - ok
11:16:48.0913 1352  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:16:48.0921 1352  aliide - ok
11:16:48.0946 1352  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:16:48.0960 1352  AMD External Events Utility - ok
11:16:49.0011 1352  AMD FUEL Service - ok
11:16:49.0025 1352  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:16:49.0034 1352  amdide - ok
11:16:49.0051 1352  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
11:16:49.0062 1352  amdiox64 - ok
11:16:49.0086 1352  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:16:49.0095 1352  AmdK8 - ok
11:16:49.0239 1352  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
11:16:49.0340 1352  amdkmdag - ok
11:16:49.0370 1352  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
11:16:49.0383 1352  amdkmdap - ok
11:16:49.0408 1352  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:16:49.0417 1352  AmdPPM - ok
11:16:49.0444 1352  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:16:49.0454 1352  amdsata - ok
11:16:49.0469 1352  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:16:49.0479 1352  amdsbs - ok
11:16:49.0492 1352  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:16:49.0501 1352  amdxata - ok
11:16:49.0552 1352  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:16:49.0561 1352  AntiVirSchedulerService - ok
11:16:49.0568 1352  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:16:49.0576 1352  AntiVirService - ok
11:16:49.0611 1352  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:16:49.0619 1352  AODDriver4.01 - ok
11:16:49.0635 1352  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:16:49.0642 1352  AODDriver4.2 - ok
11:16:49.0663 1352  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:16:49.0688 1352  AppID - ok
11:16:49.0708 1352  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:16:49.0734 1352  AppIDSvc - ok
11:16:49.0741 1352  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
11:16:49.0766 1352  Appinfo - ok
11:16:49.0811 1352  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:16:49.0821 1352  AppMgmt - ok
11:16:49.0831 1352  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
11:16:49.0840 1352  arc - ok
11:16:49.0857 1352  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:16:49.0867 1352  arcsas - ok
11:16:49.0910 1352  aspnet_state - ok
11:16:49.0928 1352  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:16:49.0953 1352  AsyncMac - ok
11:16:49.0958 1352  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:16:49.0967 1352  atapi - ok
11:16:50.0011 1352  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:16:50.0019 1352  AtiHDAudioService - ok
11:16:50.0180 1352  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
11:16:50.0282 1352  atikmdag - ok
11:16:50.0318 1352  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:16:50.0348 1352  AudioEndpointBuilder - ok
11:16:50.0357 1352  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:16:50.0387 1352  AudioSrv - ok
11:16:50.0409 1352  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:16:50.0418 1352  avgntflt - ok
11:16:50.0426 1352  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:16:50.0435 1352  avipbb - ok
11:16:50.0443 1352  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:16:50.0451 1352  avkmgr - ok
11:16:50.0469 1352  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:16:50.0482 1352  AxInstSV - ok
11:16:50.0521 1352  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
11:16:50.0532 1352  b06bdrv - ok
11:16:50.0572 1352  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:16:50.0582 1352  b57nd60a - ok
11:16:50.0604 1352  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:16:50.0613 1352  BDESVC - ok
11:16:50.0622 1352  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:16:50.0648 1352  Beep - ok
11:16:50.0671 1352  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:16:50.0701 1352  BFE - ok
11:16:50.0730 1352  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
11:16:50.0762 1352  BITS - ok
11:16:50.0793 1352  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:16:50.0802 1352  blbdrive - ok
11:16:50.0813 1352  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:16:50.0821 1352  bowser - ok
11:16:50.0876 1352  BRDriver64 - ok
11:16:50.0894 1352  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:16:50.0904 1352  BrFiltLo - ok
11:16:50.0907 1352  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:16:50.0918 1352  BrFiltUp - ok
11:16:50.0931 1352  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
11:16:50.0958 1352  BridgeMP - ok
11:16:51.0005 1352  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:16:51.0014 1352  Browser - ok
11:16:51.0029 1352  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:16:51.0040 1352  Brserid - ok
11:16:51.0051 1352  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:16:51.0062 1352  BrSerWdm - ok
11:16:51.0126 1352  [ A26AB8E6852D72CE129C3C3A61A21FEA ] BRSptSvc        C:\programdata\bitraider\BRSptSvc.exe
11:16:51.0144 1352  BRSptSvc - ok
11:16:51.0166 1352  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:16:51.0177 1352  BrUsbMdm - ok
11:16:51.0180 1352  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:16:51.0188 1352  BrUsbSer - ok
11:16:51.0277 1352  [ 173BBAE8027339608CBD5C5369BCDDDD ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
11:16:51.0290 1352  BstHdAndroidSvc - ok
11:16:51.0333 1352  [ 6EE2AB13C21AFE72E8622304CFAF97B5 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
11:16:51.0341 1352  BstHdDrv - ok
11:16:51.0380 1352  [ D9BD54860A00FE88B660D26E66EB075A ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
11:16:51.0393 1352  BstHdLogRotatorSvc - ok
11:16:51.0414 1352  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:16:51.0425 1352  BTHMODEM - ok
11:16:51.0461 1352  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:16:51.0487 1352  bthserv - ok
11:16:51.0499 1352  catchme - ok
11:16:51.0508 1352  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:16:51.0534 1352  cdfs - ok
11:16:51.0568 1352  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:16:51.0578 1352  cdrom - ok
11:16:51.0599 1352  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:16:51.0624 1352  CertPropSvc - ok
11:16:51.0643 1352  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
11:16:51.0654 1352  circlass - ok
11:16:51.0673 1352  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:16:51.0685 1352  CLFS - ok
11:16:51.0709 1352  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:16:51.0717 1352  clr_optimization_v2.0.50727_32 - ok
11:16:51.0752 1352  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:16:51.0760 1352  clr_optimization_v2.0.50727_64 - ok
11:16:51.0804 1352  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:16:51.0812 1352  clr_optimization_v4.0.30319_32 - ok
11:16:51.0847 1352  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:16:51.0855 1352  clr_optimization_v4.0.30319_64 - ok
11:16:51.0880 1352  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
11:16:51.0888 1352  CmBatt - ok
11:16:51.0906 1352  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:16:51.0915 1352  cmdide - ok
11:16:51.0947 1352  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
11:16:51.0966 1352  CNG - ok
11:16:51.0987 1352  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:16:51.0996 1352  Compbatt - ok
11:16:52.0013 1352  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
11:16:52.0024 1352  CompositeBus - ok
11:16:52.0029 1352  COMSysApp - ok
11:16:52.0038 1352  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:16:52.0047 1352  crcdisk - ok
11:16:52.0096 1352  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:16:52.0106 1352  CryptSvc - ok
11:16:52.0149 1352  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
11:16:52.0161 1352  CSC - ok
11:16:52.0179 1352  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
11:16:52.0193 1352  CscService - ok
11:16:52.0363 1352  [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc    C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
11:16:52.0370 1352  DAUpdaterSvc - ok
11:16:52.0406 1352  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:16:52.0435 1352  DcomLaunch - ok
11:16:52.0476 1352  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:16:52.0505 1352  defragsvc - ok
11:16:52.0512 1352  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:16:52.0538 1352  DfsC - ok
11:16:52.0581 1352  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
11:16:52.0590 1352  dg_ssudbus - ok
11:16:52.0606 1352  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:16:52.0617 1352  Dhcp - ok
11:16:52.0641 1352  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:16:52.0667 1352  discache - ok
11:16:52.0681 1352  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
11:16:52.0690 1352  Disk - ok
11:16:52.0715 1352  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
11:16:52.0724 1352  dmvsc - ok
11:16:52.0755 1352  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:16:52.0764 1352  Dnscache - ok
11:16:52.0798 1352  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:16:52.0825 1352  dot3svc - ok
11:16:52.0854 1352  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:16:52.0879 1352  DPS - ok
11:16:52.0901 1352  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:16:52.0911 1352  drmkaud - ok
11:16:52.0942 1352  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:16:52.0960 1352  DXGKrnl - ok
11:16:52.0980 1352  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:16:53.0007 1352  EapHost - ok
11:16:53.0313 1352  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
11:16:53.0348 1352  ebdrv - ok
11:16:53.0371 1352  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:16:53.0382 1352  EFS - ok
11:16:53.0416 1352  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:16:53.0430 1352  ehRecvr - ok
11:16:53.0439 1352  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:16:53.0449 1352  ehSched - ok
11:16:53.0487 1352  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:16:53.0501 1352  elxstor - ok
11:16:53.0517 1352  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:16:53.0526 1352  ErrDev - ok
11:16:53.0570 1352  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:16:53.0599 1352  EventSystem - ok
11:16:53.0613 1352  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:16:53.0640 1352  exfat - ok
11:16:53.0663 1352  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:16:53.0690 1352  fastfat - ok
11:16:53.0726 1352  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:16:53.0739 1352  Fax - ok
11:16:53.0758 1352  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:16:53.0767 1352  fdc - ok
11:16:53.0784 1352  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:16:53.0810 1352  fdPHost - ok
11:16:53.0823 1352  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:16:53.0849 1352  FDResPub - ok
11:16:53.0856 1352  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:16:53.0866 1352  FileInfo - ok
11:16:53.0882 1352  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:16:53.0907 1352  Filetrace - ok
11:16:53.0932 1352  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:16:53.0941 1352  flpydisk - ok
11:16:53.0952 1352  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:16:53.0964 1352  FltMgr - ok
11:16:54.0012 1352  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
11:16:54.0030 1352  FontCache - ok
11:16:54.0064 1352  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:16:54.0072 1352  FontCache3.0.0.0 - ok
11:16:54.0089 1352  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:16:54.0098 1352  FsDepends - ok
11:16:54.0147 1352  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:16:54.0155 1352  Fs_Rec - ok
11:16:54.0183 1352  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:16:54.0196 1352  fvevol - ok
11:16:54.0217 1352  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:16:54.0226 1352  gagp30kx - ok
11:16:54.0259 1352  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:16:54.0290 1352  gpsvc - ok
11:16:54.0299 1352  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:16:54.0308 1352  hcw85cir - ok
11:16:54.0343 1352  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:16:54.0356 1352  HdAudAddService - ok
11:16:54.0379 1352  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:16:54.0390 1352  HDAudBus - ok
11:16:54.0405 1352  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
11:16:54.0413 1352  HidBatt - ok
11:16:54.0424 1352  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:16:54.0435 1352  HidBth - ok
11:16:54.0444 1352  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:16:54.0455 1352  HidIr - ok
11:16:54.0482 1352  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
11:16:54.0508 1352  hidserv - ok
11:16:54.0544 1352  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:16:54.0553 1352  HidUsb - ok
11:16:54.0574 1352  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:16:54.0600 1352  hkmsvc - ok
11:16:54.0609 1352  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:16:54.0619 1352  HomeGroupListener - ok
11:16:54.0643 1352  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:16:54.0653 1352  HomeGroupProvider - ok
11:16:54.0661 1352  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:16:54.0671 1352  HpSAMD - ok
11:16:54.0694 1352  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:16:54.0725 1352  HTTP - ok
11:16:54.0732 1352  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:16:54.0740 1352  hwpolicy - ok
11:16:54.0759 1352  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:16:54.0768 1352  i8042prt - ok
11:16:54.0797 1352  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:16:54.0810 1352  iaStorV - ok
11:16:54.0863 1352  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:16:54.0879 1352  idsvc - ok
11:16:54.0892 1352  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:16:54.0901 1352  iirsp - ok
11:16:54.0930 1352  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:16:54.0961 1352  IKEEXT - ok
11:16:54.0981 1352  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:16:54.0989 1352  intelide - ok
11:16:55.0010 1352  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
11:16:55.0019 1352  intelppm - ok
11:16:55.0040 1352  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:16:55.0066 1352  IPBusEnum - ok
11:16:55.0081 1352  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:16:55.0106 1352  IpFilterDriver - ok
11:16:55.0207 1352  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:16:55.0220 1352  iphlpsvc - ok
11:16:55.0234 1352  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:16:55.0243 1352  IPMIDRV - ok
11:16:55.0268 1352  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:16:55.0294 1352  IPNAT - ok
11:16:55.0318 1352  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:16:55.0331 1352  IRENUM - ok
11:16:55.0342 1352  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:16:55.0350 1352  isapnp - ok
11:16:55.0363 1352  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:16:55.0374 1352  iScsiPrt - ok
11:16:55.0398 1352  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:16:55.0407 1352  kbdclass - ok
11:16:55.0428 1352  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:16:55.0437 1352  kbdhid - ok
11:16:55.0445 1352  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:16:55.0454 1352  KeyIso - ok
11:16:55.0482 1352  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:16:55.0492 1352  KSecDD - ok
11:16:55.0536 1352  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:16:55.0546 1352  KSecPkg - ok
11:16:55.0557 1352  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:16:55.0582 1352  ksthunk - ok
11:16:55.0601 1352  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:16:55.0630 1352  KtmRm - ok
11:16:55.0677 1352  [ B8E670D7EF61615FA03104552854FAC9 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
11:16:55.0684 1352  L1E - ok
11:16:55.0755 1352  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
11:16:55.0783 1352  LanmanServer - ok
11:16:55.0787 1352  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:16:55.0813 1352  LanmanWorkstation - ok
11:16:55.0886 1352  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
11:16:55.0898 1352  LBTServ - ok
11:16:55.0923 1352  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
11:16:55.0931 1352  LGBusEnum - ok
11:16:55.0946 1352  [ F705A641C18DF31B48B5DBDA94B425E4 ] LGPBTDD         C:\Windows\system32\Drivers\LGPBTDD.sys
11:16:55.0953 1352  LGPBTDD - ok
11:16:55.0976 1352  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
11:16:55.0983 1352  LGVirHid - ok
11:16:56.0019 1352  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:16:56.0028 1352  LHidFilt - ok
11:16:56.0056 1352  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:16:56.0082 1352  lltdio - ok
11:16:56.0106 1352  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:16:56.0135 1352  lltdsvc - ok
11:16:56.0161 1352  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:16:56.0187 1352  lmhosts - ok
11:16:56.0200 1352  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:16:56.0208 1352  LMouFilt - ok
11:16:56.0239 1352  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:16:56.0248 1352  LSI_FC - ok
11:16:56.0258 1352  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:16:56.0267 1352  LSI_SAS - ok
11:16:56.0278 1352  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:16:56.0287 1352  LSI_SAS2 - ok
11:16:56.0295 1352  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:16:56.0304 1352  LSI_SCSI - ok
11:16:56.0326 1352  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:16:56.0353 1352  luafv - ok
11:16:56.0389 1352  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:16:56.0397 1352  MBAMProtector - ok
11:16:56.0440 1352  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:16:56.0451 1352  MBAMScheduler - ok
11:16:56.0482 1352  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:16:56.0496 1352  MBAMService - ok
11:16:56.0587 1352  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
11:16:56.0597 1352  McComponentHostService - ok
11:16:56.0621 1352  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:16:56.0631 1352  Mcx2Svc - ok
11:16:56.0654 1352  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:16:56.0663 1352  megasas - ok
11:16:56.0693 1352  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:16:56.0704 1352  MegaSR - ok
11:16:56.0734 1352  [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
11:16:56.0741 1352  MemeoBackgroundService - ok
11:16:56.0787 1352  Microsoft SharePoint Workspace Audit Service - ok
11:16:56.0806 1352  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:16:56.0832 1352  MMCSS - ok
11:16:56.0859 1352  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:16:56.0884 1352  Modem - ok
11:16:56.0899 1352  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:16:56.0909 1352  monitor - ok
11:16:56.0926 1352  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:16:56.0935 1352  mouclass - ok
11:16:56.0947 1352  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:16:56.0957 1352  mouhid - ok
11:16:56.0963 1352  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:16:56.0972 1352  mountmgr - ok
11:16:57.0022 1352  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:16:57.0031 1352  MozillaMaintenance - ok
11:16:57.0053 1352  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:16:57.0063 1352  mpio - ok
11:16:57.0078 1352  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:16:57.0104 1352  mpsdrv - ok
11:16:57.0179 1352  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:16:57.0210 1352  MpsSvc - ok
11:16:57.0241 1352  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:16:57.0254 1352  MRxDAV - ok
11:16:57.0350 1352  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:16:57.0359 1352  mrxsmb - ok
11:16:57.0394 1352  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:16:57.0405 1352  mrxsmb10 - ok
11:16:57.0435 1352  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:16:57.0444 1352  mrxsmb20 - ok
11:16:57.0461 1352  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:16:57.0469 1352  msahci - ok
11:16:57.0493 1352  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:16:57.0503 1352  msdsm - ok
11:16:57.0519 1352  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:16:57.0529 1352  MSDTC - ok
11:16:57.0554 1352  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:16:57.0579 1352  Msfs - ok
11:16:57.0592 1352  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:16:57.0618 1352  mshidkmdf - ok
11:16:57.0636 1352  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:16:57.0645 1352  msisadrv - ok
11:16:57.0697 1352  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:16:57.0724 1352  MSiSCSI - ok
11:16:57.0727 1352  msiserver - ok
11:16:57.0765 1352  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:16:57.0791 1352  MSKSSRV - ok
11:16:57.0798 1352  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:16:57.0823 1352  MSPCLOCK - ok
11:16:57.0826 1352  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:16:57.0852 1352  MSPQM - ok
11:16:57.0891 1352  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:16:57.0903 1352  MsRPC - ok
11:16:57.0931 1352  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:16:57.0939 1352  mssmbios - ok
11:16:57.0977 1352  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:16:58.0003 1352  MSTEE - ok
11:16:58.0006 1352  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:16:58.0015 1352  MTConfig - ok
11:16:58.0039 1352  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
11:16:58.0046 1352  MTsensor - ok
11:16:58.0056 1352  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:16:58.0065 1352  Mup - ok
11:16:58.0211 1352  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:16:58.0239 1352  napagent - ok
11:16:58.0294 1352  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:16:58.0309 1352  NativeWifiP - ok
11:16:58.0403 1352  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:16:58.0421 1352  NDIS - ok
11:16:58.0436 1352  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:16:58.0462 1352  NdisCap - ok
11:16:58.0476 1352  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:16:58.0502 1352  NdisTapi - ok
11:16:58.0513 1352  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:16:58.0538 1352  Ndisuio - ok
11:16:58.0572 1352  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:16:58.0598 1352  NdisWan - ok
11:16:58.0626 1352  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:16:58.0651 1352  NDProxy - ok
11:16:58.0668 1352  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:16:58.0694 1352  NetBIOS - ok
11:16:58.0766 1352  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:16:58.0793 1352  NetBT - ok
11:16:58.0841 1352  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:16:58.0850 1352  Netlogon - ok
11:16:58.0888 1352  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:16:58.0917 1352  Netman - ok
11:16:58.0958 1352  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:16:58.0988 1352  netprofm - ok
11:16:59.0017 1352  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:16:59.0025 1352  NetTcpPortSharing - ok
11:16:59.0049 1352  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:16:59.0058 1352  nfrd960 - ok
11:16:59.0079 1352  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:16:59.0090 1352  NlaSvc - ok
11:16:59.0096 1352  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:16:59.0121 1352  Npfs - ok
11:16:59.0140 1352  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:16:59.0166 1352  nsi - ok
11:16:59.0190 1352  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:16:59.0216 1352  nsiproxy - ok
11:16:59.0321 1352  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:16:59.0347 1352  Ntfs - ok
11:16:59.0364 1352  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:16:59.0390 1352  Null - ok
11:16:59.0419 1352  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:16:59.0429 1352  nvraid - ok
11:16:59.0459 1352  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:16:59.0469 1352  nvstor - ok
11:16:59.0482 1352  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:16:59.0491 1352  nv_agp - ok
11:16:59.0501 1352  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:16:59.0510 1352  ohci1394 - ok
11:16:59.0573 1352  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:16:59.0581 1352  ose - ok
11:16:59.0676 1352  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:16:59.0738 1352  osppsvc - ok
11:16:59.0823 1352  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:16:59.0835 1352  p2pimsvc - ok
11:16:59.0850 1352  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:16:59.0862 1352  p2psvc - ok
11:16:59.0888 1352  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
11:16:59.0898 1352  Parport - ok
11:16:59.0935 1352  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:16:59.0945 1352  partmgr - ok
11:16:59.0980 1352  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:16:59.0994 1352  PcaSvc - ok
11:17:00.0018 1352  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:17:00.0028 1352  pci - ok
11:17:00.0050 1352  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:17:00.0059 1352  pciide - ok
11:17:00.0073 1352  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:17:00.0083 1352  pcmcia - ok
11:17:00.0096 1352  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:17:00.0105 1352  pcw - ok
11:17:00.0243 1352  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:17:00.0274 1352  PEAUTH - ok
11:17:00.0385 1352  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
11:17:00.0404 1352  PeerDistSvc - ok
11:17:00.0551 1352  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:17:00.0561 1352  PerfHost - ok
11:17:00.0665 1352  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:17:00.0701 1352  pla - ok
11:17:00.0732 1352  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:17:00.0744 1352  PlugPlay - ok
11:17:00.0765 1352  PnkBstrA - ok
11:17:00.0781 1352  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:17:00.0791 1352  PNRPAutoReg - ok
11:17:00.0815 1352  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:17:00.0827 1352  PNRPsvc - ok
11:17:00.0856 1352  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:17:00.0886 1352  PolicyAgent - ok
11:17:00.0967 1352  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
11:17:00.0996 1352  Power - ok
11:17:01.0028 1352  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:17:01.0054 1352  PptpMiniport - ok
11:17:01.0073 1352  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
11:17:01.0082 1352  Processor - ok
11:17:01.0124 1352  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:17:01.0135 1352  ProfSvc - ok
11:17:01.0155 1352  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:17:01.0164 1352  ProtectedStorage - ok
11:17:01.0180 1352  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:17:01.0206 1352  Psched - ok
11:17:01.0385 1352  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:17:01.0410 1352  ql2300 - ok
11:17:01.0429 1352  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:17:01.0439 1352  ql40xx - ok
11:17:01.0463 1352  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:17:01.0478 1352  QWAVE - ok
11:17:01.0493 1352  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:17:01.0506 1352  QWAVEdrv - ok
11:17:01.0537 1352  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:17:01.0563 1352  RasAcd - ok
11:17:01.0615 1352  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:17:01.0641 1352  RasAgileVpn - ok
11:17:01.0661 1352  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:17:01.0688 1352  RasAuto - ok
11:17:01.0709 1352  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:17:01.0735 1352  Rasl2tp - ok
11:17:01.0796 1352  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:17:01.0825 1352  RasMan - ok
11:17:01.0843 1352  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:17:01.0869 1352  RasPppoe - ok
11:17:01.0886 1352  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:17:01.0913 1352  RasSstp - ok
11:17:01.0945 1352  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:17:01.0971 1352  rdbss - ok
11:17:01.0987 1352  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:17:01.0998 1352  rdpbus - ok
11:17:02.0035 1352  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:17:02.0061 1352  RDPCDD - ok
11:17:02.0131 1352  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
11:17:02.0140 1352  RDPDR - ok
11:17:02.0174 1352  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:17:02.0200 1352  RDPENCDD - ok
11:17:02.0230 1352  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:17:02.0256 1352  RDPREFMP - ok
11:17:02.0351 1352  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:17:02.0359 1352  RdpVideoMiniport - ok
11:17:02.0399 1352  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:17:02.0409 1352  RDPWD - ok
11:17:02.0426 1352  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:17:02.0436 1352  rdyboost - ok
11:17:02.0462 1352  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:17:02.0489 1352  RemoteAccess - ok
11:17:02.0512 1352  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:17:02.0540 1352  RemoteRegistry - ok
11:17:02.0573 1352  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:17:02.0601 1352  RpcEptMapper - ok
11:17:02.0612 1352  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:17:02.0622 1352  RpcLocator - ok
11:17:02.0646 1352  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:17:02.0675 1352  RpcSs - ok
11:17:02.0779 1352  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:17:02.0805 1352  rspndr - ok
11:17:02.0836 1352  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
11:17:02.0845 1352  s3cap - ok
11:17:02.0853 1352  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:17:02.0862 1352  SamSs - ok
11:17:02.0877 1352  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:17:02.0886 1352  sbp2port - ok
11:17:02.0952 1352  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:17:02.0981 1352  SCardSvr - ok
11:17:03.0003 1352  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:17:03.0029 1352  scfilter - ok
11:17:03.0163 1352  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:17:03.0197 1352  Schedule - ok
11:17:03.0212 1352  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:17:03.0238 1352  SCPolicySvc - ok
11:17:03.0281 1352  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:17:03.0292 1352  SDRSVC - ok
11:17:03.0300 1352  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:17:03.0326 1352  secdrv - ok
11:17:03.0336 1352  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:17:03.0361 1352  seclogon - ok
11:17:03.0389 1352  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
11:17:03.0416 1352  SENS - ok
11:17:03.0455 1352  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:17:03.0465 1352  SensrSvc - ok
11:17:03.0481 1352  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:17:03.0490 1352  Serenum - ok
11:17:03.0498 1352  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:17:03.0507 1352  Serial - ok
11:17:03.0517 1352  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:17:03.0526 1352  sermouse - ok
11:17:03.0548 1352  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:17:03.0576 1352  SessionEnv - ok
11:17:03.0611 1352  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:17:03.0621 1352  sffdisk - ok
11:17:03.0625 1352  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:17:03.0635 1352  sffp_mmc - ok
11:17:03.0639 1352  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:17:03.0650 1352  sffp_sd - ok
11:17:03.0667 1352  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:17:03.0676 1352  sfloppy - ok
11:17:03.0770 1352  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:17:03.0799 1352  SharedAccess - ok
11:17:03.0836 1352  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:17:03.0865 1352  ShellHWDetection - ok
11:17:03.0934 1352  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:17:03.0942 1352  SiSRaid2 - ok
11:17:03.0961 1352  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:17:03.0971 1352  SiSRaid4 - ok
11:17:04.0140 1352  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:17:04.0180 1352  Skype C2C Service - ok
11:17:04.0263 1352  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:17:04.0272 1352  SkypeUpdate - ok
11:17:04.0292 1352  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:17:04.0318 1352  Smb - ok
11:17:04.0361 1352  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:17:04.0371 1352  SNMPTRAP - ok
11:17:04.0376 1352  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:17:04.0384 1352  spldr - ok
11:17:04.0438 1352  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
11:17:04.0452 1352  Spooler - ok
11:17:04.0506 1352  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:17:04.0561 1352  sppsvc - ok
11:17:04.0571 1352  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:17:04.0598 1352  sppuinotify - ok
11:17:04.0677 1352  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
11:17:04.0677 1352  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
11:17:04.0678 1352  sptd ( LockedFile.Multi.Generic ) - warning
11:17:04.0678 1352  sptd - detected LockedFile.Multi.Generic (1)
11:17:04.0701 1352  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:17:04.0713 1352  srv - ok
11:17:04.0731 1352  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:17:04.0742 1352  srv2 - ok
11:17:04.0761 1352  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:17:04.0771 1352  srvnet - ok
11:17:04.0802 1352  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:17:04.0831 1352  SSDPSRV - ok
11:17:04.0871 1352  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:17:04.0899 1352  SstpSvc - ok
11:17:04.0963 1352  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
11:17:04.0973 1352  ssudmdm - ok
11:17:04.0996 1352  Steam Client Service - ok
11:17:05.0007 1352  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:17:05.0016 1352  stexstor - ok
11:17:05.0045 1352  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:17:05.0063 1352  stisvc - ok
11:17:05.0100 1352  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
11:17:05.0109 1352  storflt - ok
11:17:05.0125 1352  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
11:17:05.0134 1352  StorSvc - ok
11:17:05.0205 1352  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
11:17:05.0213 1352  storvsc - ok
11:17:05.0227 1352  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:17:05.0236 1352  swenum - ok
11:17:05.0258 1352  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:17:05.0289 1352  swprv - ok
11:17:05.0327 1352  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:17:05.0354 1352  SysMain - ok
11:17:05.0370 1352  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:17:05.0384 1352  TabletInputService - ok
11:17:05.0430 1352  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:17:05.0458 1352  TapiSrv - ok
11:17:05.0470 1352  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:17:05.0497 1352  TBS - ok
11:17:05.0588 1352  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:17:05.0618 1352  Tcpip - ok
11:17:05.0662 1352  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:17:05.0691 1352  TCPIP6 - ok
11:17:05.0733 1352  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:17:05.0742 1352  tcpipreg - ok
11:17:05.0760 1352  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:17:05.0768 1352  TDPIPE - ok
11:17:05.0800 1352  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:17:05.0808 1352  TDTCP - ok
11:17:05.0819 1352  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:17:05.0845 1352  tdx - ok
11:17:05.0932 1352  [ 33966A658FF37E0C65D46E59F37E2380 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
11:17:05.0972 1352  TeamViewer7 - ok
11:17:05.0984 1352  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:17:05.0993 1352  TermDD - ok
11:17:06.0022 1352  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:17:06.0053 1352  TermService - ok
11:17:06.0069 1352  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:17:06.0083 1352  Themes - ok
11:17:06.0095 1352  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:17:06.0123 1352  THREADORDER - ok
11:17:06.0134 1352  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:17:06.0161 1352  TrkWks - ok
11:17:06.0191 1352  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:17:06.0217 1352  TrustedInstaller - ok
11:17:06.0236 1352  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:17:06.0261 1352  tssecsrv - ok
11:17:06.0308 1352  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:17:06.0316 1352  TsUsbFlt - ok
11:17:06.0330 1352  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
11:17:06.0338 1352  TsUsbGD - ok
11:17:06.0364 1352  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:17:06.0389 1352  tunnel - ok
11:17:06.0401 1352  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:17:06.0410 1352  uagp35 - ok
11:17:06.0423 1352  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:17:06.0450 1352  udfs - ok
11:17:06.0470 1352  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:17:06.0480 1352  UI0Detect - ok
11:17:06.0491 1352  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:17:06.0500 1352  uliagpkx - ok
11:17:06.0515 1352  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:17:06.0524 1352  umbus - ok
11:17:06.0545 1352  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:17:06.0554 1352  UmPass - ok
11:17:06.0572 1352  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
11:17:06.0583 1352  UmRdpService - ok
11:17:06.0602 1352  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:17:06.0632 1352  upnphost - ok
11:17:06.0657 1352  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:17:06.0666 1352  usbccgp - ok
11:17:06.0685 1352  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:17:06.0696 1352  usbcir - ok
11:17:06.0711 1352  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:17:06.0719 1352  usbehci - ok
11:17:06.0745 1352  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:17:06.0755 1352  usbhub - ok
11:17:06.0768 1352  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
11:17:06.0776 1352  usbohci - ok
11:17:06.0794 1352  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:17:06.0809 1352  usbprint - ok
11:17:06.0826 1352  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:17:06.0837 1352  usbscan - ok
11:17:06.0846 1352  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:17:06.0855 1352  USBSTOR - ok
11:17:06.0870 1352  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:17:06.0879 1352  usbuhci - ok
11:17:06.0905 1352  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:17:06.0932 1352  UxSms - ok
11:17:06.0940 1352  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:17:06.0949 1352  VaultSvc - ok
11:17:06.0974 1352  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:17:06.0983 1352  vdrvroot - ok
11:17:07.0001 1352  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:17:07.0031 1352  vds - ok
11:17:07.0046 1352  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:17:07.0056 1352  vga - ok
11:17:07.0065 1352  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:17:07.0090 1352  VgaSave - ok
11:17:07.0113 1352  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:17:07.0124 1352  vhdmp - ok
11:17:07.0139 1352  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:17:07.0148 1352  viaide - ok
11:17:07.0164 1352  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
11:17:07.0174 1352  vmbus - ok
11:17:07.0184 1352  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
11:17:07.0193 1352  VMBusHID - ok
11:17:07.0208 1352  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:17:07.0217 1352  volmgr - ok
11:17:07.0233 1352  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:17:07.0245 1352  volmgrx - ok
11:17:07.0255 1352  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:17:07.0266 1352  volsnap - ok
11:17:07.0298 1352  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:17:07.0308 1352  vsmraid - ok
11:17:07.0342 1352  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:17:07.0381 1352  VSS - ok
11:17:07.0434 1352  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:17:07.0444 1352  vwifibus - ok
11:17:07.0464 1352  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:17:07.0493 1352  W32Time - ok
11:17:07.0505 1352  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:17:07.0514 1352  WacomPen - ok
11:17:07.0532 1352  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:17:07.0557 1352  WANARP - ok
11:17:07.0561 1352  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:17:07.0586 1352  Wanarpv6 - ok
11:17:07.0615 1352  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:17:07.0636 1352  wbengine - ok
11:17:07.0650 1352  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:17:07.0664 1352  WbioSrvc - ok
11:17:07.0676 1352  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:17:07.0693 1352  wcncsvc - ok
11:17:07.0706 1352  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:17:07.0715 1352  WcsPlugInService - ok
11:17:07.0732 1352  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
11:17:07.0740 1352  Wd - ok
11:17:07.0784 1352  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:17:07.0803 1352  Wdf01000 - ok
11:17:07.0812 1352  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:17:07.0825 1352  WdiServiceHost - ok
11:17:07.0829 1352  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:17:07.0842 1352  WdiSystemHost - ok
11:17:07.0859 1352  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
11:17:07.0874 1352  WebClient - ok
11:17:07.0885 1352  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:17:07.0914 1352  Wecsvc - ok
11:17:07.0925 1352  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:17:07.0952 1352  wercplsupport - ok
11:17:07.0966 1352  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:17:07.0995 1352  WerSvc - ok
11:17:08.0011 1352  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:17:08.0037 1352  WfpLwf - ok
11:17:08.0047 1352  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:17:08.0056 1352  WIMMount - ok
11:17:08.0068 1352  WinDefend - ok
11:17:08.0071 1352  WinHttpAutoProxySvc - ok
11:17:08.0108 1352  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:17:08.0136 1352  Winmgmt - ok
11:17:08.0175 1352  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:17:08.0216 1352  WinRM - ok
11:17:08.0244 1352  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:17:08.0255 1352  WinUsb - ok
11:17:08.0274 1352  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:17:08.0294 1352  Wlansvc - ok
11:17:08.0405 1352  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:17:08.0438 1352  wlidsvc - ok
11:17:08.0459 1352  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
11:17:08.0468 1352  WmiAcpi - ok
11:17:08.0494 1352  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:17:08.0505 1352  wmiApSrv - ok
11:17:08.0532 1352  WMPNetworkSvc - ok
11:17:08.0555 1352  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:17:08.0565 1352  WPCSvc - ok
11:17:08.0580 1352  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:17:08.0591 1352  WPDBusEnum - ok
11:17:08.0606 1352  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:17:08.0633 1352  ws2ifsl - ok
11:17:08.0643 1352  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
11:17:08.0657 1352  wscsvc - ok
11:17:08.0660 1352  WSearch - ok
11:17:08.0725 1352  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:17:08.0761 1352  wuauserv - ok
11:17:08.0793 1352  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:17:08.0802 1352  WudfPf - ok
11:17:08.0823 1352  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:17:08.0832 1352  WUDFRd - ok
11:17:08.0842 1352  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:17:08.0852 1352  wudfsvc - ok
11:17:08.0875 1352  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:17:08.0890 1352  WwanSvc - ok
11:17:08.0942 1352  X6va011 - ok
11:17:08.0954 1352  ================ Scan global ===============================
11:17:08.0970 1352  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:17:09.0009 1352  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:17:09.0015 1352  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:17:09.0046 1352  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:17:09.0059 1352  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:17:09.0062 1352  [Global] - ok
11:17:09.0062 1352  ================ Scan MBR ==================================
11:17:09.0070 1352  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:17:09.0226 1352  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:17:09.0226 1352  \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:17:09.0227 1352  ================ Scan VBR ==================================
11:17:09.0252 1352  [ 558B38A28B86203AFC18D2D1E882F66E ] \Device\Harddisk0\DR0\Partition1
11:17:09.0253 1352  \Device\Harddisk0\DR0\Partition1 - ok
11:17:09.0264 1352  [ F875E74C215660D7658A9CD9073FEA34 ] \Device\Harddisk0\DR0\Partition2
11:17:09.0266 1352  \Device\Harddisk0\DR0\Partition2 - ok
11:17:09.0266 1352  ============================================================
11:17:09.0266 1352  Scan finished
11:17:09.0266 1352  ============================================================
11:17:09.0274 2488  Detected object count: 2
11:17:09.0274 2488  Actual detected object count: 2
11:18:17.0547 2488  sptd ( LockedFile.Multi.Generic ) - skipped by user
11:18:17.0547 2488  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
11:18:17.0548 2488  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:18:17.0548 2488  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
11:18:29.0568 4896  Deinitialize success
GMER LOG:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-31 11:23:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC35 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kgloqpod.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload                                                                                            fffff880053a5d64 12 bytes {MOV RAX, 0xfffffa800b38b2a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   00000000759d1465 2 bytes [9D, 75]
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000759d14bb 2 bytes [9D, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                      00000000751b1a22 2 bytes [1B, 75]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                      00000000751b1ad0 2 bytes [1B, 75]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                      00000000751b1b08 2 bytes [1B, 75]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                      00000000751b1bba 2 bytes [1B, 75]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                      00000000751b1bda 2 bytes [1B, 75]
.text   C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    00000000759d1465 2 bytes [9D, 75]
.text   C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000759d14bb 2 bytes [9D, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\BlueStacks\HD-Agent.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 00000000759d1465 2 bytes [9D, 75]
.text   C:\Program Files (x86)\BlueStacks\HD-Agent.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000759d14bb 2 bytes [9D, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               00000000759d1465 2 bytes [9D, 75]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000759d14bb 2 bytes [9D, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\BlueStacks\HD-Service.exe[3616] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                               00000000759d1465 2 bytes [9D, 75]
.text   C:\Program Files (x86)\BlueStacks\HD-Service.exe[3616] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                              00000000759d14bb 2 bytes [9D, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000759d1465 2 bytes [9D, 75]
.text   C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000759d14bb 2 bytes [9D, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          00000000759d1465 2 bytes [9D, 75]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000759d14bb 2 bytes [9D, 75]
.text   ...                                                                                                                                          * 2
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5         0000000077c2f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15        0000000077c2f99b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5                      0000000077c2fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15                     0000000077c2fa17 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5                    0000000077c2fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15                   0000000077c2fb2f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5              0000000077c2fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15             0000000077c2fbdf 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                  0000000077c2fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15                 0000000077c2fc0f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5           0000000077c2fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15          0000000077c2fc27 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5             0000000077c2fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15            0000000077c2fc3f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5           0000000077c2fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15          0000000077c2fc6f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5            0000000077c2fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15           0000000077c2fcef 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5           0000000077c2fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15          0000000077c2fd07 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                     0000000077c2fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                    0000000077c2fd53 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5                  0000000077c2fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15                 0000000077c2fdb7 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5          0000000077c2fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15         0000000077c2fe4b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5                0000000077c2ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15               0000000077c2ff93 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                   0000000077c30099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                  0000000077c300a3 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5                 0000000077c30781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15                0000000077c3078b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5                    0000000077c30ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15                   0000000077c31007 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5                   0000000077c3105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15                  0000000077c31067 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5             0000000077c310a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15            0000000077c310af 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                   0000000077c3111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                  0000000077c31127 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5      0000000077c31321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15     0000000077c3132b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\kernel32.dll!CreateProcessW                  00000000766d103d 5 bytes JMP 0000000100010030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\kernel32.dll!CreateProcessA                  00000000766d1072 5 bytes JMP 0000000100010070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW                  00000000758b119f 5 bytes JMP 0000000100020030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW                    00000000758b11cf 5 bytes JMP 0000000100020070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps                      0000000076414de0 5 bytes JMP 00000001001203b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!SelectObject                       0000000076414f70 5 bytes JMP 00000001001205f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!SetBkMode                          00000000764151a2 5 bytes JMP 00000001001208f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!SetTextColor                       000000007641522d 5 bytes JMP 0000000100120a30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!DeleteObject                       0000000076415689 5 bytes JMP 00000001001201b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!DeleteDC                           00000000764158b3 5 bytes JMP 0000000100120170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!GetCurrentObject                   0000000076416bad 5 bytes JMP 0000000100120370
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!SaveDC                             0000000076416e05 5 bytes JMP 0000000100120570
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!RestoreDC                          0000000076416ead 5 bytes JMP 0000000100120530
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode                  0000000076417180 5 bytes JMP 00000001001206b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!StretchDIBits                      0000000076417435 5 bytes JMP 0000000100120770
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!CreateDCA                          0000000076417bcc 5 bytes JMP 00000001001200b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!IntersectClipRect                  0000000076417dc4 5 bytes JMP 00000001001203f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!GetTextAlign                       0000000076417fd5 5 bytes JMP 0000000100120d70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW                    00000000764182b2 5 bytes JMP 0000000100120e30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!SetTextAlign                       0000000076418401 5 bytes JMP 00000001001209f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn                   000000007641879f 5 bytes JMP 00000001001202f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!SelectClipRgn                      0000000076418916 5 bytes JMP 00000001001205b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!ExtTextOutW                        0000000076418b7a 5 bytes JMP 0000000100120970
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!MoveToEx                           0000000076418ee6 5 bytes JMP 0000000100120470
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!GetFontData                        0000000076419875 5 bytes JMP 0000000100120c70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!GetTextFaceW                       0000000076419936 5 bytes JMP 0000000100120d30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!Rectangle                          000000007641a53a 5 bytes JMP 00000001001209b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!GetClipBox                         000000007641af9f 5 bytes JMP 0000000100120330
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!LineTo                             000000007641b9e5 5 bytes JMP 0000000100120430
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!SetICMMode                         000000007641bd55 5 bytes JMP 0000000100120db0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!CreateICW                          000000007641c040 5 bytes JMP 0000000100120130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W              000000007641c107 5 bytes JMP 0000000100120670
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!SetWorldTransform                  000000007641c269 5 bytes JMP 00000001001206f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA                    000000007641d1f1 5 bytes JMP 0000000100120df0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A              000000007641d349 5 bytes JMP 0000000100120630
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!ExtTextOutA                        000000007641dce4 5 bytes JMP 0000000100120930
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!CreateDCW                          000000007641e743 5 bytes JMP 00000001001200f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!ExtEscape                          00000000764203b7 5 bytes JMP 00000001001202b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!Escape                             0000000076421bda 5 bytes JMP 0000000100120270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!GetTextFaceA                       0000000076421e89 5 bytes JMP 0000000100120cf0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode                    0000000076424843 5 bytes JMP 0000000100120b30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!SetMiterLimit                      0000000076425690 5 bytes JMP 0000000100120b70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!EndPage                            0000000076426bde 5 bytes JMP 0000000100120230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!ResetDCW                           000000007642e2db 5 bytes JMP 0000000100120ab0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW                   000000007643940d 5 bytes JMP 0000000100120cb0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW        000000007643c621 5 bytes JMP 0000000100120bb0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!AddFontResourceW                   000000007643d2b2 5 bytes JMP 0000000100120bf0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW                000000007643d919 5 bytes JMP 0000000100120c30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!AbortDoc                           0000000076443adc 5 bytes JMP 0000000100120030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!EndDoc                             0000000076443f29 5 bytes JMP 00000001001201f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!StartPage                          000000007644401a 5 bytes JMP 0000000100120730
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!StartDocW                          0000000076444c51 5 bytes JMP 00000001001207f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!BeginPath                          00000000764453fd 5 bytes JMP 0000000100120830
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!SelectClipPath                     0000000076445454 5 bytes JMP 0000000100120af0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!CloseFigure                        00000000764454af 5 bytes JMP 0000000100120070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!EndPath                            0000000076445506 5 bytes JMP 0000000100120a70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!StrokePath                         000000007644573f 5 bytes JMP 00000001001207b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!FillPath                           00000000764457d2 5 bytes JMP 0000000100120870
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!PolylineTo                         0000000076445c44 5 bytes JMP 00000001001204f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!PolyBezierTo                       0000000076445cd5 5 bytes JMP 00000001001204b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\GDI32.dll!PolyDraw                           0000000076445d87 5 bytes JMP 00000001001208b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!MapWindowPoints                   0000000075de8c40 5 bytes JMP 0000000100130570
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW          0000000075de9ebd 5 bytes JMP 00000001001302b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA          0000000075df0afa 5 bytes JMP 00000001001302f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!GetClientRect                     0000000075df0c62 7 bytes JMP 00000001001305b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!GetParent                         0000000075df0f68 7 bytes JMP 00000001001306f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!IsWindowVisible                   0000000075df112d 7 bytes JMP 00000001001306b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!PostMessageW                      0000000075df12a5 5 bytes JMP 00000001001305f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!ScreenToClient                    0000000075df227d 7 bytes JMP 0000000100130670
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!MonitorFromWindow                 0000000075df3150 7 bytes JMP 0000000100130630
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!SetCursor                         0000000075df41f6 5 bytes JMP 0000000100130530
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA           0000000075df68ef 5 bytes JMP 0000000100130270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW           0000000075df77fa 5 bytes JMP 0000000100130230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!GetTopWindow                      0000000075df7887 7 bytes JMP 0000000100130730
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable        0000000075df8676 5 bytes JMP 00000001001300f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber        0000000075df8696 5 bytes JMP 0000000100130330
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!CloseClipboard                    0000000075df8e8d 5 bytes JMP 00000001001300b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!OpenClipboard                     0000000075df8ecb 5 bytes JMP 0000000100130070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain              0000000075dfc17b 5 bytes JMP 0000000100130430
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats              0000000075dfc449 5 bytes JMP 00000001001301b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow            0000000075dfc468 5 bytes JMP 00000001001303f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!CountClipboardFormats             0000000075dfc486 5 bytes JMP 00000001001301f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                0000000075dfc4b6 5 bytes JMP 00000001001304b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout            0000000075dfd6c0 5 bytes JMP 00000001001304f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!GetClipboardOwner                 0000000075dfe360 5 bytes JMP 0000000100130370
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!SetClipboardData                  0000000075e28e57 5 bytes JMP 0000000100130170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!SetCursorPos                      0000000075e29cfd 5 bytes JMP 0000000100130770
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!GetClipboardData                  0000000075e29f1d 5 bytes JMP 0000000100130030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!EmptyClipboard                    0000000075e47cb9 5 bytes JMP 0000000100130130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!GetClipboardViewer                0000000075e48111 5 bytes JMP 0000000100130470
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat        0000000075e4832f 5 bytes JMP 00000001001303b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer                0000000075789606 5 bytes JMP 00000001001400f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle            0000000075790581 5 bytes JMP 0000000100140130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext            0000000075790bb9 5 bytes JMP 0000000100140270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken                0000000075790c2e 5 bytes JMP 00000001001401b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA          0000000075790f2e 5 bytes JMP 0000000100140070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA      0000000075791096 5 bytes JMP 00000001001400b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\SspiCli.dll!EncryptMessage                   000000007579124e 5 bytes JMP 00000001001401f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\SspiCli.dll!DecryptMessage                   000000007579129d 5 bytes JMP 0000000100140230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA        0000000075791527 5 bytes JMP 0000000100140030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA       0000000075791590 5 bytes JMP 0000000100140170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\ole32.dll!OleSetClipboard                    0000000076030045 5 bytes JMP 0000000100190030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard              00000000760336b2 5 bytes JMP 0000000100190070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\ole32.dll!OleGetClipboard                    000000007605fdcd 5 bytes JMP 00000001001900b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          00000000759d1465 2 bytes [9D, 75]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000759d14bb 2 bytes [9D, 75]
.text   ...                                                                                                                                          * 2

---- Devices - GMER 2.1 ----

Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                                  fffffa8009af72c0
Device  \Driver\atapi \Device\Ide\IdePort0                                                                                                           fffffa8009af72c0
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2                                                                                                  fffffa8009af72c0
Device  \Driver\atapi \Device\Ide\IdePort1                                                                                                           fffffa8009af72c0
Device  \Driver\atapi \Device\Ide\IdePort2                                                                                                           fffffa8009af72c0
Device  \Driver\atapi \Device\Ide\IdePort3                                                                                                           fffffa8009af72c0
Device  \Driver\ab9ior69 \Device\Scsi\ab9ior691Port4Path0Target1Lun0                                                                                 fffffa800b4732c0
Device  \Driver\ab9ior69 \Device\Scsi\ab9ior691Port4Path0Target0Lun0                                                                                 fffffa800b4732c0
Device  \Driver\ab9ior69 \Device\Scsi\ab9ior691                                                                                                      fffffa800b4732c0
Device  \FileSystem\Ntfs \Ntfs                                                                                                                       fffffa8009afc2c0
Device  \Driver\usbehci \Device\USBPDO-5                                                                                                             fffffa800b4342c0
Device  \Driver\usbohci \Device\USBFDO-3                                                                                                             fffffa800b42c2c0
Device  \Driver\usbohci \Device\USBPDO-1                                                                                                             fffffa800b42c2c0
Device  \Driver\cdrom \Device\CdRom0                                                                                                                 fffffa800b0e82c0
Device  \Driver\cdrom \Device\CdRom1                                                                                                                 fffffa800b0e82c0
Device  \Driver\cdrom \Device\CdRom2                                                                                                                 fffffa800b0e82c0
Device  \Driver\usbohci \Device\USBPDO-6                                                                                                             fffffa800b42c2c0
Device  \Driver\usbohci \Device\USBFDO-4                                                                                                             fffffa800b42c2c0
Device  \Driver\usbehci \Device\USBPDO-2                                                                                                             fffffa800b4342c0
Device  \Driver\usbohci \Device\USBFDO-0                                                                                                             fffffa800b42c2c0
Device  \Driver\usbehci \Device\USBFDO-5                                                                                                             fffffa800b4342c0
Device  \Driver\usbohci \Device\USBPDO-3                                                                                                             fffffa800b42c2c0
Device  \Driver\usbohci \Device\USBFDO-1                                                                                                             fffffa800b42c2c0
Device  \Driver\volmgr \Device\HarddiskVolume1                                                                                                       fffffa8009af32c0
Device  \Driver\volmgr \Device\FtControl                                                                                                             fffffa8009af32c0
Device  \Driver\volmgr \Device\VolMgrControl                                                                                                         fffffa8009af32c0
Device  \Driver\volmgr \Device\HarddiskVolume2                                                                                                       fffffa8009af32c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{C335382D-59A1-40E1-8FAA-946B0AA697DB}                                                                     fffffa800b1112c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                      fffffa800b1112c0
Device  \Driver\usbohci \Device\USBFDO-6                                                                                                             fffffa800b42c2c0
Device  \Driver\usbohci \Device\USBPDO-4                                                                                                             fffffa800b42c2c0
Device  \Driver\usbehci \Device\USBFDO-2                                                                                                             fffffa800b4342c0
Device  \Driver\atapi \Device\ScsiPort0                                                                                                              fffffa8009af72c0
Device  \Driver\usbohci \Device\USBPDO-0                                                                                                             fffffa800b42c2c0
Device  \Driver\atapi \Device\ScsiPort1                                                                                                              fffffa8009af72c0
Device  \Driver\atapi \Device\ScsiPort2                                                                                                              fffffa8009af72c0
Device  \Driver\atapi \Device\ScsiPort3                                                                                                              fffffa8009af72c0
Device  \Driver\ab9ior69 \Device\ScsiPort4                                                                                                           fffffa800b4732c0

---- Trace I/O - GMER 2.1 ----

Trace   ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8009af72c0]<< spyf.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys   fffffa8009af72c0
Trace   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800abe2060]                                                                              fffffa800abe2060
Trace   3 CLASSPNP.SYS[fffff880015a843f] -> nt!IofCallDriver -> [0xfffffa800a8c3580]                                                                 fffffa800a8c3580
Trace   5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800a8bb060]                                        fffffa800a8bb060
Trace   \Driver\atapi[0xfffffa8009b618a0] -> IRP_MJ_CREATE -> 0xfffffa8009af72c0                                                                     fffffa8009af72c0

---- Modules - GMER 2.1 ----

Module  \SystemRoot\System32\Drivers\ab9ior69.SYS                                                                                                    fffff88004800000-fffff88004845000 (282624 bytes)

---- Threads - GMER 2.1 ----

Thread   [1376:1392]                                                                                                                                 0000000075fb7587
Thread   [1376:1420]                                                                                                                                 000000007426c59c
Thread   [1376:1500]                                                                                                                                 000000007426c59c
Thread   [1376:1504]                                                                                                                                 000000007426c59c
Thread   [1376:1508]                                                                                                                                 000000007426c59c
Thread   [1376:4416]                                                                                                                                 0000000077c63e45
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5720:4068]                                                                               000007fefc022a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5720:5832]                                                                               000007fee8ccd618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5720:6084]                                                                               000007fef1145124

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                           771343423
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                           285507792
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                           1
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                          C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                          0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                          0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                       0xB9 0xA3 0xC7 0x39 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                 0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                              0xA0 0xE6 0x00 0x07 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                         0x68 0x5C 0xAA 0x3E ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                         0x22 0xD8 0xC9 0x79 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                         
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                              C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                              0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                              0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                           0xB9 0xA3 0xC7 0x39 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                     0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                  0xA0 0xE6 0x00 0x07 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                           
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                             0x68 0x5C 0xAA 0x3E ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                           
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                             0x22 0xD8 0xC9 0x79 ...

---- EOF - GMER 2.1 ----
ASWMBR LOG:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-31 11:24:04
-----------------------------
11:24:04.663    OS Version: Windows x64 6.1.7601 Service Pack 1
11:24:04.663    Number of processors: 4 586 0x402
11:24:04.664    ComputerName: CHRIS-PC  UserName: Chris
11:24:08.886    Initialize success
11:24:23.375    AVAST engine defs: 13033000
11:24:35.057    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:24:35.059    Disk 0 Vendor: ST3500418AS CC35 Size: 476940MB BusType: 3
11:24:35.077    Disk 0 MBR read successfully
11:24:35.078    Disk 0 MBR scan
11:24:35.082    Disk 0 Windows 7 default MBR code
11:24:35.090    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
11:24:35.102    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
11:24:35.123    Disk 0 scanning C:\Windows\system32\drivers
11:24:45.353    Service scanning
11:25:04.223    Modules scanning
11:25:04.227    Disk 0 trace - called modules:
11:25:04.234    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8009af72c0]<<spyf.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
11:25:04.237    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800abe2060]
11:25:04.241    3 CLASSPNP.SYS[fffff880015a843f] -> nt!IofCallDriver -> [0xfffffa800a8c3580]
11:25:04.244    5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800a8bb060]
11:25:04.247    \Driver\atapi[0xfffffa8009b618a0] -> IRP_MJ_CREATE -> 0xfffffa8009af72c0
11:25:33.706    AVAST engine scan C:\Windows
11:25:38.342    AVAST engine scan C:\Windows\system32
11:29:10.145    AVAST engine scan C:\Windows\system32\drivers
11:29:21.164    AVAST engine scan C:\Users\Chris
11:39:21.723    AVAST engine scan C:\ProgramData
11:43:40.535    Scan finished successfully
11:43:59.786    Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
11:43:59.789    The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBRNEU.txt"
und hier der screen:
hxxp://imageshack.us/photo/my-images/195/tdss.png/

Alt 31.03.2013, 17:52   #12
DerJazzer
/// Malwareteam
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Hi

OTL war mein Fehler, hatte da was vergessen. Bitte versuche es wie folgt nochmal:

Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:Files

C:\Users\Chris\AppData\Roaming\Ageqy
C:\Users\Chris\AppData\Roaming\Cyape
C:\Users\Chris\AppData\Roaming\Goefn
C:\Users\Chris\AppData\Roaming\Ryuz
C:\Users\Chris\AppData\Roaming\Ugyku
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2

Ok, auch hier lag eine Falschinformation meinerseits vor. Statt Cure wähle bitte Delete:

Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan. Mache während dem Scan nichts am Rechner
  • Gehe sicher dass bei
    Zitat:
    TDSS File System
    Delete angehakt ist ! Bei
    Zitat:
    sptd
    wähle Skip.
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt Poste den Inhalt bitte hier in deinen Thread.

Schritt 3

Ein neues Gmer-Log bitte.

Schritt 4

Ein neues (weiteres) TDSSKiller-Log.

Schritt 5

Zum Schluss ein neues aswMBR-Log.

Bitte poste in deiner nächsten Antwort
  • OTL-Fixlog
  • TDSSKiller-Log nach dem Reboot
  • Gmer-Log
  • ein weiteres neues TDSSKiller-Log
  • aswMBR.txt

Sorry für den Skriptfehler meinerseits. Gut dass du beim TDSSKiller nachgefragt hast
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 01.04.2013, 12:43   #13
Chrisman
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Hach, sorry durch die Feiertage geht grad alles etwas langsamer aufgrund familiärer Verpflichtungen die meine Anwesenheit erzwingen.

So hier nun die Logs:

OTL:
Code:
ATTFilter
========== FILES ==========
C:\Users\Chris\AppData\Roaming\Ageqy folder moved successfully.
C:\Users\Chris\AppData\Roaming\Cyape folder moved successfully.
C:\Users\Chris\AppData\Roaming\Goefn folder moved successfully.
C:\Users\Chris\AppData\Roaming\Ryuz folder moved successfully.
C:\Users\Chris\AppData\Roaming\Ugyku folder moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 04012013_124042
TDSSKILLER vor reboot:
Code:
ATTFilter
12:41:43.0571 6828  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:41:43.0786 6828  ============================================================
12:41:43.0786 6828  Current date / time: 2013/04/01 12:41:43.0786
12:41:43.0786 6828  SystemInfo:
12:41:43.0786 6828  
12:41:43.0786 6828  OS Version: 6.1.7601 ServicePack: 1.0
12:41:43.0786 6828  Product type: Workstation
12:41:43.0787 6828  ComputerName: CHRIS-PC
12:41:43.0787 6828  UserName: Chris
12:41:43.0787 6828  Windows directory: C:\Windows
12:41:43.0787 6828  System windows directory: C:\Windows
12:41:43.0787 6828  Running under WOW64
12:41:43.0787 6828  Processor architecture: Intel x64
12:41:43.0787 6828  Number of processors: 4
12:41:43.0787 6828  Page size: 0x1000
12:41:43.0787 6828  Boot type: Normal boot
12:41:43.0787 6828  ============================================================
12:41:44.0796 6828  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:41:44.0800 6828  ============================================================
12:41:44.0800 6828  \Device\Harddisk0\DR0:
12:41:44.0800 6828  MBR partitions:
12:41:44.0800 6828  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:41:44.0800 6828  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
12:41:44.0800 6828  ============================================================
12:41:44.0828 6828  C: <-> \Device\Harddisk0\DR0\Partition2
12:41:44.0828 6828  ============================================================
12:41:44.0828 6828  Initialize success
12:41:44.0828 6828  ============================================================
12:41:57.0779 5724  ============================================================
12:41:57.0779 5724  Scan started
12:41:57.0779 5724  Mode: Manual; SigCheck; TDLFS; 
12:41:57.0779 5724  ============================================================
12:41:58.0367 5724  ================ Scan system memory ========================
12:41:58.0367 5724  System memory - ok
12:41:58.0367 5724  ================ Scan services =============================
12:41:58.0448 5724  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
12:41:58.0490 5724  1394ohci - ok
12:41:58.0512 5724  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:41:58.0525 5724  ACPI - ok
12:41:58.0534 5724  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:41:58.0558 5724  AcpiPmi - ok
12:41:58.0633 5724  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:41:58.0642 5724  AdobeARMservice - ok
12:41:58.0748 5724  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:41:58.0759 5724  AdobeFlashPlayerUpdateSvc - ok
12:41:58.0790 5724  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:41:58.0811 5724  adp94xx - ok
12:41:58.0833 5724  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:41:58.0851 5724  adpahci - ok
12:41:58.0860 5724  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:41:58.0875 5724  adpu320 - ok
12:41:58.0895 5724  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:41:58.0946 5724  AeLookupSvc - ok
12:41:59.0014 5724  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:41:59.0047 5724  AFD - ok
12:41:59.0070 5724  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:41:59.0083 5724  agp440 - ok
12:41:59.0097 5724  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:41:59.0136 5724  ALG - ok
12:41:59.0152 5724  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:41:59.0164 5724  aliide - ok
12:41:59.0193 5724  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:41:59.0230 5724  AMD External Events Utility - ok
12:41:59.0283 5724  AMD FUEL Service - ok
12:41:59.0306 5724  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:41:59.0318 5724  amdide - ok
12:41:59.0340 5724  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
12:41:59.0355 5724  amdiox64 - ok
12:41:59.0375 5724  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:41:59.0403 5724  AmdK8 - ok
12:41:59.0545 5724  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:41:59.0811 5724  amdkmdag - ok
12:41:59.0842 5724  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:41:59.0873 5724  amdkmdap - ok
12:41:59.0897 5724  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:41:59.0914 5724  AmdPPM - ok
12:41:59.0949 5724  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:41:59.0963 5724  amdsata - ok
12:41:59.0999 5724  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:42:00.0015 5724  amdsbs - ok
12:42:00.0023 5724  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:42:00.0034 5724  amdxata - ok
12:42:00.0083 5724  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:42:00.0091 5724  AntiVirSchedulerService - ok
12:42:00.0099 5724  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:42:00.0106 5724  AntiVirService - ok
12:42:00.0133 5724  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:42:00.0144 5724  AODDriver4.01 - ok
12:42:00.0157 5724  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:42:00.0164 5724  AODDriver4.2 - ok
12:42:00.0185 5724  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:42:00.0227 5724  AppID - ok
12:42:00.0247 5724  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:42:00.0287 5724  AppIDSvc - ok
12:42:00.0296 5724  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
12:42:00.0336 5724  Appinfo - ok
12:42:00.0382 5724  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:42:00.0429 5724  AppMgmt - ok
12:42:00.0444 5724  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
12:42:00.0458 5724  arc - ok
12:42:00.0479 5724  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:42:00.0494 5724  arcsas - ok
12:42:00.0532 5724  aspnet_state - ok
12:42:00.0550 5724  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:42:00.0604 5724  AsyncMac - ok
12:42:00.0614 5724  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:42:00.0622 5724  atapi - ok
12:42:00.0667 5724  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:42:00.0679 5724  AtiHDAudioService - ok
12:42:00.0827 5724  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:42:00.0927 5724  atikmdag - ok
12:42:00.0965 5724  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:42:01.0016 5724  AudioEndpointBuilder - ok
12:42:01.0024 5724  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:42:01.0053 5724  AudioSrv - ok
12:42:01.0081 5724  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:42:01.0090 5724  avgntflt - ok
12:42:01.0098 5724  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:42:01.0113 5724  avipbb - ok
12:42:01.0123 5724  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:42:01.0135 5724  avkmgr - ok
12:42:01.0174 5724  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:42:01.0200 5724  AxInstSV - ok
12:42:01.0234 5724  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:42:01.0274 5724  b06bdrv - ok
12:42:01.0294 5724  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:42:01.0316 5724  b57nd60a - ok
12:42:01.0342 5724  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:42:01.0372 5724  BDESVC - ok
12:42:01.0377 5724  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:42:01.0425 5724  Beep - ok
12:42:01.0451 5724  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:42:01.0496 5724  BFE - ok
12:42:01.0518 5724  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
12:42:01.0575 5724  BITS - ok
12:42:01.0598 5724  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:42:01.0625 5724  blbdrive - ok
12:42:01.0645 5724  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:42:01.0660 5724  bowser - ok
12:42:01.0714 5724  BRDriver64 - ok
12:42:01.0732 5724  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:42:01.0759 5724  BrFiltLo - ok
12:42:01.0762 5724  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:42:01.0787 5724  BrFiltUp - ok
12:42:01.0803 5724  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:42:01.0847 5724  BridgeMP - ok
12:42:01.0877 5724  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:42:01.0907 5724  Browser - ok
12:42:01.0917 5724  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:42:01.0982 5724  Brserid - ok
12:42:01.0998 5724  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:42:02.0015 5724  BrSerWdm - ok
12:42:02.0072 5724  [ A26AB8E6852D72CE129C3C3A61A21FEA ] BRSptSvc        C:\programdata\bitraider\BRSptSvc.exe
12:42:02.0119 5724  BRSptSvc - ok
12:42:02.0138 5724  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:42:02.0151 5724  BrUsbMdm - ok
12:42:02.0154 5724  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:42:02.0172 5724  BrUsbSer - ok
12:42:02.0257 5724  [ 173BBAE8027339608CBD5C5369BCDDDD ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
12:42:02.0270 5724  BstHdAndroidSvc - ok
12:42:02.0321 5724  [ 6EE2AB13C21AFE72E8622304CFAF97B5 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
12:42:02.0333 5724  BstHdDrv - ok
12:42:02.0393 5724  [ D9BD54860A00FE88B660D26E66EB075A ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
12:42:02.0405 5724  BstHdLogRotatorSvc - ok
12:42:02.0436 5724  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:42:02.0501 5724  BTHMODEM - ok
12:42:02.0540 5724  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:42:02.0579 5724  bthserv - ok
12:42:02.0595 5724  catchme - ok
12:42:02.0604 5724  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:42:02.0650 5724  cdfs - ok
12:42:02.0690 5724  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:42:02.0720 5724  cdrom - ok
12:42:02.0754 5724  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:42:02.0789 5724  CertPropSvc - ok
12:42:02.0815 5724  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
12:42:02.0830 5724  circlass - ok
12:42:02.0844 5724  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:42:02.0857 5724  CLFS - ok
12:42:02.0880 5724  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:42:02.0894 5724  clr_optimization_v2.0.50727_32 - ok
12:42:02.0932 5724  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:42:02.0945 5724  clr_optimization_v2.0.50727_64 - ok
12:42:02.0992 5724  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:42:03.0000 5724  clr_optimization_v4.0.30319_32 - ok
12:42:03.0035 5724  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:42:03.0043 5724  clr_optimization_v4.0.30319_64 - ok
12:42:03.0068 5724  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:42:03.0088 5724  CmBatt - ok
12:42:03.0103 5724  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:42:03.0115 5724  cmdide - ok
12:42:03.0160 5724  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
12:42:03.0187 5724  CNG - ok
12:42:03.0208 5724  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:42:03.0221 5724  Compbatt - ok
12:42:03.0243 5724  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:42:03.0276 5724  CompositeBus - ok
12:42:03.0284 5724  COMSysApp - ok
12:42:03.0293 5724  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:42:03.0305 5724  crcdisk - ok
12:42:03.0342 5724  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:42:03.0355 5724  CryptSvc - ok
12:42:03.0378 5724  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
12:42:03.0415 5724  CSC - ok
12:42:03.0434 5724  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
12:42:03.0459 5724  CscService - ok
12:42:03.0618 5724  [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc    C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
12:42:03.0629 5724  DAUpdaterSvc - ok
12:42:03.0661 5724  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:42:03.0704 5724  DcomLaunch - ok
12:42:03.0747 5724  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:42:03.0795 5724  defragsvc - ok
12:42:03.0809 5724  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:42:03.0844 5724  DfsC - ok
12:42:03.0878 5724  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:42:03.0891 5724  dg_ssudbus - ok
12:42:03.0910 5724  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:42:03.0951 5724  Dhcp - ok
12:42:03.0970 5724  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:42:04.0007 5724  discache - ok
12:42:04.0043 5724  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
12:42:04.0058 5724  Disk - ok
12:42:04.0078 5724  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
12:42:04.0109 5724  dmvsc - ok
12:42:04.0126 5724  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:42:04.0162 5724  Dnscache - ok
12:42:04.0186 5724  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:42:04.0223 5724  dot3svc - ok
12:42:04.0242 5724  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:42:04.0273 5724  DPS - ok
12:42:04.0289 5724  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:42:04.0311 5724  drmkaud - ok
12:42:04.0346 5724  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:42:04.0370 5724  DXGKrnl - ok
12:42:04.0385 5724  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:42:04.0415 5724  EapHost - ok
12:42:04.0467 5724  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:42:04.0565 5724  ebdrv - ok
12:42:04.0584 5724  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:42:04.0615 5724  EFS - ok
12:42:04.0654 5724  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:42:04.0718 5724  ehRecvr - ok
12:42:04.0727 5724  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:42:04.0761 5724  ehSched - ok
12:42:04.0800 5724  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:42:04.0821 5724  elxstor - ok
12:42:04.0838 5724  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:42:04.0861 5724  ErrDev - ok
12:42:04.0891 5724  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:42:04.0923 5724  EventSystem - ok
12:42:04.0934 5724  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:42:04.0972 5724  exfat - ok
12:42:04.0984 5724  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:42:05.0021 5724  fastfat - ok
12:42:05.0055 5724  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:42:05.0097 5724  Fax - ok
12:42:05.0104 5724  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:42:05.0129 5724  fdc - ok
12:42:05.0146 5724  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:42:05.0193 5724  fdPHost - ok
12:42:05.0211 5724  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:42:05.0255 5724  FDResPub - ok
12:42:05.0277 5724  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:42:05.0292 5724  FileInfo - ok
12:42:05.0303 5724  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:42:05.0337 5724  Filetrace - ok
12:42:05.0345 5724  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:42:05.0375 5724  flpydisk - ok
12:42:05.0397 5724  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:42:05.0417 5724  FltMgr - ok
12:42:05.0475 5724  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
12:42:05.0530 5724  FontCache - ok
12:42:05.0560 5724  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:42:05.0572 5724  FontCache3.0.0.0 - ok
12:42:05.0594 5724  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:42:05.0607 5724  FsDepends - ok
12:42:05.0659 5724  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:42:05.0671 5724  Fs_Rec - ok
12:42:05.0696 5724  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:42:05.0709 5724  fvevol - ok
12:42:05.0730 5724  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:42:05.0744 5724  gagp30kx - ok
12:42:05.0773 5724  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:42:05.0821 5724  gpsvc - ok
12:42:05.0845 5724  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:42:05.0871 5724  hcw85cir - ok
12:42:05.0906 5724  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:42:05.0927 5724  HdAudAddService - ok
12:42:05.0950 5724  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:42:05.0972 5724  HDAudBus - ok
12:42:05.0984 5724  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:42:06.0013 5724  HidBatt - ok
12:42:06.0036 5724  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:42:06.0089 5724  HidBth - ok
12:42:06.0123 5724  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:42:06.0150 5724  HidIr - ok
12:42:06.0170 5724  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
12:42:06.0209 5724  hidserv - ok
12:42:06.0240 5724  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:42:06.0252 5724  HidUsb - ok
12:42:06.0270 5724  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:42:06.0311 5724  hkmsvc - ok
12:42:06.0329 5724  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:42:06.0375 5724  HomeGroupListener - ok
12:42:06.0396 5724  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:42:06.0405 5724  HomeGroupProvider - ok
12:42:06.0432 5724  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:42:06.0446 5724  HpSAMD - ok
12:42:06.0473 5724  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:42:06.0511 5724  HTTP - ok
12:42:06.0519 5724  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:42:06.0527 5724  hwpolicy - ok
12:42:06.0546 5724  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:42:06.0562 5724  i8042prt - ok
12:42:06.0601 5724  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:42:06.0621 5724  iaStorV - ok
12:42:06.0659 5724  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:42:06.0694 5724  idsvc - ok
12:42:06.0704 5724  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:42:06.0717 5724  iirsp - ok
12:42:06.0750 5724  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:42:06.0800 5724  IKEEXT - ok
12:42:06.0809 5724  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:42:06.0821 5724  intelide - ok
12:42:06.0839 5724  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
12:42:06.0860 5724  intelppm - ok
12:42:06.0885 5724  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:42:06.0931 5724  IPBusEnum - ok
12:42:06.0951 5724  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:42:06.0981 5724  IpFilterDriver - ok
12:42:07.0018 5724  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:42:07.0032 5724  iphlpsvc - ok
12:42:07.0045 5724  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:42:07.0066 5724  IPMIDRV - ok
12:42:07.0079 5724  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:42:07.0110 5724  IPNAT - ok
12:42:07.0138 5724  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:42:07.0153 5724  IRENUM - ok
12:42:07.0161 5724  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:42:07.0173 5724  isapnp - ok
12:42:07.0191 5724  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:42:07.0209 5724  iScsiPrt - ok
12:42:07.0226 5724  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:42:07.0239 5724  kbdclass - ok
12:42:07.0256 5724  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:42:07.0268 5724  kbdhid - ok
12:42:07.0273 5724  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:42:07.0282 5724  KeyIso - ok
12:42:07.0310 5724  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:42:07.0325 5724  KSecDD - ok
12:42:07.0363 5724  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:42:07.0378 5724  KSecPkg - ok
12:42:07.0385 5724  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:42:07.0422 5724  ksthunk - ok
12:42:07.0446 5724  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:42:07.0493 5724  KtmRm - ok
12:42:07.0521 5724  [ B8E670D7EF61615FA03104552854FAC9 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
12:42:07.0605 5724  L1E - ok
12:42:07.0730 5724  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:42:07.0780 5724  LanmanServer - ok
12:42:07.0813 5724  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:42:07.0845 5724  LanmanWorkstation - ok
12:42:07.0897 5724  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:42:07.0918 5724  LBTServ - ok
12:42:07.0943 5724  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
12:42:07.0954 5724  LGBusEnum - ok
12:42:07.0973 5724  [ F705A641C18DF31B48B5DBDA94B425E4 ] LGPBTDD         C:\Windows\system32\Drivers\LGPBTDD.sys
12:42:07.0983 5724  LGPBTDD - ok
12:42:08.0003 5724  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
12:42:08.0014 5724  LGVirHid - ok
12:42:08.0039 5724  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:42:08.0051 5724  LHidFilt - ok
12:42:08.0076 5724  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:42:08.0117 5724  lltdio - ok
12:42:08.0134 5724  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:42:08.0175 5724  lltdsvc - ok
12:42:08.0189 5724  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:42:08.0218 5724  lmhosts - ok
12:42:08.0244 5724  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:42:08.0256 5724  LMouFilt - ok
12:42:08.0308 5724  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:42:08.0323 5724  LSI_FC - ok
12:42:08.0361 5724  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:42:08.0375 5724  LSI_SAS - ok
12:42:08.0397 5724  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:42:08.0411 5724  LSI_SAS2 - ok
12:42:08.0456 5724  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:42:08.0471 5724  LSI_SCSI - ok
12:42:08.0487 5724  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:42:08.0523 5724  luafv - ok
12:42:08.0558 5724  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:42:08.0568 5724  MBAMProtector - ok
12:42:08.0609 5724  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:42:08.0620 5724  MBAMScheduler - ok
12:42:08.0652 5724  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:42:08.0665 5724  MBAMService - ok
12:42:08.0765 5724  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
12:42:08.0789 5724  McComponentHostService - ok
12:42:08.0807 5724  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:42:08.0826 5724  Mcx2Svc - ok
12:42:08.0849 5724  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:42:08.0861 5724  megasas - ok
12:42:08.0876 5724  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:42:08.0893 5724  MegaSR - ok
12:42:08.0930 5724  [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
12:42:08.0936 5724  MemeoBackgroundService - ok
12:42:08.0974 5724  Microsoft SharePoint Workspace Audit Service - ok
12:42:08.0992 5724  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:42:09.0033 5724  MMCSS - ok
12:42:09.0054 5724  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:42:09.0083 5724  Modem - ok
12:42:09.0094 5724  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:42:09.0105 5724  monitor - ok
12:42:09.0121 5724  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:42:09.0134 5724  mouclass - ok
12:42:09.0143 5724  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:42:09.0155 5724  mouhid - ok
12:42:09.0166 5724  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:42:09.0175 5724  mountmgr - ok
12:42:09.0217 5724  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:42:09.0233 5724  MozillaMaintenance - ok
12:42:09.0247 5724  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:42:09.0264 5724  mpio - ok
12:42:09.0273 5724  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:42:09.0303 5724  mpsdrv - ok
12:42:09.0331 5724  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:42:09.0365 5724  MpsSvc - ok
12:42:09.0382 5724  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:42:09.0410 5724  MRxDAV - ok
12:42:09.0437 5724  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:42:09.0457 5724  mrxsmb - ok
12:42:09.0480 5724  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:42:09.0506 5724  mrxsmb10 - ok
12:42:09.0522 5724  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:42:09.0548 5724  mrxsmb20 - ok
12:42:09.0573 5724  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:42:09.0585 5724  msahci - ok
12:42:09.0597 5724  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:42:09.0612 5724  msdsm - ok
12:42:09.0631 5724  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:42:09.0657 5724  MSDTC - ok
12:42:09.0682 5724  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:42:09.0718 5724  Msfs - ok
12:42:09.0737 5724  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:42:09.0765 5724  mshidkmdf - ok
12:42:09.0773 5724  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:42:09.0785 5724  msisadrv - ok
12:42:09.0808 5724  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:42:09.0841 5724  MSiSCSI - ok
12:42:09.0844 5724  msiserver - ok
12:42:09.0868 5724  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:42:09.0908 5724  MSKSSRV - ok
12:42:09.0911 5724  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:42:09.0943 5724  MSPCLOCK - ok
12:42:09.0946 5724  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:42:09.0974 5724  MSPQM - ok
12:42:10.0043 5724  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:42:10.0114 5724  MsRPC - ok
12:42:10.0134 5724  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:42:10.0143 5724  mssmbios - ok
12:42:10.0157 5724  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:42:10.0204 5724  MSTEE - ok
12:42:10.0207 5724  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:42:10.0237 5724  MTConfig - ok
12:42:10.0267 5724  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
12:42:10.0277 5724  MTsensor - ok
12:42:10.0284 5724  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:42:10.0298 5724  Mup - ok
12:42:10.0330 5724  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:42:10.0359 5724  napagent - ok
12:42:10.0389 5724  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:42:10.0420 5724  NativeWifiP - ok
12:42:10.0479 5724  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:42:10.0499 5724  NDIS - ok
12:42:10.0515 5724  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:42:10.0551 5724  NdisCap - ok
12:42:10.0572 5724  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:42:10.0601 5724  NdisTapi - ok
12:42:10.0609 5724  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:42:10.0646 5724  Ndisuio - ok
12:42:10.0660 5724  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:42:10.0698 5724  NdisWan - ok
12:42:10.0713 5724  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:42:10.0745 5724  NDProxy - ok
12:42:10.0764 5724  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:42:10.0804 5724  NetBIOS - ok
12:42:10.0820 5724  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:42:10.0847 5724  NetBT - ok
12:42:10.0853 5724  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:42:10.0862 5724  Netlogon - ok
12:42:10.0892 5724  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:42:10.0921 5724  Netman - ok
12:42:10.0939 5724  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:42:10.0992 5724  netprofm - ok
12:42:11.0021 5724  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:42:11.0036 5724  NetTcpPortSharing - ok
12:42:11.0061 5724  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:42:11.0074 5724  nfrd960 - ok
12:42:11.0091 5724  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:42:11.0104 5724  NlaSvc - ok
12:42:11.0116 5724  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:42:11.0153 5724  Npfs - ok
12:42:11.0177 5724  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:42:11.0207 5724  nsi - ok
12:42:11.0219 5724  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:42:11.0244 5724  nsiproxy - ok
12:42:11.0306 5724  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:42:11.0357 5724  Ntfs - ok
12:42:11.0368 5724  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:42:11.0405 5724  Null - ok
12:42:11.0433 5724  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:42:11.0448 5724  nvraid - ok
12:42:11.0470 5724  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:42:11.0486 5724  nvstor - ok
12:42:11.0502 5724  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:42:11.0517 5724  nv_agp - ok
12:42:11.0530 5724  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:42:11.0550 5724  ohci1394 - ok
12:42:11.0601 5724  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:42:11.0616 5724  ose - ok
12:42:11.0705 5724  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:42:11.0832 5724  osppsvc - ok
12:42:11.0852 5724  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:42:11.0890 5724  p2pimsvc - ok
12:42:11.0903 5724  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:42:11.0931 5724  p2psvc - ok
12:42:11.0950 5724  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
12:42:11.0984 5724  Parport - ok
12:42:12.0014 5724  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:42:12.0028 5724  partmgr - ok
12:42:12.0037 5724  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:42:12.0067 5724  PcaSvc - ok
12:42:12.0088 5724  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:42:12.0098 5724  pci - ok
12:42:12.0104 5724  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:42:12.0115 5724  pciide - ok
12:42:12.0126 5724  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:42:12.0143 5724  pcmcia - ok
12:42:12.0158 5724  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:42:12.0172 5724  pcw - ok
12:42:12.0188 5724  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:42:12.0244 5724  PEAUTH - ok
12:42:12.0280 5724  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:42:12.0340 5724  PeerDistSvc - ok
12:42:12.0388 5724  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:42:12.0402 5724  PerfHost - ok
12:42:12.0444 5724  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:42:12.0505 5724  pla - ok
12:42:12.0536 5724  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:42:12.0572 5724  PlugPlay - ok
12:42:12.0594 5724  PnkBstrA - ok
12:42:12.0602 5724  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:42:12.0622 5724  PNRPAutoReg - ok
12:42:12.0643 5724  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:42:12.0654 5724  PNRPsvc - ok
12:42:12.0677 5724  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:42:12.0712 5724  PolicyAgent - ok
12:42:12.0735 5724  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:42:12.0767 5724  Power - ok
12:42:12.0799 5724  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:42:12.0840 5724  PptpMiniport - ok
12:42:12.0852 5724  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
12:42:12.0872 5724  Processor - ok
12:42:12.0911 5724  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:42:12.0934 5724  ProfSvc - ok
12:42:12.0943 5724  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:42:12.0951 5724  ProtectedStorage - ok
12:42:12.0967 5724  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:42:12.0999 5724  Psched - ok
12:42:13.0038 5724  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:42:13.0098 5724  ql2300 - ok
12:42:13.0108 5724  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:42:13.0123 5724  ql40xx - ok
12:42:13.0150 5724  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:42:13.0172 5724  QWAVE - ok
12:42:13.0189 5724  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:42:13.0211 5724  QWAVEdrv - ok
12:42:13.0224 5724  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:42:13.0253 5724  RasAcd - ok
12:42:13.0269 5724  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:42:13.0306 5724  RasAgileVpn - ok
12:42:13.0315 5724  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:42:13.0346 5724  RasAuto - ok
12:42:13.0364 5724  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:42:13.0418 5724  Rasl2tp - ok
12:42:13.0441 5724  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:42:13.0486 5724  RasMan - ok
12:42:13.0497 5724  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:42:13.0528 5724  RasPppoe - ok
12:42:13.0540 5724  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:42:13.0571 5724  RasSstp - ok
12:42:13.0581 5724  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:42:13.0614 5724  rdbss - ok
12:42:13.0632 5724  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:42:13.0664 5724  rdpbus - ok
12:42:13.0681 5724  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:42:13.0706 5724  RDPCDD - ok
12:42:13.0735 5724  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:42:13.0761 5724  RDPDR - ok
12:42:13.0778 5724  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:42:13.0818 5724  RDPENCDD - ok
12:42:13.0834 5724  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:42:13.0872 5724  RDPREFMP - ok
12:42:13.0913 5724  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:42:13.0933 5724  RdpVideoMiniport - ok
12:42:13.0962 5724  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:42:13.0989 5724  RDPWD - ok
12:42:14.0005 5724  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:42:14.0022 5724  rdyboost - ok
12:42:14.0041 5724  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:42:14.0073 5724  RemoteAccess - ok
12:42:14.0091 5724  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:42:14.0144 5724  RemoteRegistry - ok
12:42:14.0169 5724  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:42:14.0204 5724  RpcEptMapper - ok
12:42:14.0224 5724  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:42:14.0236 5724  RpcLocator - ok
12:42:14.0258 5724  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:42:14.0288 5724  RpcSs - ok
12:42:14.0308 5724  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:42:14.0346 5724  rspndr - ok
12:42:14.0365 5724  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:42:14.0382 5724  s3cap - ok
12:42:14.0399 5724  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:42:14.0408 5724  SamSs - ok
12:42:14.0422 5724  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:42:14.0437 5724  sbp2port - ok
12:42:14.0448 5724  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:42:14.0489 5724  SCardSvr - ok
12:42:14.0499 5724  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:42:14.0540 5724  scfilter - ok
12:42:14.0566 5724  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:42:14.0603 5724  Schedule - ok
12:42:14.0617 5724  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:42:14.0641 5724  SCPolicySvc - ok
12:42:14.0652 5724  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:42:14.0703 5724  SDRSVC - ok
12:42:14.0721 5724  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:42:14.0758 5724  secdrv - ok
12:42:14.0773 5724  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:42:14.0810 5724  seclogon - ok
12:42:14.0826 5724  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
12:42:14.0867 5724  SENS - ok
12:42:14.0876 5724  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:42:14.0939 5724  SensrSvc - ok
12:42:14.0960 5724  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:42:14.0983 5724  Serenum - ok
12:42:15.0010 5724  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:42:15.0033 5724  Serial - ok
12:42:15.0046 5724  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:42:15.0058 5724  sermouse - ok
12:42:15.0085 5724  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:42:15.0127 5724  SessionEnv - ok
12:42:15.0140 5724  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:42:15.0173 5724  sffdisk - ok
12:42:15.0177 5724  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:42:15.0191 5724  sffp_mmc - ok
12:42:15.0194 5724  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:42:15.0207 5724  sffp_sd - ok
12:42:15.0211 5724  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:42:15.0229 5724  sfloppy - ok
12:42:15.0266 5724  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:42:15.0314 5724  SharedAccess - ok
12:42:15.0335 5724  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:42:15.0369 5724  ShellHWDetection - ok
12:42:15.0396 5724  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:42:15.0410 5724  SiSRaid2 - ok
12:42:15.0424 5724  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:42:15.0438 5724  SiSRaid4 - ok
12:42:15.0702 5724  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:42:15.0805 5724  Skype C2C Service - ok
12:42:15.0876 5724  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:42:15.0885 5724  SkypeUpdate - ok
12:42:15.0904 5724  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:42:15.0948 5724  Smb - ok
12:42:16.0023 5724  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:42:16.0050 5724  SNMPTRAP - ok
12:42:16.0155 5724  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:42:16.0167 5724  spldr - ok
12:42:16.0240 5724  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:42:16.0289 5724  Spooler - ok
12:42:16.0335 5724  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:42:16.0412 5724  sppsvc - ok
12:42:16.0425 5724  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:42:16.0463 5724  sppuinotify - ok
12:42:16.0514 5724  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
12:42:16.0514 5724  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
12:42:16.0515 5724  sptd ( LockedFile.Multi.Generic ) - warning
12:42:16.0515 5724  sptd - detected LockedFile.Multi.Generic (1)
12:42:16.0538 5724  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:42:16.0570 5724  srv - ok
12:42:16.0585 5724  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:42:16.0613 5724  srv2 - ok
12:42:16.0632 5724  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:42:16.0647 5724  srvnet - ok
12:42:16.0680 5724  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:42:16.0714 5724  SSDPSRV - ok
12:42:16.0750 5724  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:42:16.0780 5724  SstpSvc - ok
12:42:16.0826 5724  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:42:16.0841 5724  ssudmdm - ok
12:42:16.0850 5724  Steam Client Service - ok
12:42:16.0861 5724  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:42:16.0874 5724  stexstor - ok
12:42:16.0898 5724  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:42:16.0924 5724  stisvc - ok
12:42:16.0937 5724  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:42:16.0950 5724  storflt - ok
12:42:16.0962 5724  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
12:42:16.0983 5724  StorSvc - ok
12:42:17.0000 5724  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:42:17.0013 5724  storvsc - ok
12:42:17.0023 5724  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:42:17.0034 5724  swenum - ok
12:42:17.0054 5724  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:42:17.0104 5724  swprv - ok
12:42:17.0139 5724  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:42:17.0185 5724  SysMain - ok
12:42:17.0199 5724  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:42:17.0232 5724  TabletInputService - ok
12:42:17.0258 5724  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:42:17.0292 5724  TapiSrv - ok
12:42:17.0307 5724  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:42:17.0356 5724  TBS - ok
12:42:17.0408 5724  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:42:17.0479 5724  Tcpip - ok
12:42:17.0516 5724  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:42:17.0545 5724  TCPIP6 - ok
12:42:17.0579 5724  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:42:17.0603 5724  tcpipreg - ok
12:42:17.0630 5724  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:42:17.0650 5724  TDPIPE - ok
12:42:17.0679 5724  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:42:17.0701 5724  TDTCP - ok
12:42:17.0715 5724  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:42:17.0756 5724  tdx - ok
12:42:17.0843 5724  [ 33966A658FF37E0C65D46E59F37E2380 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
12:42:17.0883 5724  TeamViewer7 - ok
12:42:17.0887 5724  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:42:17.0901 5724  TermDD - ok
12:42:17.0951 5724  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:42:17.0990 5724  TermService - ok
12:42:18.0007 5724  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:42:18.0027 5724  Themes - ok
12:42:18.0040 5724  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:42:18.0067 5724  THREADORDER - ok
12:42:18.0079 5724  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:42:18.0130 5724  TrkWks - ok
12:42:18.0170 5724  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:42:18.0208 5724  TrustedInstaller - ok
12:42:18.0232 5724  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:42:18.0267 5724  tssecsrv - ok
12:42:18.0311 5724  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:42:18.0342 5724  TsUsbFlt - ok
12:42:18.0358 5724  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:42:18.0371 5724  TsUsbGD - ok
12:42:18.0393 5724  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:42:18.0434 5724  tunnel - ok
12:42:18.0446 5724  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:42:18.0460 5724  uagp35 - ok
12:42:18.0476 5724  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:42:18.0517 5724  udfs - ok
12:42:18.0540 5724  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:42:18.0568 5724  UI0Detect - ok
12:42:18.0586 5724  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:42:18.0600 5724  uliagpkx - ok
12:42:18.0618 5724  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:42:18.0643 5724  umbus - ok
12:42:18.0665 5724  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:42:18.0683 5724  UmPass - ok
12:42:18.0709 5724  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
12:42:18.0726 5724  UmRdpService - ok
12:42:18.0739 5724  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:42:18.0789 5724  upnphost - ok
12:42:18.0819 5724  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:42:18.0840 5724  usbccgp - ok
12:42:18.0864 5724  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:42:18.0898 5724  usbcir - ok
12:42:18.0914 5724  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:42:18.0934 5724  usbehci - ok
12:42:18.0956 5724  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:42:18.0988 5724  usbhub - ok
12:42:19.0004 5724  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:42:19.0016 5724  usbohci - ok
12:42:19.0031 5724  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:42:19.0058 5724  usbprint - ok
12:42:19.0080 5724  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:42:19.0094 5724  usbscan - ok
12:42:19.0107 5724  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:42:19.0122 5724  USBSTOR - ok
12:42:19.0132 5724  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:42:19.0156 5724  usbuhci - ok
12:42:19.0183 5724  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:42:19.0218 5724  UxSms - ok
12:42:19.0227 5724  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:42:19.0236 5724  VaultSvc - ok
12:42:19.0253 5724  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:42:19.0266 5724  vdrvroot - ok
12:42:19.0279 5724  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:42:19.0328 5724  vds - ok
12:42:19.0341 5724  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:42:19.0355 5724  vga - ok
12:42:19.0360 5724  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:42:19.0393 5724  VgaSave - ok
12:42:19.0409 5724  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:42:19.0426 5724  vhdmp - ok
12:42:19.0442 5724  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:42:19.0454 5724  viaide - ok
12:42:19.0475 5724  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:42:19.0493 5724  vmbus - ok
12:42:19.0504 5724  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:42:19.0517 5724  VMBusHID - ok
12:42:19.0528 5724  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:42:19.0542 5724  volmgr - ok
12:42:19.0552 5724  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:42:19.0566 5724  volmgrx - ok
12:42:19.0575 5724  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:42:19.0594 5724  volsnap - ok
12:42:19.0618 5724  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:42:19.0633 5724  vsmraid - ok
12:42:19.0662 5724  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:42:19.0731 5724  VSS - ok
12:42:19.0745 5724  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:42:19.0771 5724  vwifibus - ok
12:42:19.0784 5724  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:42:19.0814 5724  W32Time - ok
12:42:19.0866 5724  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:42:19.0887 5724  WacomPen - ok
12:42:19.0911 5724  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:42:19.0941 5724  WANARP - ok
12:42:19.0944 5724  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:42:19.0969 5724  Wanarpv6 - ok
12:42:20.0002 5724  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:42:20.0065 5724  wbengine - ok
12:42:20.0078 5724  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:42:20.0118 5724  WbioSrvc - ok
12:42:20.0138 5724  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:42:20.0168 5724  wcncsvc - ok
12:42:20.0184 5724  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:42:20.0217 5724  WcsPlugInService - ok
12:42:20.0235 5724  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
12:42:20.0248 5724  Wd - ok
12:42:20.0296 5724  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:42:20.0326 5724  Wdf01000 - ok
12:42:20.0340 5724  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:42:20.0418 5724  WdiServiceHost - ok
12:42:20.0421 5724  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:42:20.0435 5724  WdiSystemHost - ok
12:42:20.0446 5724  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:42:20.0479 5724  WebClient - ok
12:42:20.0497 5724  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:42:20.0539 5724  Wecsvc - ok
12:42:20.0553 5724  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:42:20.0593 5724  wercplsupport - ok
12:42:20.0611 5724  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:42:20.0642 5724  WerSvc - ok
12:42:20.0656 5724  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:42:20.0684 5724  WfpLwf - ok
12:42:20.0692 5724  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:42:20.0704 5724  WIMMount - ok
12:42:20.0712 5724  WinDefend - ok
12:42:20.0716 5724  WinHttpAutoProxySvc - ok
12:42:20.0754 5724  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:42:20.0796 5724  Winmgmt - ok
12:42:20.0845 5724  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:42:20.0918 5724  WinRM - ok
12:42:20.0947 5724  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:42:20.0962 5724  WinUsb - ok
12:42:20.0985 5724  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:42:21.0034 5724  Wlansvc - ok
12:42:21.0150 5724  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:42:21.0200 5724  wlidsvc - ok
12:42:21.0220 5724  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:42:21.0238 5724  WmiAcpi - ok
12:42:21.0271 5724  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:42:21.0288 5724  wmiApSrv - ok
12:42:21.0318 5724  WMPNetworkSvc - ok
12:42:21.0341 5724  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:42:21.0363 5724  WPCSvc - ok
12:42:21.0375 5724  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:42:21.0391 5724  WPDBusEnum - ok
12:42:21.0409 5724  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:42:21.0449 5724  ws2ifsl - ok
12:42:21.0471 5724  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
12:42:21.0503 5724  wscsvc - ok
12:42:21.0506 5724  WSearch - ok
12:42:21.0570 5724  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:42:21.0628 5724  wuauserv - ok
12:42:21.0663 5724  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:42:21.0682 5724  WudfPf - ok
12:42:21.0709 5724  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:42:21.0722 5724  WUDFRd - ok
12:42:21.0728 5724  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:42:21.0746 5724  wudfsvc - ok
12:42:21.0774 5724  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:42:21.0797 5724  WwanSvc - ok
12:42:21.0845 5724  X6va011 - ok
12:42:21.0857 5724  ================ Scan global ===============================
12:42:21.0881 5724  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:42:21.0920 5724  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:42:21.0932 5724  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:42:21.0957 5724  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:42:21.0970 5724  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:42:21.0973 5724  [Global] - ok
12:42:21.0973 5724  ================ Scan MBR ==================================
12:42:21.0981 5724  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:42:22.0129 5724  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:42:22.0129 5724  \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:42:22.0129 5724  ================ Scan VBR ==================================
12:42:22.0155 5724  [ 558B38A28B86203AFC18D2D1E882F66E ] \Device\Harddisk0\DR0\Partition1
12:42:22.0156 5724  \Device\Harddisk0\DR0\Partition1 - ok
12:42:22.0175 5724  [ F875E74C215660D7658A9CD9073FEA34 ] \Device\Harddisk0\DR0\Partition2
12:42:22.0177 5724  \Device\Harddisk0\DR0\Partition2 - ok
12:42:22.0177 5724  ============================================================
12:42:22.0177 5724  Scan finished
12:42:22.0177 5724  ============================================================
12:42:22.0185 5860  Detected object count: 2
12:42:22.0185 5860  Actual detected object count: 2
12:42:50.0326 5860  sptd ( LockedFile.Multi.Generic ) - skipped by user
12:42:50.0326 5860  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
12:42:50.0331 5860  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:42:50.0351 5860  \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
12:42:50.0352 5860  \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
12:42:50.0353 5860  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
12:42:50.0357 5860  \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
12:42:50.0358 5860  \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
12:42:50.0358 5860  \Device\Harddisk0\DR0\TDLFS - deleted
12:42:50.0358 5860  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 
12:43:36.0056 6308  Deinitialize success

Der GMER:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-01 12:55:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC35 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kgloqpod.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload                                                                                         fffff88004828d64 12 bytes {MOV RAX, 0xfffffa800b4512a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text   C:\Windows\SysWOW64\PnkBstrA.exe[1532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                   0000000070b31a22 2 bytes [B3, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                   0000000070b31ad0 2 bytes [B3, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                   0000000070b31b08 2 bytes [B3, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                   0000000070b31bba 2 bytes [B3, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                   0000000070b31bda 2 bytes [B3, 70]
.text   C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000077541465 2 bytes [54, 77]
.text   C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000775414bb 2 bytes [54, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000077541465 2 bytes [54, 77]
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000775414bb 2 bytes [54, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000077541465 2 bytes [54, 77]
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000775414bb 2 bytes [54, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Program Files (x86)\BlueStacks\HD-Agent.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000077541465 2 bytes [54, 77]
.text   C:\Program Files (x86)\BlueStacks\HD-Agent.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000775414bb 2 bytes [54, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe[2248] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                      0000000077541465 2 bytes [54, 77]
.text   C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe[2248] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                     00000000775414bb 2 bytes [54, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Program Files (x86)\BlueStacks\HD-Service.exe[3688] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                            0000000077541465 2 bytes [54, 77]
.text   C:\Program Files (x86)\BlueStacks\HD-Service.exe[3688] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                           00000000775414bb 2 bytes [54, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000077541465 2 bytes [54, 77]
.text   C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000775414bb 2 bytes [54, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000077541465 2 bytes [54, 77]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000775414bb 2 bytes [54, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5      000000007758f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15     000000007758f99b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5                   000000007758fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15                  000000007758fa17 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5                 000000007758fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15                000000007758fb2f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5           000000007758fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15          000000007758fbdf 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5               000000007758fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15              000000007758fc0f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5        000000007758fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15       000000007758fc27 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5          000000007758fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15         000000007758fc3f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5        000000007758fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15       000000007758fc6f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5         000000007758fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15        000000007758fcef 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5        000000007758fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15       000000007758fd07 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                  000000007758fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                 000000007758fd53 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5               000000007758fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15              000000007758fdb7 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5       000000007758fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15      000000007758fe4b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5             000000007758ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15            000000007758ff93 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                0000000077590099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15               00000000775900a3 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5              0000000077590781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15             000000007759078b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5                 0000000077590ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15                0000000077591007 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5                000000007759105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15               0000000077591067 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5          00000000775910a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15         00000000775910af 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                000000007759111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15               0000000077591127 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5   0000000077591321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15  000000007759132b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\kernel32.dll!CreateProcessW               0000000076e4103d 5 bytes JMP 0000000100010030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\kernel32.dll!CreateProcessA               0000000076e41072 5 bytes JMP 0000000100010070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW               000000007699119f 5 bytes JMP 0000000100020030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW                 00000000769911cf 5 bytes JMP 0000000100020070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps                   00000000758d4de0 5 bytes JMP 00000001001203b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!SelectObject                    00000000758d4f70 5 bytes JMP 00000001001205f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!SetBkMode                       00000000758d51a2 5 bytes JMP 00000001001208f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!SetTextColor                    00000000758d522d 5 bytes JMP 0000000100120a30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!DeleteObject                    00000000758d5689 5 bytes JMP 00000001001201b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!DeleteDC                        00000000758d58b3 5 bytes JMP 0000000100120170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!GetCurrentObject                00000000758d6bad 5 bytes JMP 0000000100120370
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!SaveDC                          00000000758d6e05 5 bytes JMP 0000000100120570
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!RestoreDC                       00000000758d6ead 5 bytes JMP 0000000100120530
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode               00000000758d7180 5 bytes JMP 00000001001206b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!StretchDIBits                   00000000758d7435 5 bytes JMP 0000000100120770
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!CreateDCA                       00000000758d7bcc 5 bytes JMP 00000001001200b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!IntersectClipRect               00000000758d7dc4 5 bytes JMP 00000001001203f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!GetTextAlign                    00000000758d7fd5 5 bytes JMP 0000000100120d70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW                 00000000758d82b2 5 bytes JMP 0000000100120e30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!SetTextAlign                    00000000758d8401 5 bytes JMP 00000001001209f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn                00000000758d879f 5 bytes JMP 00000001001202f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!SelectClipRgn                   00000000758d8916 5 bytes JMP 00000001001205b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!ExtTextOutW                     00000000758d8b7a 5 bytes JMP 0000000100120970
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!MoveToEx                        00000000758d8ee6 5 bytes JMP 0000000100120470
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!GetFontData                     00000000758d9875 5 bytes JMP 0000000100120c70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!GetTextFaceW                    00000000758d9936 5 bytes JMP 0000000100120d30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!Rectangle                       00000000758da53a 5 bytes JMP 00000001001209b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!GetClipBox                      00000000758daf9f 5 bytes JMP 0000000100120330
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!LineTo                          00000000758db9e5 5 bytes JMP 0000000100120430
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!SetICMMode                      00000000758dbd55 5 bytes JMP 0000000100120db0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!CreateICW                       00000000758dc040 5 bytes JMP 0000000100120130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W           00000000758dc107 5 bytes JMP 0000000100120670
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!SetWorldTransform               00000000758dc269 5 bytes JMP 00000001001206f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA                 00000000758dd1f1 5 bytes JMP 0000000100120df0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A           00000000758dd349 5 bytes JMP 0000000100120630
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!ExtTextOutA                     00000000758ddce4 5 bytes JMP 0000000100120930
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!CreateDCW                       00000000758de743 5 bytes JMP 00000001001200f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!ExtEscape                       00000000758e03b7 5 bytes JMP 00000001001202b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!Escape                          00000000758e1bda 5 bytes JMP 0000000100120270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!GetTextFaceA                    00000000758e1e89 5 bytes JMP 0000000100120cf0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode                 00000000758e4843 5 bytes JMP 0000000100120b30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!SetMiterLimit                   00000000758e5690 5 bytes JMP 0000000100120b70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!EndPage                         00000000758e6bde 5 bytes JMP 0000000100120230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!ResetDCW                        00000000758ee2db 5 bytes JMP 0000000100120ab0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW                00000000758f940d 5 bytes JMP 0000000100120cb0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW     00000000758fc621 5 bytes JMP 0000000100120bb0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!AddFontResourceW                00000000758fd2b2 5 bytes JMP 0000000100120bf0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW             00000000758fd919 5 bytes JMP 0000000100120c30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!AbortDoc                        0000000075903adc 5 bytes JMP 0000000100120030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!EndDoc                          0000000075903f29 5 bytes JMP 00000001001201f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!StartPage                       000000007590401a 5 bytes JMP 0000000100120730
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!StartDocW                       0000000075904c51 5 bytes JMP 00000001001207f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!BeginPath                       00000000759053fd 5 bytes JMP 0000000100120830
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!SelectClipPath                  0000000075905454 5 bytes JMP 0000000100120af0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!CloseFigure                     00000000759054af 5 bytes JMP 0000000100120070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!EndPath                         0000000075905506 5 bytes JMP 0000000100120a70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!StrokePath                      000000007590573f 5 bytes JMP 00000001001207b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!FillPath                        00000000759057d2 5 bytes JMP 0000000100120870
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!PolylineTo                      0000000075905c44 5 bytes JMP 00000001001204f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!PolyBezierTo                    0000000075905cd5 5 bytes JMP 00000001001204b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\GDI32.dll!PolyDraw                        0000000075905d87 5 bytes JMP 00000001001208b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!MapWindowPoints                0000000076898c40 5 bytes JMP 0000000100130570
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW       0000000076899ebd 5 bytes JMP 00000001001302b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA       00000000768a0afa 5 bytes JMP 00000001001302f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!GetClientRect                  00000000768a0c62 7 bytes JMP 00000001001305b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!GetParent                      00000000768a0f68 7 bytes JMP 00000001001306f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!IsWindowVisible                00000000768a112d 7 bytes JMP 00000001001306b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!PostMessageW                   00000000768a12a5 5 bytes JMP 00000001001305f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!ScreenToClient                 00000000768a227d 7 bytes JMP 0000000100130670
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!MonitorFromWindow              00000000768a3150 7 bytes JMP 0000000100130630
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!SetCursor                      00000000768a41f6 5 bytes JMP 0000000100130530
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA        00000000768a68ef 5 bytes JMP 0000000100130270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW        00000000768a77fa 5 bytes JMP 0000000100130230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!GetTopWindow                   00000000768a7887 7 bytes JMP 0000000100130730
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable     00000000768a8676 5 bytes JMP 00000001001300f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber     00000000768a8696 5 bytes JMP 0000000100130330
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!CloseClipboard                 00000000768a8e8d 5 bytes JMP 00000001001300b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!OpenClipboard                  00000000768a8ecb 5 bytes JMP 0000000100130070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain           00000000768ac17b 5 bytes JMP 0000000100130430
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats           00000000768ac449 5 bytes JMP 00000001001301b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow         00000000768ac468 5 bytes JMP 00000001001303f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!CountClipboardFormats          00000000768ac486 5 bytes JMP 00000001001301f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!SetClipboardViewer             00000000768ac4b6 5 bytes JMP 00000001001304b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout         00000000768ad6c0 5 bytes JMP 00000001001304f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!GetClipboardOwner              00000000768ae360 5 bytes JMP 0000000100130370
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!SetClipboardData               00000000768d8e57 5 bytes JMP 0000000100130170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!SetCursorPos                   00000000768d9cfd 5 bytes JMP 0000000100130770
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!GetClipboardData               00000000768d9f1d 5 bytes JMP 0000000100130030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!EmptyClipboard                 00000000768f7cb9 5 bytes JMP 0000000100130130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!GetClipboardViewer             00000000768f8111 5 bytes JMP 0000000100130470
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat     00000000768f832f 5 bytes JMP 00000001001303b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer             00000000750e9606 5 bytes JMP 00000001001400f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle         00000000750f0581 5 bytes JMP 0000000100140130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext         00000000750f0bb9 5 bytes JMP 0000000100140270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken             00000000750f0c2e 5 bytes JMP 00000001001401b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA       00000000750f0f2e 5 bytes JMP 0000000100140070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA   00000000750f1096 5 bytes JMP 00000001001400b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\SspiCli.dll!EncryptMessage                00000000750f124e 5 bytes JMP 00000001001401f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\SspiCli.dll!DecryptMessage                00000000750f129d 5 bytes JMP 0000000100140230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA     00000000750f1527 5 bytes JMP 0000000100140030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA    00000000750f1590 5 bytes JMP 0000000100140170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\ole32.dll!OleSetClipboard                 0000000076fa0045 5 bytes JMP 0000000100150030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard           0000000076fa36b2 5 bytes JMP 0000000100150070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\ole32.dll!OleGetClipboard                 0000000076fcfdcd 5 bytes JMP 00000001001500b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000077541465 2 bytes [54, 77]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000775414bb 2 bytes [54, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4972] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                            000000007699549c 5 bytes JMP 00000001000f0800
.text   C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000077541465 2 bytes [54, 77]
.text   C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000775414bb 2 bytes [54, 77]
.text   ...                                                                                                                                       * 2
.text   C:\Program Files (x86)\Internet Explorer\IELowutil.exe[5560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000077541465 2 bytes [54, 77]
.text   C:\Program Files (x86)\Internet Explorer\IELowutil.exe[5560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000775414bb 2 bytes [54, 77]
.text   ...                                                                                                                                       * 2

---- Devices - GMER 2.1 ----

Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                               fffffa8009afc2c0
Device  \Driver\atapi \Device\Ide\IdePort0                                                                                                        fffffa8009afc2c0
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2                                                                                               fffffa8009afc2c0
Device  \Driver\atapi \Device\Ide\IdePort1                                                                                                        fffffa8009afc2c0
Device  \Driver\atapi \Device\Ide\IdePort2                                                                                                        fffffa8009afc2c0
Device  \Driver\atapi \Device\Ide\IdePort3                                                                                                        fffffa8009afc2c0
Device  \Driver\a17q1sr7 \Device\Scsi\a17q1sr71                                                                                                   fffffa800b4882c0
Device  \Driver\a17q1sr7 \Device\Scsi\a17q1sr71Port4Path0Target1Lun0                                                                              fffffa800b4882c0
Device  \Driver\a17q1sr7 \Device\Scsi\a17q1sr71Port4Path0Target0Lun0                                                                              fffffa800b4882c0
Device  \FileSystem\Ntfs \Ntfs                                                                                                                    fffffa8009b012c0
Device  \Driver\usbehci \Device\USBPDO-5                                                                                                          fffffa800b4432c0
Device  \Driver\usbohci \Device\USBFDO-3                                                                                                          fffffa800b4412c0
Device  \Driver\usbohci \Device\USBPDO-1                                                                                                          fffffa800b4412c0
Device  \Driver\cdrom \Device\CdRom0                                                                                                              fffffa800b0f52c0
Device  \Driver\cdrom \Device\CdRom1                                                                                                              fffffa800b0f52c0
Device  \Driver\cdrom \Device\CdRom2                                                                                                              fffffa800b0f52c0
Device  \Driver\usbohci \Device\USBPDO-6                                                                                                          fffffa800b4412c0
Device  \Driver\usbohci \Device\USBFDO-4                                                                                                          fffffa800b4412c0
Device  \Driver\usbehci \Device\USBPDO-2                                                                                                          fffffa800b4432c0
Device  \Driver\usbohci \Device\USBFDO-0                                                                                                          fffffa800b4412c0
Device  \Driver\usbehci \Device\USBFDO-5                                                                                                          fffffa800b4432c0
Device  \Driver\usbohci \Device\USBPDO-3                                                                                                          fffffa800b4412c0
Device  \Driver\usbohci \Device\USBFDO-1                                                                                                          fffffa800b4412c0
Device  \Driver\volmgr \Device\HarddiskVolume1                                                                                                    fffffa8009af72c0
Device  \Driver\volmgr \Device\FtControl                                                                                                          fffffa8009af72c0
Device  \Driver\volmgr \Device\VolMgrControl                                                                                                      fffffa8009af72c0
Device  \Driver\volmgr \Device\HarddiskVolume2                                                                                                    fffffa8009af72c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{C335382D-59A1-40E1-8FAA-946B0AA697DB}                                                                  fffffa800b15a2c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                   fffffa800b15a2c0
Device  \Driver\usbohci \Device\USBFDO-6                                                                                                          fffffa800b4412c0
Device  \Driver\usbohci \Device\USBPDO-4                                                                                                          fffffa800b4412c0
Device  \Driver\usbehci \Device\USBFDO-2                                                                                                          fffffa800b4432c0
Device  \Driver\atapi \Device\ScsiPort0                                                                                                           fffffa8009afc2c0
Device  \Driver\usbohci \Device\USBPDO-0                                                                                                          fffffa800b4412c0
Device  \Driver\atapi \Device\ScsiPort1                                                                                                           fffffa8009afc2c0
Device  \Driver\atapi \Device\ScsiPort2                                                                                                           fffffa8009afc2c0
Device  \Driver\atapi \Device\ScsiPort3                                                                                                           fffffa8009afc2c0
Device  \Driver\a17q1sr7 \Device\ScsiPort4                                                                                                        fffffa800b4882c0

---- Trace I/O - GMER 2.1 ----

Trace   ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8009afc2c0]<< spgc.sys ataport.SYS pciide.sys                              fffffa8009afc2c0
Trace   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800abfe060]                                                                           fffffa800abfe060
Trace   3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8009b5ed10]                                                              fffffa8009b5ed10
Trace   5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800a874060]                                     fffffa800a874060
Trace   \Driver\atapi[0xfffffa8009b59920] -> IRP_MJ_CREATE -> 0xfffffa8009afc2c0                                                                  fffffa8009afc2c0

---- Modules - GMER 2.1 ----

Module  \SystemRoot\System32\Drivers\a17q1sr7.SYS                                                                                                 fffff88004856000-fffff8800489b000 (282624 bytes)

---- Threads - GMER 2.1 ----

Thread   [1368:1388]                                                                                                                              00000000775c3e45
Thread   [1368:1392]                                                                                                                              0000000077157587
Thread   [1368:1420]                                                                                                                              0000000073bcc59c
Thread   [1368:1500]                                                                                                                              0000000073bcc59c
Thread   [1368:1504]                                                                                                                              0000000073bcc59c
Thread   [1368:1508]                                                                                                                              0000000073bcc59c

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                        771343423
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                        285507792
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                       C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                       0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                       0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                    0x61 0x8B 0x8A 0x6B ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                              0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                           0xA0 0xE6 0x00 0x07 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                      0x39 0x36 0xB8 0xD4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                      0xF8 0xF6 0xB8 0xFB ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                      
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                           C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                           0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                           0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                        0x61 0x8B 0x8A 0x6B ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                             
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                  0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                               0xA0 0xE6 0x00 0x07 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                        
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                          0x39 0x36 0xB8 0xD4 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                        
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                          0xF8 0xF6 0xB8 0xFB ...

---- EOF - GMER 2.1 ----

Alt 01.04.2013, 12:45   #14
Chrisman
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


Und leider wegen der Zeichenbeschränkung hier im zweiten Post die anderen loggs:

TDSSKILLER Nr. 2 nach reboot:
Code:
ATTFilter
12:55:36.0189 0784  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:55:36.0405 0784  ============================================================
12:55:36.0405 0784  Current date / time: 2013/04/01 12:55:36.0405
12:55:36.0405 0784  SystemInfo:
12:55:36.0405 0784  
12:55:36.0405 0784  OS Version: 6.1.7601 ServicePack: 1.0
12:55:36.0405 0784  Product type: Workstation
12:55:36.0405 0784  ComputerName: CHRIS-PC
12:55:36.0405 0784  UserName: Chris
12:55:36.0405 0784  Windows directory: C:\Windows
12:55:36.0405 0784  System windows directory: C:\Windows
12:55:36.0405 0784  Running under WOW64
12:55:36.0405 0784  Processor architecture: Intel x64
12:55:36.0405 0784  Number of processors: 4
12:55:36.0405 0784  Page size: 0x1000
12:55:36.0405 0784  Boot type: Normal boot
12:55:36.0405 0784  ============================================================
12:55:37.0281 0784  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:55:37.0286 0784  ============================================================
12:55:37.0286 0784  \Device\Harddisk0\DR0:
12:55:37.0286 0784  MBR partitions:
12:55:37.0286 0784  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:55:37.0286 0784  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
12:55:37.0286 0784  ============================================================
12:55:37.0313 0784  C: <-> \Device\Harddisk0\DR0\Partition2
12:55:37.0313 0784  ============================================================
12:55:37.0313 0784  Initialize success
12:55:37.0313 0784  ============================================================
12:55:47.0423 4220  ============================================================
12:55:47.0423 4220  Scan started
12:55:47.0423 4220  Mode: Manual; SigCheck; TDLFS; 
12:55:47.0423 4220  ============================================================
12:55:48.0021 4220  ================ Scan system memory ========================
12:55:48.0021 4220  System memory - ok
12:55:48.0021 4220  ================ Scan services =============================
12:55:48.0118 4220  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
12:55:48.0155 4220  1394ohci - ok
12:55:48.0165 4220  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:55:48.0178 4220  ACPI - ok
12:55:48.0188 4220  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:55:48.0198 4220  AcpiPmi - ok
12:55:48.0270 4220  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:55:48.0279 4220  AdobeARMservice - ok
12:55:48.0387 4220  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:55:48.0397 4220  AdobeFlashPlayerUpdateSvc - ok
12:55:48.0427 4220  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:55:48.0442 4220  adp94xx - ok
12:55:48.0462 4220  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:55:48.0475 4220  adpahci - ok
12:55:48.0489 4220  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:55:48.0498 4220  adpu320 - ok
12:55:48.0524 4220  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:55:48.0550 4220  AeLookupSvc - ok
12:55:48.0601 4220  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:55:48.0615 4220  AFD - ok
12:55:48.0632 4220  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:55:48.0641 4220  agp440 - ok
12:55:48.0650 4220  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:55:48.0660 4220  ALG - ok
12:55:48.0681 4220  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:55:48.0689 4220  aliide - ok
12:55:48.0714 4220  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:55:48.0727 4220  AMD External Events Utility - ok
12:55:48.0779 4220  AMD FUEL Service - ok
12:55:48.0793 4220  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:55:48.0802 4220  amdide - ok
12:55:48.0819 4220  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
12:55:48.0830 4220  amdiox64 - ok
12:55:48.0854 4220  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:55:48.0864 4220  AmdK8 - ok
12:55:49.0015 4220  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:55:49.0204 4220  amdkmdag - ok
12:55:49.0221 4220  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:55:49.0234 4220  amdkmdap - ok
12:55:49.0259 4220  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:55:49.0268 4220  AmdPPM - ok
12:55:49.0295 4220  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:55:49.0304 4220  amdsata - ok
12:55:49.0320 4220  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:55:49.0330 4220  amdsbs - ok
12:55:49.0343 4220  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:55:49.0352 4220  amdxata - ok
12:55:49.0412 4220  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:55:49.0420 4220  AntiVirSchedulerService - ok
12:55:49.0428 4220  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:55:49.0435 4220  AntiVirService - ok
12:55:49.0462 4220  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:55:49.0470 4220  AODDriver4.01 - ok
12:55:49.0486 4220  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:55:49.0493 4220  AODDriver4.2 - ok
12:55:49.0514 4220  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:55:49.0539 4220  AppID - ok
12:55:49.0559 4220  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:55:49.0585 4220  AppIDSvc - ok
12:55:49.0609 4220  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
12:55:49.0633 4220  Appinfo - ok
12:55:49.0694 4220  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:55:49.0703 4220  AppMgmt - ok
12:55:49.0715 4220  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
12:55:49.0724 4220  arc - ok
12:55:49.0742 4220  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:55:49.0751 4220  arcsas - ok
12:55:49.0794 4220  aspnet_state - ok
12:55:49.0812 4220  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:55:49.0838 4220  AsyncMac - ok
12:55:49.0868 4220  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:55:49.0876 4220  atapi - ok
12:55:49.0921 4220  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:55:49.0929 4220  AtiHDAudioService - ok
12:55:50.0089 4220  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:55:50.0190 4220  atikmdag - ok
12:55:50.0228 4220  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:55:50.0258 4220  AudioEndpointBuilder - ok
12:55:50.0267 4220  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:55:50.0296 4220  AudioSrv - ok
12:55:50.0319 4220  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:55:50.0327 4220  avgntflt - ok
12:55:50.0335 4220  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:55:50.0344 4220  avipbb - ok
12:55:50.0353 4220  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:55:50.0360 4220  avkmgr - ok
12:55:50.0387 4220  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:55:50.0400 4220  AxInstSV - ok
12:55:50.0439 4220  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:55:50.0451 4220  b06bdrv - ok
12:55:50.0481 4220  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:55:50.0492 4220  b57nd60a - ok
12:55:50.0505 4220  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:55:50.0514 4220  BDESVC - ok
12:55:50.0539 4220  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:55:50.0565 4220  Beep - ok
12:55:50.0580 4220  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:55:50.0612 4220  BFE - ok
12:55:50.0639 4220  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
12:55:50.0673 4220  BITS - ok
12:55:50.0694 4220  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:55:50.0703 4220  blbdrive - ok
12:55:50.0714 4220  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:55:50.0722 4220  bowser - ok
12:55:50.0785 4220  BRDriver64 - ok
12:55:50.0803 4220  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:55:50.0814 4220  BrFiltLo - ok
12:55:50.0817 4220  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:55:50.0827 4220  BrFiltUp - ok
12:55:50.0857 4220  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:55:50.0884 4220  BridgeMP - ok
12:55:50.0914 4220  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:55:50.0924 4220  Browser - ok
12:55:50.0939 4220  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:55:50.0949 4220  Brserid - ok
12:55:50.0961 4220  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:55:50.0971 4220  BrSerWdm - ok
12:55:51.0035 4220  [ A26AB8E6852D72CE129C3C3A61A21FEA ] BRSptSvc        C:\programdata\bitraider\BRSptSvc.exe
12:55:51.0053 4220  BRSptSvc - ok
12:55:51.0075 4220  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:55:51.0085 4220  BrUsbMdm - ok
12:55:51.0089 4220  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:55:51.0098 4220  BrUsbSer - ok
12:55:51.0204 4220  [ 173BBAE8027339608CBD5C5369BCDDDD ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
12:55:51.0217 4220  BstHdAndroidSvc - ok
12:55:51.0309 4220  [ 6EE2AB13C21AFE72E8622304CFAF97B5 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
12:55:51.0317 4220  BstHdDrv - ok
12:55:51.0406 4220  [ D9BD54860A00FE88B660D26E66EB075A ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
12:55:51.0418 4220  BstHdLogRotatorSvc - ok
12:55:51.0440 4220  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:55:51.0451 4220  BTHMODEM - ok
12:55:51.0495 4220  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:55:51.0521 4220  bthserv - ok
12:55:51.0533 4220  catchme - ok
12:55:51.0550 4220  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:55:51.0578 4220  cdfs - ok
12:55:51.0611 4220  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:55:51.0621 4220  cdrom - ok
12:55:51.0650 4220  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:55:51.0675 4220  CertPropSvc - ok
12:55:51.0686 4220  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
12:55:51.0696 4220  circlass - ok
12:55:51.0715 4220  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:55:51.0728 4220  CLFS - ok
12:55:51.0751 4220  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:55:51.0760 4220  clr_optimization_v2.0.50727_32 - ok
12:55:51.0795 4220  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:55:51.0803 4220  clr_optimization_v2.0.50727_64 - ok
12:55:51.0846 4220  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:55:51.0855 4220  clr_optimization_v4.0.30319_32 - ok
12:55:51.0889 4220  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:55:51.0908 4220  clr_optimization_v4.0.30319_64 - ok
12:55:51.0931 4220  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:55:51.0939 4220  CmBatt - ok
12:55:51.0949 4220  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:55:51.0957 4220  cmdide - ok
12:55:51.0998 4220  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
12:55:52.0018 4220  CNG - ok
12:55:52.0029 4220  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:55:52.0038 4220  Compbatt - ok
12:55:52.0056 4220  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:55:52.0066 4220  CompositeBus - ok
12:55:52.0072 4220  COMSysApp - ok
12:55:52.0081 4220  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:55:52.0089 4220  crcdisk - ok
12:55:52.0138 4220  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:55:52.0148 4220  CryptSvc - ok
12:55:52.0166 4220  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
12:55:52.0180 4220  CSC - ok
12:55:52.0197 4220  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
12:55:52.0213 4220  CscService - ok
12:55:52.0364 4220  [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc    C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
12:55:52.0371 4220  DAUpdaterSvc - ok
12:55:52.0407 4220  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:55:52.0438 4220  DcomLaunch - ok
12:55:52.0477 4220  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:55:52.0505 4220  defragsvc - ok
12:55:52.0513 4220  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:55:52.0538 4220  DfsC - ok
12:55:52.0574 4220  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:55:52.0582 4220  dg_ssudbus - ok
12:55:52.0599 4220  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:55:52.0610 4220  Dhcp - ok
12:55:52.0633 4220  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:55:52.0659 4220  discache - ok
12:55:52.0673 4220  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
12:55:52.0682 4220  Disk - ok
12:55:52.0708 4220  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
12:55:52.0717 4220  dmvsc - ok
12:55:52.0739 4220  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:55:52.0748 4220  Dnscache - ok
12:55:52.0766 4220  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:55:52.0793 4220  dot3svc - ok
12:55:52.0813 4220  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:55:52.0839 4220  DPS - ok
12:55:52.0860 4220  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:55:52.0870 4220  drmkaud - ok
12:55:52.0901 4220  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:55:52.0919 4220  DXGKrnl - ok
12:55:52.0931 4220  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:55:52.0958 4220  EapHost - ok
12:55:53.0015 4220  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:55:53.0077 4220  ebdrv - ok
12:55:53.0099 4220  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:55:53.0108 4220  EFS - ok
12:55:53.0143 4220  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:55:53.0159 4220  ehRecvr - ok
12:55:53.0175 4220  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:55:53.0185 4220  ehSched - ok
12:55:53.0214 4220  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:55:53.0229 4220  elxstor - ok
12:55:53.0244 4220  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:55:53.0253 4220  ErrDev - ok
12:55:53.0289 4220  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:55:53.0318 4220  EventSystem - ok
12:55:53.0349 4220  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:55:53.0377 4220  exfat - ok
12:55:53.0390 4220  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:55:53.0417 4220  fastfat - ok
12:55:53.0436 4220  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:55:53.0452 4220  Fax - ok
12:55:53.0460 4220  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:55:53.0469 4220  fdc - ok
12:55:53.0478 4220  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:55:53.0504 4220  fdPHost - ok
12:55:53.0517 4220  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:55:53.0543 4220  FDResPub - ok
12:55:53.0550 4220  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:55:53.0559 4220  FileInfo - ok
12:55:53.0567 4220  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:55:53.0592 4220  Filetrace - ok
12:55:53.0601 4220  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:55:53.0610 4220  flpydisk - ok
12:55:53.0637 4220  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:55:53.0648 4220  FltMgr - ok
12:55:53.0698 4220  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
12:55:53.0720 4220  FontCache - ok
12:55:53.0758 4220  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:55:53.0766 4220  FontCache3.0.0.0 - ok
12:55:53.0775 4220  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:55:53.0784 4220  FsDepends - ok
12:55:53.0816 4220  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:55:53.0824 4220  Fs_Rec - ok
12:55:53.0844 4220  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:55:53.0857 4220  fvevol - ok
12:55:53.0878 4220  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:55:53.0886 4220  gagp30kx - ok
12:55:53.0920 4220  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:55:53.0953 4220  gpsvc - ok
12:55:53.0968 4220  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:55:53.0976 4220  hcw85cir - ok
12:55:54.0021 4220  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:55:54.0034 4220  HdAudAddService - ok
12:55:54.0056 4220  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:55:54.0067 4220  HDAudBus - ok
12:55:54.0082 4220  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:55:54.0090 4220  HidBatt - ok
12:55:54.0101 4220  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:55:54.0112 4220  HidBth - ok
12:55:54.0121 4220  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:55:54.0132 4220  HidIr - ok
12:55:54.0151 4220  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
12:55:54.0178 4220  hidserv - ok
12:55:54.0205 4220  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:55:54.0213 4220  HidUsb - ok
12:55:54.0226 4220  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:55:54.0252 4220  hkmsvc - ok
12:55:54.0269 4220  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:55:54.0280 4220  HomeGroupListener - ok
12:55:54.0302 4220  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:55:54.0312 4220  HomeGroupProvider - ok
12:55:54.0322 4220  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:55:54.0331 4220  HpSAMD - ok
12:55:54.0346 4220  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:55:54.0379 4220  HTTP - ok
12:55:54.0392 4220  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:55:54.0401 4220  hwpolicy - ok
12:55:54.0412 4220  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:55:54.0420 4220  i8042prt - ok
12:55:54.0449 4220  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:55:54.0463 4220  iaStorV - ok
12:55:54.0499 4220  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:55:54.0518 4220  idsvc - ok
12:55:54.0528 4220  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:55:54.0536 4220  iirsp - ok
12:55:54.0565 4220  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:55:54.0599 4220  IKEEXT - ok
12:55:54.0616 4220  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:55:54.0624 4220  intelide - ok
12:55:54.0645 4220  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
12:55:54.0654 4220  intelppm - ok
12:55:54.0675 4220  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:55:54.0702 4220  IPBusEnum - ok
12:55:54.0716 4220  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:55:54.0741 4220  IpFilterDriver - ok
12:55:54.0783 4220  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:55:54.0797 4220  iphlpsvc - ok
12:55:54.0811 4220  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:55:54.0820 4220  IPMIDRV - ok
12:55:54.0836 4220  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:55:54.0862 4220  IPNAT - ok
12:55:54.0887 4220  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:55:54.0899 4220  IRENUM - ok
12:55:54.0910 4220  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:55:54.0918 4220  isapnp - ok
12:55:54.0932 4220  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:55:54.0943 4220  iScsiPrt - ok
12:55:54.0958 4220  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:55:54.0967 4220  kbdclass - ok
12:55:54.0988 4220  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:55:54.0997 4220  kbdhid - ok
12:55:55.0013 4220  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:55:55.0022 4220  KeyIso - ok
12:55:55.0050 4220  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:55:55.0060 4220  KSecDD - ok
12:55:55.0095 4220  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:55:55.0105 4220  KSecPkg - ok
12:55:55.0117 4220  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:55:55.0143 4220  ksthunk - ok
12:55:55.0161 4220  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:55:55.0191 4220  KtmRm - ok
12:55:55.0220 4220  [ B8E670D7EF61615FA03104552854FAC9 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
12:55:55.0227 4220  L1E - ok
12:55:55.0265 4220  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:55:55.0292 4220  LanmanServer - ok
12:55:55.0304 4220  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:55:55.0330 4220  LanmanWorkstation - ok
12:55:55.0405 4220  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:55:55.0417 4220  LBTServ - ok
12:55:55.0442 4220  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
12:55:55.0449 4220  LGBusEnum - ok
12:55:55.0464 4220  [ F705A641C18DF31B48B5DBDA94B425E4 ] LGPBTDD         C:\Windows\system32\Drivers\LGPBTDD.sys
12:55:55.0471 4220  LGPBTDD - ok
12:55:55.0494 4220  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
12:55:55.0501 4220  LGVirHid - ok
12:55:55.0521 4220  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:55:55.0529 4220  LHidFilt - ok
12:55:55.0558 4220  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:55:55.0584 4220  lltdio - ok
12:55:55.0600 4220  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:55:55.0629 4220  lltdsvc - ok
12:55:55.0638 4220  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:55:55.0664 4220  lmhosts - ok
12:55:55.0676 4220  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:55:55.0685 4220  LMouFilt - ok
12:55:55.0715 4220  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:55:55.0725 4220  LSI_FC - ok
12:55:55.0734 4220  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:55:55.0744 4220  LSI_SAS - ok
12:55:55.0754 4220  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:55:55.0763 4220  LSI_SAS2 - ok
12:55:55.0772 4220  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:55:55.0781 4220  LSI_SCSI - ok
12:55:55.0803 4220  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:55:55.0830 4220  luafv - ok
12:55:55.0874 4220  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:55:55.0881 4220  MBAMProtector - ok
12:55:55.0925 4220  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:55:55.0935 4220  MBAMScheduler - ok
12:55:55.0967 4220  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:55:55.0980 4220  MBAMService - ok
12:55:56.0071 4220  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
12:55:56.0081 4220  McComponentHostService - ok
12:55:56.0106 4220  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:55:56.0116 4220  Mcx2Svc - ok
12:55:56.0139 4220  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:55:56.0148 4220  megasas - ok
12:55:56.0166 4220  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:55:56.0178 4220  MegaSR - ok
12:55:56.0211 4220  [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
12:55:56.0218 4220  MemeoBackgroundService - ok
12:55:56.0255 4220  Microsoft SharePoint Workspace Audit Service - ok
12:55:56.0274 4220  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:55:56.0300 4220  MMCSS - ok
12:55:56.0335 4220  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:55:56.0360 4220  Modem - ok
12:55:56.0392 4220  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:55:56.0402 4220  monitor - ok
12:55:56.0461 4220  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:55:56.0470 4220  mouclass - ok
12:55:56.0482 4220  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:55:56.0491 4220  mouhid - ok
12:55:56.0514 4220  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:55:56.0523 4220  mountmgr - ok
12:55:56.0565 4220  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:55:56.0574 4220  MozillaMaintenance - ok
12:55:56.0587 4220  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:55:56.0596 4220  mpio - ok
12:55:56.0612 4220  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:55:56.0638 4220  mpsdrv - ok
12:55:56.0671 4220  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:55:56.0704 4220  MpsSvc - ok
12:55:56.0722 4220  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:55:56.0735 4220  MRxDAV - ok
12:55:56.0760 4220  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:55:56.0769 4220  mrxsmb - ok
12:55:56.0795 4220  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:55:56.0806 4220  mrxsmb10 - ok
12:55:56.0820 4220  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:55:56.0829 4220  mrxsmb20 - ok
12:55:56.0846 4220  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:55:56.0854 4220  msahci - ok
12:55:56.0870 4220  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:55:56.0880 4220  msdsm - ok
12:55:56.0895 4220  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:55:56.0906 4220  MSDTC - ok
12:55:56.0930 4220  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:55:56.0956 4220  Msfs - ok
12:55:56.0969 4220  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:55:56.0994 4220  mshidkmdf - ok
12:55:57.0005 4220  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:55:57.0013 4220  msisadrv - ok
12:55:57.0040 4220  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:55:57.0067 4220  MSiSCSI - ok
12:55:57.0070 4220  msiserver - ok
12:55:57.0092 4220  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:55:57.0117 4220  MSKSSRV - ok
12:55:57.0120 4220  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:55:57.0146 4220  MSPCLOCK - ok
12:55:57.0149 4220  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:55:57.0175 4220  MSPQM - ok
12:55:57.0191 4220  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:55:57.0204 4220  MsRPC - ok
12:55:57.0216 4220  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:55:57.0225 4220  mssmbios - ok
12:55:57.0228 4220  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:55:57.0254 4220  MSTEE - ok
12:55:57.0257 4220  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:55:57.0266 4220  MTConfig - ok
12:55:57.0291 4220  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
12:55:57.0298 4220  MTsensor - ok
12:55:57.0308 4220  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:55:57.0316 4220  Mup - ok
12:55:57.0345 4220  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:55:57.0375 4220  napagent - ok
12:55:57.0404 4220  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:55:57.0419 4220  NativeWifiP - ok
12:55:57.0469 4220  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:55:57.0490 4220  NDIS - ok
12:55:57.0505 4220  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:55:57.0531 4220  NdisCap - ok
12:55:57.0545 4220  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:55:57.0571 4220  NdisTapi - ok
12:55:57.0582 4220  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:55:57.0607 4220  Ndisuio - ok
12:55:57.0617 4220  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:55:57.0643 4220  NdisWan - ok
12:55:57.0653 4220  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:55:57.0678 4220  NDProxy - ok
12:55:57.0687 4220  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:55:57.0712 4220  NetBIOS - ok
12:55:57.0727 4220  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:55:57.0753 4220  NetBT - ok
12:55:57.0768 4220  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:55:57.0777 4220  Netlogon - ok
12:55:57.0799 4220  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:55:57.0828 4220  Netman - ok
12:55:57.0855 4220  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:55:57.0884 4220  netprofm - ok
12:55:57.0903 4220  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:55:57.0911 4220  NetTcpPortSharing - ok
12:55:57.0935 4220  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:55:57.0943 4220  nfrd960 - ok
12:55:57.0964 4220  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:55:57.0976 4220  NlaSvc - ok
12:55:57.0981 4220  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:55:58.0008 4220  Npfs - ok
12:55:58.0025 4220  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:55:58.0052 4220  nsi - ok
12:55:58.0059 4220  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:55:58.0085 4220  nsiproxy - ok
12:55:58.0138 4220  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:55:58.0182 4220  Ntfs - ok
12:55:58.0191 4220  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:55:58.0217 4220  Null - ok
12:55:58.0231 4220  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:55:58.0241 4220  nvraid - ok
12:55:58.0269 4220  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:55:58.0279 4220  nvstor - ok
12:55:58.0293 4220  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:55:58.0302 4220  nv_agp - ok
12:55:58.0311 4220  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:55:58.0320 4220  ohci1394 - ok
12:55:58.0392 4220  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:55:58.0400 4220  ose - ok
12:55:58.0496 4220  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:55:58.0597 4220  osppsvc - ok
12:55:58.0617 4220  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:55:58.0629 4220  p2pimsvc - ok
12:55:58.0644 4220  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:55:58.0657 4220  p2psvc - ok
12:55:58.0674 4220  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
12:55:58.0683 4220  Parport - ok
12:55:58.0721 4220  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:55:58.0730 4220  partmgr - ok
12:55:58.0744 4220  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:55:58.0758 4220  PcaSvc - ok
12:55:58.0770 4220  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:55:58.0780 4220  pci - ok
12:55:58.0786 4220  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:55:58.0794 4220  pciide - ok
12:55:58.0808 4220  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:55:58.0819 4220  pcmcia - ok
12:55:58.0832 4220  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:55:58.0841 4220  pcw - ok
12:55:58.0870 4220  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:55:58.0902 4220  PEAUTH - ok
12:55:58.0937 4220  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:55:58.0967 4220  PeerDistSvc - ok
12:55:59.0012 4220  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:55:59.0022 4220  PerfHost - ok
12:55:59.0068 4220  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:55:59.0121 4220  pla - ok
12:55:59.0151 4220  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:55:59.0164 4220  PlugPlay - ok
12:55:59.0192 4220  PnkBstrA - ok
12:55:59.0201 4220  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:55:59.0210 4220  PNRPAutoReg - ok
12:55:59.0225 4220  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:55:59.0236 4220  PNRPsvc - ok
12:55:59.0259 4220  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:55:59.0289 4220  PolicyAgent - ok
12:55:59.0317 4220  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:55:59.0344 4220  Power - ok
12:55:59.0364 4220  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:55:59.0390 4220  PptpMiniport - ok
12:55:59.0401 4220  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
12:55:59.0410 4220  Processor - ok
12:55:59.0443 4220  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:55:59.0454 4220  ProfSvc - ok
12:55:59.0467 4220  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:55:59.0475 4220  ProtectedStorage - ok
12:55:59.0486 4220  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:55:59.0512 4220  Psched - ok
12:55:59.0546 4220  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:55:59.0589 4220  ql2300 - ok
12:55:59.0599 4220  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:55:59.0608 4220  ql40xx - ok
12:55:59.0632 4220  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:55:59.0647 4220  QWAVE - ok
12:55:59.0663 4220  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:55:59.0675 4220  QWAVEdrv - ok
12:55:59.0682 4220  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:55:59.0708 4220  RasAcd - ok
12:55:59.0734 4220  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:55:59.0760 4220  RasAgileVpn - ok
12:55:59.0772 4220  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:55:59.0799 4220  RasAuto - ok
12:55:59.0813 4220  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:55:59.0838 4220  Rasl2tp - ok
12:55:59.0848 4220  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:55:59.0877 4220  RasMan - ok
12:55:59.0888 4220  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:55:59.0914 4220  RasPppoe - ok
12:55:59.0931 4220  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:55:59.0957 4220  RasSstp - ok
12:55:59.0972 4220  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:55:59.0999 4220  rdbss - ok
12:56:00.0006 4220  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:56:00.0017 4220  rdpbus - ok
12:56:00.0022 4220  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:56:00.0047 4220  RDPCDD - ok
12:56:00.0076 4220  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:56:00.0084 4220  RDPDR - ok
12:56:00.0102 4220  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:56:00.0127 4220  RDPENCDD - ok
12:56:00.0134 4220  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:56:00.0159 4220  RDPREFMP - ok
12:56:00.0204 4220  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:56:00.0212 4220  RdpVideoMiniport - ok
12:56:00.0244 4220  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:56:00.0254 4220  RDPWD - ok
12:56:00.0271 4220  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:56:00.0281 4220  rdyboost - ok
12:56:00.0307 4220  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:56:00.0334 4220  RemoteAccess - ok
12:56:00.0349 4220  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:56:00.0377 4220  RemoteRegistry - ok
12:56:00.0385 4220  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:56:00.0411 4220  RpcEptMapper - ok
12:56:00.0424 4220  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:56:00.0433 4220  RpcLocator - ok
12:56:00.0457 4220  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:56:00.0487 4220  RpcSs - ok
12:56:00.0508 4220  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:56:00.0534 4220  rspndr - ok
12:56:00.0556 4220  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:56:00.0564 4220  s3cap - ok
12:56:00.0582 4220  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:56:00.0591 4220  SamSs - ok
12:56:00.0605 4220  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:56:00.0614 4220  sbp2port - ok
12:56:00.0630 4220  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:56:00.0657 4220  SCardSvr - ok
12:56:00.0665 4220  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:56:00.0689 4220  scfilter - ok
12:56:00.0716 4220  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:56:00.0751 4220  Schedule - ok
12:56:00.0766 4220  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:56:00.0791 4220  SCPolicySvc - ok
12:56:00.0802 4220  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:56:00.0812 4220  SDRSVC - ok
12:56:00.0821 4220  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:56:00.0846 4220  secdrv - ok
12:56:00.0856 4220  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:56:00.0881 4220  seclogon - ok
12:56:00.0892 4220  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
12:56:00.0919 4220  SENS - ok
12:56:00.0934 4220  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:56:00.0943 4220  SensrSvc - ok
12:56:00.0960 4220  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:56:00.0968 4220  Serenum - ok
12:56:00.0976 4220  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:56:00.0985 4220  Serial - ok
12:56:01.0012 4220  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:56:01.0021 4220  sermouse - ok
12:56:01.0035 4220  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:56:01.0060 4220  SessionEnv - ok
12:56:01.0073 4220  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:56:01.0083 4220  sffdisk - ok
12:56:01.0086 4220  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:56:01.0096 4220  sffp_mmc - ok
12:56:01.0100 4220  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:56:01.0110 4220  sffp_sd - ok
12:56:01.0113 4220  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:56:01.0121 4220  sfloppy - ok
12:56:01.0149 4220  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:56:01.0178 4220  SharedAccess - ok
12:56:01.0193 4220  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:56:01.0221 4220  ShellHWDetection - ok
12:56:01.0238 4220  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:56:01.0246 4220  SiSRaid2 - ok
12:56:01.0257 4220  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:56:01.0266 4220  SiSRaid4 - ok
12:56:01.0387 4220  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:56:01.0452 4220  Skype C2C Service - ok
12:56:01.0500 4220  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:56:01.0509 4220  SkypeUpdate - ok
12:56:01.0529 4220  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:56:01.0555 4220  Smb - ok
12:56:01.0590 4220  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:56:01.0600 4220  SNMPTRAP - ok
12:56:01.0605 4220  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:56:01.0613 4220  spldr - ok
12:56:01.0655 4220  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:56:01.0668 4220  Spooler - ok
12:56:01.0719 4220  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:56:01.0796 4220  sppsvc - ok
12:56:01.0809 4220  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:56:01.0835 4220  sppuinotify - ok
12:56:01.0872 4220  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
12:56:01.0872 4220  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
12:56:01.0874 4220  sptd ( LockedFile.Multi.Generic ) - warning
12:56:01.0874 4220  sptd - detected LockedFile.Multi.Generic (1)
12:56:01.0897 4220  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:56:01.0910 4220  srv - ok
12:56:01.0927 4220  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:56:01.0938 4220  srv2 - ok
12:56:01.0949 4220  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:56:01.0958 4220  srvnet - ok
12:56:01.0988 4220  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:56:02.0016 4220  SSDPSRV - ok
12:56:02.0025 4220  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:56:02.0052 4220  SstpSvc - ok
12:56:02.0093 4220  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:56:02.0102 4220  ssudmdm - ok
12:56:02.0109 4220  Steam Client Service - ok
12:56:02.0120 4220  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:56:02.0128 4220  stexstor - ok
12:56:02.0157 4220  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:56:02.0176 4220  stisvc - ok
12:56:02.0187 4220  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:56:02.0196 4220  storflt - ok
12:56:02.0213 4220  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
12:56:02.0221 4220  StorSvc - ok
12:56:02.0242 4220  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:56:02.0251 4220  storvsc - ok
12:56:02.0265 4220  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:56:02.0273 4220  swenum - ok
12:56:02.0296 4220  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:56:02.0328 4220  swprv - ok
12:56:02.0356 4220  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:56:02.0400 4220  SysMain - ok
12:56:02.0416 4220  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:56:02.0429 4220  TabletInputService - ok
12:56:02.0442 4220  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:56:02.0470 4220  TapiSrv - ok
12:56:02.0482 4220  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:56:02.0509 4220  TBS - ok
12:56:02.0567 4220  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:56:02.0612 4220  Tcpip - ok
12:56:02.0650 4220  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:56:02.0679 4220  TCPIP6 - ok
12:56:02.0713 4220  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:56:02.0721 4220  tcpipreg - ok
12:56:02.0739 4220  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:56:02.0747 4220  TDPIPE - ok
12:56:02.0779 4220  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:56:02.0787 4220  TDTCP - ok
12:56:02.0799 4220  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:56:02.0823 4220  tdx - ok
12:56:02.0911 4220  [ 33966A658FF37E0C65D46E59F37E2380 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
12:56:02.0950 4220  TeamViewer7 - ok
12:56:02.0971 4220  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:56:02.0980 4220  TermDD - ok
12:56:03.0010 4220  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:56:03.0043 4220  TermService - ok
12:56:03.0074 4220  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:56:03.0087 4220  Themes - ok
12:56:03.0099 4220  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:56:03.0126 4220  THREADORDER - ok
12:56:03.0138 4220  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:56:03.0165 4220  TrkWks - ok
12:56:03.0195 4220  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:56:03.0221 4220  TrustedInstaller - ok
12:56:03.0241 4220  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:56:03.0265 4220  tssecsrv - ok
12:56:03.0312 4220  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:56:03.0321 4220  TsUsbFlt - ok
12:56:03.0334 4220  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:56:03.0342 4220  TsUsbGD - ok
12:56:03.0369 4220  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:56:03.0393 4220  tunnel - ok
12:56:03.0405 4220  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:56:03.0414 4220  uagp35 - ok
12:56:03.0427 4220  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:56:03.0454 4220  udfs - ok
12:56:03.0474 4220  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:56:03.0484 4220  UI0Detect - ok
12:56:03.0495 4220  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:56:03.0504 4220  uliagpkx - ok
12:56:03.0511 4220  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:56:03.0519 4220  umbus - ok
12:56:03.0533 4220  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:56:03.0541 4220  UmPass - ok
12:56:03.0560 4220  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
12:56:03.0571 4220  UmRdpService - ok
12:56:03.0590 4220  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:56:03.0620 4220  upnphost - ok
12:56:03.0645 4220  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:56:03.0653 4220  usbccgp - ok
12:56:03.0673 4220  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:56:03.0684 4220  usbcir - ok
12:56:03.0699 4220  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:56:03.0707 4220  usbehci - ok
12:56:03.0732 4220  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:56:03.0743 4220  usbhub - ok
12:56:03.0755 4220  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:56:03.0763 4220  usbohci - ok
12:56:03.0782 4220  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:56:03.0792 4220  usbprint - ok
12:56:03.0814 4220  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:56:03.0824 4220  usbscan - ok
12:56:03.0833 4220  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:56:03.0842 4220  USBSTOR - ok
12:56:03.0850 4220  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:56:03.0858 4220  usbuhci - ok
12:56:03.0884 4220  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:56:03.0910 4220  UxSms - ok
12:56:03.0920 4220  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:56:03.0928 4220  VaultSvc - ok
12:56:03.0945 4220  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:56:03.0954 4220  vdrvroot - ok
12:56:03.0980 4220  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:56:04.0011 4220  vds - ok
12:56:04.0017 4220  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:56:04.0027 4220  vga - ok
12:56:04.0036 4220  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:56:04.0061 4220  VgaSave - ok
12:56:04.0076 4220  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:56:04.0086 4220  vhdmp - ok
12:56:04.0102 4220  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:56:04.0110 4220  viaide - ok
12:56:04.0126 4220  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:56:04.0137 4220  vmbus - ok
12:56:04.0147 4220  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:56:04.0155 4220  VMBusHID - ok
12:56:04.0170 4220  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:56:04.0180 4220  volmgr - ok
12:56:04.0214 4220  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:56:04.0232 4220  volmgrx - ok
12:56:04.0257 4220  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:56:04.0269 4220  volsnap - ok
12:56:04.0303 4220  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:56:04.0313 4220  vsmraid - ok
12:56:04.0397 4220  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:56:04.0451 4220  VSS - ok
12:56:04.0480 4220  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:56:04.0490 4220  vwifibus - ok
12:56:04.0542 4220  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:56:04.0575 4220  W32Time - ok
12:56:04.0592 4220  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:56:04.0601 4220  WacomPen - ok
12:56:04.0620 4220  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:56:04.0645 4220  WANARP - ok
12:56:04.0657 4220  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:56:04.0683 4220  Wanarpv6 - ok
12:56:04.0719 4220  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:56:04.0757 4220  wbengine - ok
12:56:04.0771 4220  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:56:04.0785 4220  WbioSrvc - ok
12:56:04.0797 4220  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:56:04.0813 4220  wcncsvc - ok
12:56:04.0827 4220  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:56:04.0836 4220  WcsPlugInService - ok
12:56:04.0853 4220  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
12:56:04.0861 4220  Wd - ok
12:56:04.0905 4220  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:56:04.0926 4220  Wdf01000 - ok
12:56:04.0941 4220  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:56:04.0955 4220  WdiServiceHost - ok
12:56:04.0958 4220  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:56:04.0972 4220  WdiSystemHost - ok
12:56:04.0989 4220  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:56:05.0004 4220  WebClient - ok
12:56:05.0015 4220  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:56:05.0043 4220  Wecsvc - ok
12:56:05.0054 4220  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:56:05.0080 4220  wercplsupport - ok
12:56:05.0095 4220  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:56:05.0122 4220  WerSvc - ok
12:56:05.0141 4220  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:56:05.0166 4220  WfpLwf - ok
12:56:05.0176 4220  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:56:05.0185 4220  WIMMount - ok
12:56:05.0197 4220  WinDefend - ok
12:56:05.0201 4220  WinHttpAutoProxySvc - ok
12:56:05.0254 4220  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:56:05.0281 4220  Winmgmt - ok
12:56:05.0321 4220  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:56:05.0379 4220  WinRM - ok
12:56:05.0424 4220  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:56:05.0434 4220  WinUsb - ok
12:56:05.0453 4220  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:56:05.0475 4220  Wlansvc - ok
12:56:05.0584 4220  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:56:05.0635 4220  wlidsvc - ok
12:56:05.0655 4220  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:56:05.0664 4220  WmiAcpi - ok
12:56:05.0689 4220  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:56:05.0700 4220  wmiApSrv - ok
12:56:05.0728 4220  WMPNetworkSvc - ok
12:56:05.0751 4220  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:56:05.0760 4220  WPCSvc - ok
12:56:05.0776 4220  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:56:05.0787 4220  WPDBusEnum - ok
12:56:05.0802 4220  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:56:05.0827 4220  ws2ifsl - ok
12:56:05.0839 4220  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
12:56:05.0853 4220  wscsvc - ok
12:56:05.0855 4220  WSearch - ok
12:56:05.0921 4220  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:56:05.0979 4220  wuauserv - ok
12:56:06.0014 4220  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:56:06.0022 4220  WudfPf - ok
12:56:06.0043 4220  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:56:06.0053 4220  WUDFRd - ok
12:56:06.0063 4220  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:56:06.0072 4220  wudfsvc - ok
12:56:06.0087 4220  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:56:06.0102 4220  WwanSvc - ok
12:56:06.0155 4220  X6va011 - ok
12:56:06.0166 4220  ================ Scan global ===============================
12:56:06.0183 4220  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:56:06.0230 4220  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:56:06.0235 4220  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:56:06.0258 4220  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:56:06.0272 4220  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:56:06.0274 4220  [Global] - ok
12:56:06.0275 4220  ================ Scan MBR ==================================
12:56:06.0283 4220  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:56:06.0514 4220  \Device\Harddisk0\DR0 - ok
12:56:06.0514 4220  ================ Scan VBR ==================================
12:56:06.0539 4220  [ 558B38A28B86203AFC18D2D1E882F66E ] \Device\Harddisk0\DR0\Partition1
12:56:06.0541 4220  \Device\Harddisk0\DR0\Partition1 - ok
12:56:06.0560 4220  [ F875E74C215660D7658A9CD9073FEA34 ] \Device\Harddisk0\DR0\Partition2
12:56:06.0561 4220  \Device\Harddisk0\DR0\Partition2 - ok
12:56:06.0562 4220  ============================================================
12:56:06.0562 4220  Scan finished
12:56:06.0562 4220  ============================================================
12:56:06.0568 4988  Detected object count: 1
12:56:06.0568 4988  Actual detected object count: 1
12:56:12.0926 4988  sptd ( LockedFile.Multi.Generic ) - skipped by user
12:56:12.0926 4988  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
12:56:24.0798 6032  Deinitialize success

und der aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-01 12:56:44
-----------------------------
12:56:44.463    OS Version: Windows x64 6.1.7601 Service Pack 1
12:56:44.463    Number of processors: 4 586 0x402
12:56:44.464    ComputerName: CHRIS-PC  UserName: Chris
12:56:46.786    Initialize success
13:02:45.133    AVAST engine defs: 13040100
13:03:56.189    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:03:56.190    Disk 0 Vendor: ST3500418AS CC35 Size: 476940MB BusType: 3
13:03:56.203    Disk 0 MBR read successfully
13:03:56.205    Disk 0 MBR scan
13:03:56.208    Disk 0 Windows 7 default MBR code
13:03:56.218    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:03:56.230    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
13:03:56.253    Disk 0 scanning C:\Windows\system32\drivers
13:04:07.506    Service scanning
13:04:26.516    Modules scanning
13:04:26.520    Disk 0 trace - called modules:
13:04:26.537    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8009afc2c0]<<spgc.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
13:04:26.539    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800abfe060]
13:04:26.543    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8009b5ed10]
13:04:26.547    5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800a874060]
13:04:26.550    \Driver\atapi[0xfffffa8009b59920] -> IRP_MJ_CREATE -> 0xfffffa8009afc2c0
13:04:50.591    AVAST engine scan C:\Windows
13:04:54.453    AVAST engine scan C:\Windows\system32
13:08:29.913    AVAST engine scan C:\Windows\system32\drivers
13:08:40.842    AVAST engine scan C:\Users\Chris
13:20:37.887    AVAST engine scan C:\ProgramData
13:25:09.568    Scan finished successfully
13:35:17.470    Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
13:35:17.473    The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

Müsst dich übrigens in keiner Weiße entschuldigen für kleine Fehler. Immerhin machst du hier echt nen Haufen Arbeit für einen völlig Fremden.
Ich bin da echt Dankbar für.

Alt 01.04.2013, 14:10   #15
DerJazzer
/// Malwareteam
 
usyqs.exe - horse yard ... Prozess! - Standard

usyqs.exe - horse yard ... Prozess!


So, das kann sich doch sehen lassen

Mache bitte Folgendes, will da noch was überprüfen:
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
atapi.sys
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /360
C:\Windows\SysNative\*.dll /360
C:\Windows\SysWOW64\*.dll /360
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extras.txt hier in Deinen Thread
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Antwort
Seite 1 von 2 1 2

Themen zu usyqs.exe - horse yard ... Prozess!
aktiv, anleitung, fehler, firefox, google, hijack, hijackthis, hinweis, horse, hängt, leute, nichts, prozess, prozesse, sache, sachen, seite, seiten, system, taskmanager, unbekannte, unbekannte seiten, video, werbeseite, youtube, öffnet


« Bundestrojaner, Malwarefunde: Exploit.Drop.2 , PUP.InstallBrain , Adware.Shopper | Email Anhang mit TR/Matsnu.EB.132 geöffnet »


Ähnliche Themen: usyqs.exe - horse yard ... Prozess!


  1. Scotland Yard bestreitet Hack der Anti-Terror-Hotline
    Nachrichten - 13.04.2012 (0)
  2. Internet Explorer Prozess (NUR PROZESS) iexplore.exe startet sich selbst 3 mal
    Plagegeister aller Art und deren Bekämpfung - 27.02.2011 (21)
  3. Internet Explorer Prozess (NUR PROZESS) iexplore.exe startet sich selbst 3 mal
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (9)
  4. the feed yard.com i brauch eure HILFE
    Plagegeister aller Art und deren Bekämpfung - 18.10.2009 (4)
  5. TR/Agent.67089.A und TR/Horse.BVS
    Log-Analyse und Auswertung - 28.01.2009 (0)
  6. Trojan Horse Agent.4.E
    Mülltonne - 10.11.2008 (0)
  7. Trojan Horse
    Mülltonne - 29.01.2008 (0)
  8. Trojan Horse Generic8.llj
    Plagegeister aller Art und deren Bekämpfung - 09.01.2008 (2)
  9. trojan horse psw.generic3xoc
    Plagegeister aller Art und deren Bekämpfung - 22.11.2007 (7)
  10. trojan horse
    Plagegeister aller Art und deren Bekämpfung - 09.07.2007 (23)
  11. trojan horse
    Plagegeister aller Art und deren Bekämpfung - 08.07.2007 (4)
  12. Trojan horse PSW.Generic4.SID
    Log-Analyse und Auswertung - 17.06.2007 (3)
  13. Trojan horse proxy.25.BJ
    Plagegeister aller Art und deren Bekämpfung - 23.12.2006 (2)
  14. Trojan Horse TR/Click.526
    Plagegeister aller Art und deren Bekämpfung - 11.08.2005 (2)
  15. trojan horse in webdir.dll
    Plagegeister aller Art und deren Bekämpfung - 17.06.2005 (3)
  16. st.exe Trojan Horse
    Log-Analyse und Auswertung - 24.03.2005 (1)
  17. How To Kill The Horse????
    Plagegeister aller Art und deren Bekämpfung - 08.03.2005 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema usyqs.exe - horse yard ... Prozess! - Hallo Leute, glücklicherweise habe ich euch eine lange lange Zeit nicht gebraucht. d.h. mein System war sauber und lief rund. usyqs.exe ist der plagegeist der mich nun leider verfolgt. Mein - usyqs.exe - horse yard ... Prozess!...
Archiv
Du betrachtest: usyqs.exe - horse yard ... Prozess! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131