| |
| |||||||
Log-Analyse und Auswertung: svchost.exe greift auf clickhosterseiten zu (im hintergrund)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.03.2015, 03:21
| #16 |
| /// the machine /// TB-Ausbilder    |  svchost.exe greift auf clickhosterseiten zu (im hintergrund) Mysteriös..... Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.03.2015, 14:54
| #17 |
 | re8 Malwarebytes Anti Rootkit-LOG
__________________Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2015.03.28.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
Friedrich :: DSLSERVICE [administrator]
28.03.2015 13:54:09
mbar-log-2015-03-28 (13-54-09).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454661
Time elapsed: 52 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 4
Physical Sector #5860513168 on Drive #0 (Forged physical sector) -> No action taken.
Physical Sector #5860515472 on Drive #0 (Forged physical sector) -> No action taken.
Physical Sector #5860515508 on Drive #0 (Forged physical sector) -> No action taken.
Physical Sector #5860515544 on Drive #0 (Forged physical sector) -> No action taken.
(end)
__________________ |
|
28.03.2015, 14:55
| #18 |
| | re7.2 TDSKiller-Log: Teil 1
__________________Code:
ATTFilter 13:50:20.0456 0x1398 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:50:24.0138 0x1398 ============================================================
13:50:24.0138 0x1398 Current date / time: 2015/03/28 13:50:24.0138
13:50:24.0138 0x1398 SystemInfo:
13:50:24.0138 0x1398
13:50:24.0138 0x1398 OS Version: 6.1.7601 ServicePack: 1.0
13:50:24.0138 0x1398 Product type: Workstation
13:50:24.0138 0x1398 ComputerName: DSLSERVICE
13:50:24.0138 0x1398 UserName: Friedrich
13:50:24.0138 0x1398 Windows directory: C:\Windows
13:50:24.0138 0x1398 System windows directory: C:\Windows
13:50:24.0138 0x1398 Processor architecture: Intel x86
13:50:24.0138 0x1398 Number of processors: 8
13:50:24.0138 0x1398 Page size: 0x1000
13:50:24.0138 0x1398 Boot type: Normal boot
13:50:24.0138 0x1398 ============================================================
13:50:27.0866 0x1398 KLMD registered as C:\Windows\system32\drivers\20223527.sys
13:50:28.0584 0x1398 System UUID: {9E6F4451-54DE-6927-49D6-BB4865D7A155}
13:50:29.0098 0x1398 Drive \Device\Harddisk0\DR0 - Size: 0x2BAA1476000 ( 2794.52 Gb ), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:50:29.0114 0x1398 Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1476000 ( 2794.52 Gb ), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:50:29.0114 0x1398 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:50:29.0114 0x1398 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:50:29.0114 0x1398 ============================================================
13:50:29.0114 0x1398 \Device\Harddisk0\DR0:
13:50:29.0114 0x1398 MBR partitions:
13:50:29.0114 0x1398 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFFFFF800
13:50:29.0114 0x1398 \Device\Harddisk1\DR1:
13:50:29.0114 0x1398 MBR partitions:
13:50:29.0114 0x1398 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFFFFF800
13:50:29.0114 0x1398 \Device\Harddisk3\DR3:
13:50:29.0114 0x1398 MBR partitions:
13:50:29.0114 0x1398 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E035C1
13:50:29.0114 0x1398 \Device\Harddisk2\DR2:
13:50:29.0114 0x1398 MBR partitions:
13:50:29.0114 0x1398 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:50:29.0114 0x1398 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0xE8DD5000
13:50:29.0114 0x1398 ============================================================
13:50:29.0145 0x1398 C: <-> \Device\Harddisk1\DR1\Partition1
13:50:29.0644 0x1398 D: <-> \Device\Harddisk3\DR3\Partition1
13:50:29.0660 0x1398 F: <-> \Device\Harddisk0\DR0\Partition1
13:50:29.0676 0x1398 H: <-> \Device\Harddisk2\DR2\Partition1
13:50:29.0691 0x1398 I: <-> \Device\Harddisk2\DR2\Partition2
13:50:29.0691 0x1398 ============================================================
13:50:29.0691 0x1398 Initialize success
13:50:29.0691 0x1398 ============================================================
13:51:30.0447 0x1468 ============================================================
13:51:30.0447 0x1468 Scan started
13:51:30.0447 0x1468 Mode: Manual; SigCheck; TDLFS;
13:51:30.0447 0x1468 ============================================================
13:51:30.0447 0x1468 KSN ping started
13:51:30.0993 0x1468 KSN ping finished: true
13:51:31.0773 0x1468 ================ Scan system memory ========================
13:51:31.0773 0x1468 System memory - ok
13:51:31.0773 0x1468 ================ Scan services =============================
13:51:31.0929 0x1468 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:51:32.0054 0x1468 1394ohci - ok
13:51:32.0132 0x1468 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:51:32.0147 0x1468 ACPI - ok
13:51:32.0194 0x1468 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:51:32.0241 0x1468 AcpiPmi - ok
13:51:32.0303 0x1468 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:51:32.0319 0x1468 adp94xx - ok
13:51:32.0350 0x1468 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:51:32.0350 0x1468 adpahci - ok
13:51:32.0412 0x1468 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:51:32.0428 0x1468 adpu320 - ok
13:51:32.0459 0x1468 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:51:32.0553 0x1468 AeLookupSvc - ok
13:51:32.0646 0x1468 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
13:51:32.0709 0x1468 AFD - ok
13:51:32.0771 0x1468 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:51:32.0787 0x1468 agp440 - ok
13:51:32.0834 0x1468 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:51:32.0849 0x1468 aic78xx - ok
13:51:32.0896 0x1468 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
13:51:32.0927 0x1468 ALG - ok
13:51:32.0990 0x1468 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
13:51:33.0005 0x1468 aliide - ok
13:51:33.0021 0x1468 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:51:33.0036 0x1468 amdagp - ok
13:51:33.0083 0x1468 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
13:51:33.0083 0x1468 amdide - ok
13:51:33.0130 0x1468 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:51:33.0161 0x1468 AmdK8 - ok
13:51:33.0208 0x1468 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:51:33.0239 0x1468 AmdPPM - ok
13:51:33.0286 0x1468 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:51:33.0302 0x1468 amdsata - ok
13:51:33.0364 0x1468 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:51:33.0380 0x1468 amdsbs - ok
13:51:33.0395 0x1468 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:51:33.0395 0x1468 amdxata - ok
13:51:33.0458 0x1468 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
13:51:33.0489 0x1468 AppID - ok
13:51:33.0551 0x1468 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:51:33.0582 0x1468 AppIDSvc - ok
13:51:33.0645 0x1468 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
13:51:33.0676 0x1468 Appinfo - ok
13:51:33.0738 0x1468 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:51:33.0754 0x1468 AppMgmt - ok
13:51:33.0816 0x1468 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
13:51:33.0832 0x1468 arc - ok
13:51:33.0863 0x1468 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:51:33.0879 0x1468 arcsas - ok
13:51:34.0019 0x1468 [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:51:34.0128 0x1468 aspnet_state - ok
13:51:34.0175 0x1468 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:51:34.0394 0x1468 AsyncMac - ok
13:51:34.0409 0x1468 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
13:51:34.0425 0x1468 atapi - ok
13:51:34.0487 0x1468 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:51:34.0550 0x1468 AudioEndpointBuilder - ok
13:51:34.0565 0x1468 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:51:34.0581 0x1468 Audiosrv - ok
13:51:34.0643 0x1468 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:51:34.0690 0x1468 AxInstSV - ok
13:51:34.0768 0x1468 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
13:51:34.0799 0x1468 b06bdrv - ok
13:51:34.0846 0x1468 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:51:34.0893 0x1468 b57nd60x - ok
13:51:34.0955 0x1468 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
13:51:34.0986 0x1468 BDESVC - ok
13:51:35.0033 0x1468 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
13:51:35.0064 0x1468 Beep - ok
13:51:35.0127 0x1468 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
13:51:35.0142 0x1468 BFE - ok
13:51:35.0174 0x1468 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
13:51:35.0205 0x1468 BITS - ok
13:51:35.0220 0x1468 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:51:35.0236 0x1468 blbdrive - ok
13:51:35.0283 0x1468 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:51:35.0330 0x1468 bowser - ok
13:51:35.0330 0x1468 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:51:35.0361 0x1468 BrFiltLo - ok
13:51:35.0361 0x1468 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:51:35.0377 0x1468 BrFiltUp - ok
13:51:35.0470 0x1468 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:51:35.0517 0x1468 BridgeMP - ok
13:51:35.0533 0x1468 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
13:51:35.0548 0x1468 Browser - ok
13:51:35.0564 0x1468 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:51:35.0579 0x1468 Brserid - ok
13:51:35.0595 0x1468 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:51:35.0611 0x1468 BrSerWdm - ok
13:51:35.0673 0x1468 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:51:35.0704 0x1468 BrUsbMdm - ok
13:51:35.0704 0x1468 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:51:35.0751 0x1468 BrUsbSer - ok
13:51:35.0751 0x1468 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:51:35.0782 0x1468 BTHMODEM - ok
13:51:35.0829 0x1468 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
13:51:35.0860 0x1468 bthserv - ok
13:51:36.0079 0x1468 catchme - ok
13:51:36.0172 0x1468 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:51:36.0219 0x1468 cdfs - ok
13:51:36.0297 0x1468 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:51:36.0328 0x1468 cdrom - ok
13:51:36.0375 0x1468 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
13:51:36.0422 0x1468 CertPropSvc - ok
13:51:36.0422 0x1468 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
13:51:36.0453 0x1468 circlass - ok
13:51:36.0562 0x1468 [ DBC8CDAFC84E96E894C3BAAED9B30F47, A25CDF4BBF8227878D3CBB8E74904A43751EC4E98DFEBFE4CBD3953890A170F9 ] cleanhlp C:\EEK\bin\cleanhlp32.sys
13:51:36.0625 0x1468 cleanhlp - ok
13:51:36.0656 0x1468 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
13:51:36.0671 0x1468 CLFS - ok
13:51:36.0812 0x1468 [ 4AA6694FB767BBFF6A8EF080806447BD, 4920B3683FDE19A86453C76E08C23132B037D254AFB7147E84130C06AA90B0F8 ] CLHNServiceForPowerDVD C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
13:51:36.0827 0x1468 CLHNServiceForPowerDVD - ok
13:51:36.0952 0x1468 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:51:36.0968 0x1468 clr_optimization_v2.0.50727_32 - ok
13:51:37.0046 0x1468 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:51:37.0155 0x1468 clr_optimization_v4.0.30319_32 - ok
13:51:37.0186 0x1468 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
13:51:37.0217 0x1468 CmBatt - ok
13:51:37.0264 0x1468 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:51:37.0264 0x1468 cmdide - ok
13:51:37.0327 0x1468 [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys
13:51:37.0358 0x1468 CNG - ok
13:51:37.0405 0x1468 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:51:37.0420 0x1468 Compbatt - ok
13:51:37.0483 0x1468 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:51:37.0514 0x1468 CompositeBus - ok
13:51:37.0529 0x1468 COMSysApp - ok
13:51:37.0561 0x1468 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:51:37.0576 0x1468 crcdisk - ok
13:51:37.0654 0x1468 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:51:37.0685 0x1468 CryptSvc - ok
13:51:37.0795 0x1468 [ F054744F67576A01139885173392502B, 4FEA15AABC4FC63A3E991412CAF17283BBD257172EF7E255F40F5E22E0286902 ] CrystalSysInfo C:\Program Files\MediaCoder\SysInfo.sys
13:51:37.0810 0x1468 CrystalSysInfo - ok
13:51:37.0841 0x1468 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
13:51:37.0888 0x1468 CSC - ok
13:51:37.0935 0x1468 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
13:51:37.0982 0x1468 CscService - ok
13:51:38.0075 0x1468 [ D3484412EAE43685E3AD304C9979F30E, 0F45C056C3E2FE541FF2BD3914CDC823CF4048A57B967E07B95DFF673E968F35 ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
13:51:38.0091 0x1468 CyberLink PowerDVD 11.0 Monitor Service - ok
13:51:38.0122 0x1468 [ 4B0F03AF88FF89441EF57175849C3961, E758730704E52C7D2F8D061B6D40788D3F92F490A5A2F9F01E71C3CD959CA6E7 ] CyberLink PowerDVD 11.0 Service C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
13:51:38.0153 0x1468 CyberLink PowerDVD 11.0 Service - ok
13:51:38.0200 0x1468 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
13:51:38.0263 0x1468 DcomLaunch - ok
13:51:38.0278 0x1468 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
13:51:38.0309 0x1468 defragsvc - ok
13:51:38.0356 0x1468 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:51:38.0403 0x1468 DfsC - ok
13:51:38.0465 0x1468 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:51:38.0497 0x1468 Dhcp - ok
13:51:38.0512 0x1468 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
13:51:38.0543 0x1468 discache - ok
13:51:38.0590 0x1468 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
13:51:38.0606 0x1468 Disk - ok
13:51:38.0621 0x1468 [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
13:51:38.0653 0x1468 dmvsc - ok
13:51:38.0699 0x1468 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:51:38.0715 0x1468 Dnscache - ok
13:51:38.0809 0x1468 [ E230157E4B157E0B8D03C342B71E5884, DF5E8956CE7679F1E47FE4ECC1BB2CE4A3F3333CF69C6B5B0EA2670E34A0F163 ] Dokan C:\Windows\system32\drivers\dokan.sys
13:51:38.0824 0x1468 Dokan - ok
13:51:38.0933 0x1468 [ 85F6D1DAE0963121A54BD9C2278B1430, 2A159FB218745C279C0335CD96E506B2C7F2C9312D977AC340E3A212FC347413 ] DokanMounter C:\Program Files\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe
13:51:38.0949 0x1468 DokanMounter - ok
13:51:38.0996 0x1468 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
13:51:39.0043 0x1468 dot3svc - ok
13:51:39.0105 0x1468 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
13:51:39.0152 0x1468 DPS - ok
13:51:39.0230 0x1468 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:51:39.0261 0x1468 drmkaud - ok
13:51:39.0339 0x1468 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:51:39.0355 0x1468 DXGKrnl - ok
13:51:39.0417 0x1468 [ 22EF8965101685ADD128F03A2B03CE16, 677F7B32C7A45C26F2F0DB67FFB526E9742E4B3A8BEAEA7B814CBCA2F56D6D5A ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:51:39.0433 0x1468 E1G60 - ok
13:51:39.0495 0x1468 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
13:51:39.0526 0x1468 EapHost - ok
13:51:39.0635 0x1468 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
13:51:39.0698 0x1468 ebdrv - ok
13:51:39.0729 0x1468 [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] EFS C:\Windows\System32\lsass.exe
13:51:39.0745 0x1468 EFS - ok
13:51:39.0854 0x1468 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:51:39.0885 0x1468 ehRecvr - ok
13:51:39.0901 0x1468 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
13:51:39.0916 0x1468 ehSched - ok
13:51:39.0932 0x1468 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:51:39.0947 0x1468 elxstor - ok
13:51:40.0010 0x1468 [ B4BA0736D3D2736E3862697776866986, 21C6853BE16A7948D1A24558F77815DCBE5484387EDBEF6010B553E62883A4D9 ] EMET_Service C:\Program Files\EMET 5.1\EMET_Service.exe
13:51:40.0025 0x1468 EMET_Service - ok
13:51:40.0103 0x1468 [ FD9FC82F134B1C91004FFC76A5AE494B, 76CF65ED91D4719CD5620479E492259224715FC67E3CD9AA11E5DD0D7FB65A45 ] ENTECH C:\Windows\system32\DRIVERS\ENTECH.sys
13:51:40.0103 0x1468 ENTECH - detected UnsignedFile.Multi.Generic ( 1 )
13:51:40.0696 0x1468 Detect skipped due to KSN trusted
13:51:40.0696 0x1468 ENTECH - ok
13:51:40.0727 0x1468 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:51:40.0759 0x1468 ErrDev - ok
13:51:40.0821 0x1468 [ 24E564F710D887ECC75CFE59882ECC5D, 286B74C272E71AB2C64796790BC3425D3C29AA92B1018F77F7022B56DE9BA168 ] es1371 C:\Windows\system32\drivers\es1371mp.sys
13:51:40.0837 0x1468 es1371 - ok
13:51:40.0899 0x1468 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
13:51:40.0961 0x1468 EventSystem - ok
13:51:40.0977 0x1468 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
13:51:41.0008 0x1468 exfat - ok
13:51:41.0024 0x1468 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:51:41.0055 0x1468 fastfat - ok
13:51:41.0102 0x1468 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
13:51:41.0133 0x1468 Fax - ok
13:51:41.0180 0x1468 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\drivers\fdc.sys
13:51:41.0195 0x1468 fdc - ok
13:51:41.0242 0x1468 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
13:51:41.0273 0x1468 fdPHost - ok
13:51:41.0289 0x1468 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
13:51:41.0305 0x1468 FDResPub - ok
13:51:41.0305 0x1468 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:51:41.0320 0x1468 FileInfo - ok
13:51:41.0336 0x1468 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:51:41.0351 0x1468 Filetrace - ok
13:51:41.0351 0x1468 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:51:41.0367 0x1468 flpydisk - ok
13:51:41.0383 0x1468 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:51:41.0398 0x1468 FltMgr - ok
13:51:41.0492 0x1468 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
13:51:41.0554 0x1468 FontCache - ok
13:51:41.0632 0x1468 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:51:41.0648 0x1468 FontCache3.0.0.0 - ok
13:51:41.0648 0x1468 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:51:41.0663 0x1468 FsDepends - ok
13:51:41.0679 0x1468 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:51:41.0679 0x1468 Fs_Rec - ok
13:51:41.0835 0x1468 [ 49CAD71044454C45A875F04F84935227, 3F75C67E516E42BD5C5C357B7A9177BCCA64534344EC566E29A2D5911B5495BD ] Futuremark SystemInfo Service C:\Program Files\Futuremark\SystemInfo\FMSISvc.exe
13:51:41.0866 0x1468 Futuremark SystemInfo Service - ok
13:51:41.0913 0x1468 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:51:41.0929 0x1468 fvevol - ok
13:51:41.0975 0x1468 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:51:41.0991 0x1468 gagp30kx - ok
13:51:42.0053 0x1468 [ 77EBF3E9386DAA51551AF429052D88D0, 94C3294BB9E14B07448734AE65B37801D3FF15BEC987D182A929A017FEF7B276 ] giveio C:\Windows\system32\giveio.sys
13:51:42.0069 0x1468 giveio - detected UnsignedFile.Multi.Generic ( 1 )
13:51:42.0677 0x1468 Detect skipped due to KSN trusted
13:51:42.0677 0x1468 giveio - ok
13:51:42.0740 0x1468 [ 2B861A88AE8E95C0FC5E11127222AC7B, CD6169B862ABEE9FB4494F92FD3B8CB18ECECFB9355D6A6299B17CF35A32FBE1 ] GKBFltr C:\Windows\system32\Drivers\GameKB.sys
13:51:42.0771 0x1468 GKBFltr - ok
13:51:42.0833 0x1468 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
13:51:42.0865 0x1468 gpsvc - ok
13:51:42.0927 0x1468 [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
13:51:42.0943 0x1468 hamachi - ok
13:51:43.0036 0x1468 [ 3F40FA664309ED1CCC3592636A94DDF4, D241BD7FA97F1DA8E7A781535CCBF004D15DCABA7EFDC09EA97D5E549D85B41A ] hcmon C:\Windows\system32\drivers\hcmon.sys
13:51:43.0052 0x1468 hcmon - ok
13:51:43.0083 0x1468 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:51:43.0114 0x1468 hcw85cir - ok
13:51:43.0177 0x1468 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:51:43.0223 0x1468 HdAudAddService - ok
13:51:43.0270 0x1468 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:51:43.0286 0x1468 HDAudBus - ok
13:51:43.0364 0x1468 [ 4598E747284210CCC572FC304D0C687F, 6B3D2560B4F6951B613FADCB1449A189F7065070061D3C45DC77BA6E2DC5D523 ] HH10Help.sys C:\Windows\system32\drivers\HH10Help.sys
13:51:43.0379 0x1468 HH10Help.sys - detected UnsignedFile.Multi.Generic ( 1 )
13:51:43.0972 0x1468 Detect skipped due to KSN trusted
13:51:43.0972 0x1468 HH10Help.sys - ok
13:51:44.0003 0x1468 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:51:44.0035 0x1468 HidBatt - ok
13:51:44.0050 0x1468 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:51:44.0081 0x1468 HidBth - ok
13:51:44.0097 0x1468 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
13:51:44.0128 0x1468 HidIr - ok
13:51:44.0159 0x1468 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
13:51:44.0191 0x1468 hidserv - ok
13:51:44.0253 0x1468 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:51:44.0300 0x1468 HidUsb - ok
13:51:44.0362 0x1468 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
13:51:44.0378 0x1468 hkmsvc - ok
13:51:44.0393 0x1468 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:51:44.0409 0x1468 HomeGroupListener - ok
13:51:44.0471 0x1468 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:51:44.0487 0x1468 HomeGroupProvider - ok
13:51:44.0534 0x1468 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:51:44.0565 0x1468 HpSAMD - ok
13:51:44.0596 0x1468 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:51:44.0627 0x1468 HTTP - ok
13:51:44.0643 0x1468 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:51:44.0643 0x1468 hwpolicy - ok
13:51:44.0705 0x1468 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:51:44.0737 0x1468 i8042prt - ok
13:51:44.0783 0x1468 [ 70BADD827F0C6863AD7F4850DCC5E79B, 5B062D1552E00FDEBE854141AC8015AA046FC30C7D3417F60185FE75893AAC61 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
13:51:44.0815 0x1468 iaStorA - ok
13:51:44.0830 0x1468 [ 48BD3DD357DB6BB61FB2E6EF3D137764, D1ABD42A647A6CC0612E2A1ED5266AA222EC374B6CA33F386B5950F5D38AC021 ] iaStorF C:\Windows\system32\drivers\iaStorF.sys
13:51:44.0830 0x1468 iaStorF - ok
13:51:44.0877 0x1468 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:51:44.0893 0x1468 iaStorV - ok
13:51:44.0971 0x1468 [ 33D4D4A24791587E83F7EE05A446FB7E, 081E48AF76D7D3A71850A4C910EFBB0B280235E2A5303178B0338230F4BA2DE2 ] ICCS C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
13:51:44.0986 0x1468 ICCS - detected UnsignedFile.Multi.Generic ( 1 )
13:51:45.0579 0x1468 Detect skipped due to KSN trusted
13:51:45.0579 0x1468 ICCS - ok
13:51:45.0719 0x1468 [ B04830C87E64FC233DD8541186163DF3, 8C3B47596D20B95CA5AEBB0D47C2B52B18EB9D220FA693F8F061413FCB41295C ] icsak C:\Program Files\CheckPoint\AKL\ak\icsak.sys
13:51:45.0735 0x1468 icsak - ok
13:51:45.0813 0x1468 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:51:45.0829 0x1468 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
13:51:46.0437 0x1468 Detect skipped due to KSN trusted
13:51:46.0437 0x1468 IDriverT - ok
13:51:46.0531 0x1468 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:51:46.0546 0x1468 idsvc - ok
13:51:46.0593 0x1468 IEEtwCollectorService - ok
13:51:46.0671 0x1468 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:51:46.0687 0x1468 iirsp - ok
13:51:46.0780 0x1468 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
13:51:46.0811 0x1468 IKEEXT - ok
13:51:46.0972 0x1468 [ C93D14ECC955C29CA43CE807CE470754, 2390318A18BEEC8CF625727A1E2A393AC1BD8C00DF1F72FC93939BBD696A8D02 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:51:47.0020 0x1468 IntcAzAudAddService - ok
13:51:47.0051 0x1468 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
13:51:47.0051 0x1468 intelide - ok
13:51:47.0098 0x1468 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\drivers\intelppm.sys
13:51:47.0113 0x1468 intelppm - ok
13:51:47.0129 0x1468 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:51:47.0160 0x1468 IPBusEnum - ok
13:51:47.0191 0x1468 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:51:47.0207 0x1468 IpFilterDriver - ok
13:51:47.0238 0x1468 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:51:47.0254 0x1468 iphlpsvc - ok
13:51:47.0269 0x1468 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:51:47.0332 0x1468 IPMIDRV - ok
13:51:47.0332 0x1468 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:51:47.0363 0x1468 IPNAT - ok
13:51:47.0394 0x1468 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:51:47.0410 0x1468 IRENUM - ok
13:51:47.0441 0x1468 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:51:47.0441 0x1468 isapnp - ok
13:51:47.0488 0x1468 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:51:47.0503 0x1468 iScsiPrt - ok
13:51:47.0550 0x1468 [ 4A4DF1763FBE4D148385755D92EC7BA2, 1CB3AB85892248BDA12F73DCC15F9C1484C80B42055E21511F562C189CB0D712 ] ISWKL C:\Program Files\CheckPoint\AKL\ISWKL.sys
13:51:47.0566 0x1468 ISWKL - ok
13:51:47.0597 0x1468 [ EE6FEC85D7F6F65386B17CD45E1734CA, 887B41F0DB2FFEAEC00B159BF4504F25B4F883C9244EDC193FE3414B390EAB6B ] IswSvc C:\Program Files\CheckPoint\AKL\AkSVC.exe
13:51:47.0628 0x1468 IswSvc - ok
13:51:47.0706 0x1468 [ C07D93901561622A754E1EEA271960A7, 5846EB3DC5DF35ED2611C61E71BEF1C74E0EF9ADBDA48C17E773A46980CCF6E0 ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys
13:51:47.0722 0x1468 iusb3hcs - ok
13:51:47.0784 0x1468 [ A352D9B6695F682B7181E5E220FA7D1A, E7CFE5009954873B9196555DAD52EDB09003C25038B60947BD513FBC5CBD02E5 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
13:51:47.0800 0x1468 iusb3hub - ok
13:51:47.0940 0x1468 [ 68E444FF3D6701891FFF29FF8D44BEEC, 86BAE8F77E33ACA064C4D51211D26DA0F267AC1C340DB31865CE1DBD98FCC5BC ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
13:51:47.0971 0x1468 iusb3xhc - ok
13:51:48.0018 0x1468 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:51:48.0034 0x1468 kbdclass - ok
13:51:48.0080 0x1468 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:51:48.0096 0x1468 kbdhid - ok
13:51:48.0112 0x1468 [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] KeyIso C:\Windows\system32\lsass.exe
13:51:48.0127 0x1468 KeyIso - ok
13:51:48.0190 0x1468 [ 2AD446E7A867C48099227415DD66FB34, 7A5C80C19B870EC2AAB448949758972AD1AE2FD7C158ECF4E17DE54A5982B58A ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
13:51:48.0205 0x1468 KL1 - ok
13:51:48.0314 0x1468 [ CB7B98B51E2DDB6E519EB35DA0E7AFD2, 55C66955192D0D983F9D94C80104D7204103D993D937B140856AF5DB365B4B7D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
13:51:48.0346 0x1468 KLIF - ok
13:51:48.0424 0x1468 [ 039FB019C92A16A54FE527D93B0CFB96, 080897B377511FD2439EB651086390CD72B822E8222C79AB0569FAFAA14BA0AE ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
13:51:48.0439 0x1468 KLIM6 - ok
13:51:48.0502 0x1468 [ 63A2306B751FA5EC31F5CBFE61AF9A26, 4FC200FF4154DDA1122D9CFD67E4192F1A8B60057091E47C924DEEF22BAEA59A ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
13:51:48.0517 0x1468 kltdi - ok
13:51:48.0595 0x1468 [ 61A5F5B346EDA29152310B662843277A, FFE560C3623B21AD3B59A1390CF389142C05D7BDA6CCD8178935ACB2F49ACBA0 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
13:51:48.0611 0x1468 kneps - ok
13:51:48.0658 0x1468 [ 4DAC97CF81FAE4B2988AEF0DF40D04AE, 5560304972693DE5D5B21CE010A76067FA5B64AD5968122EE9F8248B3EA4878E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:51:48.0673 0x1468 KSecDD - ok
13:51:48.0704 0x1468 [ 9EED5E0B7BF784C491C2289A09920BDA, 9E82EB777A01AB32EDA2AE0420546602A82C850D68D2C0AEDB4EA5ADEDF835E6 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:51:48.0720 0x1468 KSecPkg - ok
13:51:48.0751 0x1468 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:51:48.0782 0x1468 KtmRm - ok
13:51:48.0845 0x1468 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:51:48.0876 0x1468 LanmanServer - ok
13:51:48.0938 0x1468 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:51:48.0970 0x1468 LanmanWorkstation - ok
13:51:49.0048 0x1468 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:51:49.0094 0x1468 lltdio - ok
13:51:49.0110 0x1468 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:51:49.0141 0x1468 lltdsvc - ok
13:51:49.0141 0x1468 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:51:49.0172 0x1468 lmhosts - ok
13:51:49.0219 0x1468 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:51:49.0235 0x1468 LSI_FC - ok
13:51:49.0297 0x1468 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:51:49.0313 0x1468 LSI_SAS - ok
13:51:49.0328 0x1468 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:51:49.0344 0x1468 LSI_SAS2 - ok
13:51:49.0360 0x1468 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:51:49.0375 0x1468 LSI_SCSI - ok
13:51:49.0422 0x1468 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
13:51:49.0469 0x1468 luafv - ok
13:51:49.0562 0x1468 [ 3B4C137E2CA87CF773204653A80B5BE9, D774945037F7A39EB23392DCCF4B52BDE03134C8D457EB9DDFE761B3B8C3D0D9 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
13:51:49.0578 0x1468 mbamchameleon - ok
13:51:49.0687 0x1468 [ 024ACCA2F972EE094EB0F4289F2FA893, 3C8806DAF521C41C39EFF0065CBA2A85120E78E31F35AC950FB451C59E841782 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
13:51:49.0703 0x1468 MBAMSwissArmy - ok
13:51:49.0734 0x1468 [ 29CB85A1FE091C9D3AA3C72D66DF3E69, FB196EC7F8095752713A336B79835D796F8EA738EE0512386C9116B277A9F210 ] MBfilt C:\Windows\system32\drivers\MBfilt32.sys
13:51:49.0750 0x1468 MBfilt - ok
13:51:49.0781 0x1468 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:51:49.0796 0x1468 Mcx2Svc - ok
13:51:49.0812 0x1468 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
13:51:49.0828 0x1468 megasas - ok
13:51:49.0859 0x1468 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:51:49.0859 0x1468 MegaSR - ok
13:51:49.0937 0x1468 [ 9E0A56C77E9244D2CAAC3811F4B47FCB, 0E70544BBA78DD8E43C5746C064C895A0990373F667A0B6AEA832FBEA2D2B764 ] MEI C:\Windows\system32\DRIVERS\HECI.sys
13:51:49.0952 0x1468 MEI - ok
13:51:50.0030 0x1468 [ 19D2D9C507D0E7A577807303FE96501B, 0CFBAA935D50AA9939D23597D26A7D8FBAFA85A9267B7DB57E79CDDD8202509A ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
13:51:50.0062 0x1468 mfehidk - ok
13:51:50.0077 0x1468 [ 6EA4C5591F7EEE370EF4E93ECDD4EFAE, C5961DE45E62399A79412A14C06C1791653D4AD328458BC4CE8D86C298931456 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
13:51:50.0093 0x1468 mferkdet - ok
13:51:50.0140 0x1468 [ 0A277C42CBF52C2AF2BAA10B89F2A9AD, 50489A7E43A1B6660074BEDDC8FC60A236658C99895571C7EB6516C873BE2155 ] mfevtp C:\Windows\system32\mfevtps.exe
13:51:50.0155 0x1468 mfevtp - ok
13:51:50.0264 0x1468 Microsoft SharePoint Workspace Audit Service - ok
13:51:50.0280 0x1468 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
13:51:50.0327 0x1468 MMCSS - ok
13:51:50.0342 0x1468 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
13:51:50.0374 0x1468 Modem - ok
13:51:50.0420 0x1468 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:51:50.0452 0x1468 monitor - ok
13:51:50.0514 0x1468 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:51:50.0530 0x1468 mouclass - ok
13:51:50.0576 0x1468 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:51:50.0608 0x1468 mouhid - ok
13:51:50.0654 0x1468 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:51:50.0670 0x1468 mountmgr - ok
13:51:50.0779 0x1468 [ 0A68B3E37961CEC327EED518F6D62530, EDEB16545ECDDEA2ADFF73E4DF3E9FD87E4B7126C8CFB037ABAF883D157103DE ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:51:50.0795 0x1468 MozillaMaintenance - ok
13:51:50.0810 0x1468 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
13:51:50.0826 0x1468 mpio - ok
13:51:50.0873 0x1468 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:51:50.0920 0x1468 mpsdrv - ok
13:51:50.0951 0x1468 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:51:50.0998 0x1468 MpsSvc - ok
13:51:51.0029 0x1468 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:51:51.0044 0x1468 MRxDAV - ok
13:51:51.0076 0x1468 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:51:51.0107 0x1468 mrxsmb - ok
13:51:51.0154 0x1468 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:51:51.0169 0x1468 mrxsmb10 - ok
13:51:51.0185 0x1468 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:51:51.0200 0x1468 mrxsmb20 - ok
13:51:51.0216 0x1468 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
13:51:51.0216 0x1468 msahci - ok
13:51:51.0325 0x1468 [ B03E3F64B70F8031E65EB26DA23DE91A, 73184B4A75C1EA5D10B9D78A9E705432551DE15231F10C5A31021896D0938D80 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
13:51:51.0341 0x1468 MSCamSvc - ok
13:51:51.0372 0x1468 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:51:51.0388 0x1468 msdsm - ok
13:51:51.0403 0x1468 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
13:51:51.0434 0x1468 MSDTC - ok
13:51:51.0450 0x1468 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:51:51.0466 0x1468 Msfs - ok
13:51:51.0481 0x1468 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:51:51.0497 0x1468 mshidkmdf - ok
13:51:51.0512 0x1468 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:51:51.0512 0x1468 msisadrv - ok
13:51:51.0575 0x1468 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:51:51.0622 0x1468 MSiSCSI - ok
13:51:51.0622 0x1468 msiserver - ok
13:51:51.0668 0x1468 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:51:51.0700 0x1468 MSKSSRV - ok
13:51:51.0715 0x1468 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:51:51.0731 0x1468 MSPCLOCK - ok
13:51:51.0731 0x1468 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:51:51.0746 0x1468 MSPQM - ok
13:51:51.0746 0x1468 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:51:51.0762 0x1468 MsRPC - ok
13:51:51.0778 0x1468 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:51:51.0778 0x1468 mssmbios - ok
13:51:51.0778 0x1468 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:51:51.0793 0x1468 MSTEE - ok
13:51:51.0824 0x1468 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:51:51.0856 0x1468 MTConfig - ok
13:51:51.0887 0x1468 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
13:51:51.0902 0x1468 Mup - ok
13:51:51.0980 0x1468 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
13:51:51.0996 0x1468 napagent - ok
13:51:52.0074 0x1468 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:51:52.0105 0x1468 NativeWifiP - ok
13:51:52.0136 0x1468 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:51:52.0152 0x1468 NDIS - ok
13:51:52.0199 0x1468 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:51:52.0214 0x1468 NdisCap - ok
13:51:52.0261 0x1468 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:51:52.0308 0x1468 NdisTapi - ok
13:51:52.0324 0x1468 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:51:52.0370 0x1468 Ndisuio - ok
13:51:52.0370 0x1468 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:51:52.0448 0x1468 NdisWan - ok
13:51:52.0464 0x1468 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:51:52.0480 0x1468 NDProxy - ok
13:51:52.0526 0x1468 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:51:52.0558 0x1468 NetBIOS - ok
13:51:52.0604 0x1468 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:51:52.0667 0x1468 NetBT - ok
13:51:52.0682 0x1468 [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] Netlogon C:\Windows\system32\lsass.exe
13:51:52.0698 0x1468 Netlogon - ok
13:51:52.0714 0x1468 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
13:51:52.0745 0x1468 Netman - ok
13:51:52.0885 0x1468 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:51:52.0948 0x1468 NetMsmqActivator - ok
13:51:52.0963 0x1468 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:51:52.0963 0x1468 NetPipeActivator - ok
13:51:52.0994 0x1468 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
13:51:53.0010 0x1468 netprofm - ok
13:51:53.0010 0x1468 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:51:53.0026 0x1468 NetTcpActivator - ok
13:51:53.0026 0x1468 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:51:53.0026 0x1468 NetTcpPortSharing - ok
13:51:53.0104 0x1468 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:51:53.0119 0x1468 nfrd960 - ok
13:51:53.0150 0x1468 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:51:53.0197 0x1468 NlaSvc - ok
13:51:53.0275 0x1468 nlndis - ok
13:51:53.0447 0x1468 [ 1B49B83747509B2B1D707CD4B09AA504, C84689E52D184C9D358514DB36A6E6D3CD306C51A70D93853F1E3E8AF39B3F68 ] NLNdisMP C:\Windows\system32\DRIVERS\nlndis.sys
13:51:53.0525 0x1468 NLNdisMP - ok
13:51:53.0681 0x1468 [ 1B49B83747509B2B1D707CD4B09AA504, C84689E52D184C9D358514DB36A6E6D3CD306C51A70D93853F1E3E8AF39B3F68 ] NLNdisPT C:\Windows\system32\DRIVERS\nlndis.sys
13:51:53.0759 0x1468 NLNdisPT - ok
13:51:53.0852 0x1468 [ B4D07CD366F5D40138ABB68600FC8CDE, 98FC3EA99BC2AB5DC59588AEAC500B1404D7B4CCBBF2FDC4E4BDC48808EDBB21 ] nlsvc C:\Program Files\NetLimiter 3\nlsvc.exe
13:51:53.0868 0x1468 nlsvc - detected UnsignedFile.Multi.Generic ( 1 )
13:51:55.0163 0x1468 nlsvc ( UnsignedFile.Multi.Generic ) - warning
13:51:55.0849 0x1468 [ 6FE26694C94F1A63AF066D7A557F69D3, 70E3354BBA2F9E2FF988C191AA0E72E1E4B56F5F4DB4B8F60F0628C674DF4462 ] nltdi C:\Program Files\NetLimiter 3\nltdi.sys
13:51:55.0927 0x1468 nltdi - ok
13:51:56.0005 0x1468 [ 25401B0C9576C8456B3E0BBD74FF0771, BB569C99360A631850537DC2EDA0BF85D091CC30BD98B3FD2AC9DABDFB7741DA ] NPF C:\Windows\system32\drivers\npf.sys
13:51:56.0021 0x1468 NPF - ok
13:51:56.0036 0x1468 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:51:56.0083 0x1468 Npfs - ok
13:51:56.0099 0x1468 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
13:51:56.0114 0x1468 nsi - ok
13:51:56.0114 0x1468 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:51:56.0146 0x1468 nsiproxy - ok
13:51:56.0192 0x1468 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:51:56.0224 0x1468 Ntfs - ok
13:51:56.0317 0x1468 [ 170EE229D4DEF31DBE95348C9A88FE74, EB416066543CBEE991698E18E1EE058696B1D650837279F1BF33C29C19A6CE6B ] ntk_PowerDVD C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys
13:51:56.0333 0x1468 ntk_PowerDVD - ok
13:51:56.0333 0x1468 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
13:51:56.0380 0x1468 Null - ok
13:51:56.0504 0x1468 [ F69FD161BD904778E1D6EBE9EEBBC2B5, 463887665C45639E87D7371CB59032193FFC1A2E18D0E21E1709D40D03048AE9 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
13:51:56.0536 0x1468 NVHDA - ok
13:51:56.0911 0x1468 [ FCEA6786A7222DF6C26B008279139952, 9E96776417B45DC1ABDA5DE0CD36913FC6E6A38486D470BCBE01D09CE7388C4A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:51:57.0021 0x1468 nvlddmkm - ok
13:51:57.0068 0x1468 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:51:57.0068 0x1468 nvraid - ok
13:51:57.0099 0x1468 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:51:57.0099 0x1468 nvstor - ok
13:51:57.0130 0x1468 NvStUSB - ok
13:51:57.0193 0x1468 [ F4B2AAFDB72CC6A54A14A0D6DC82657A, CBC6F3E8BEE4920886A4A3F3269132719E520898590104BCD3391D77F435FD13 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:51:57.0224 0x1468 nvsvc - ok
13:51:57.0255 0x1468 nvvad_WaveExtensible - ok
13:51:57.0286 0x1468 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:51:57.0302 0x1468 nv_agp - ok
13:51:57.0318 0x1468 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:51:57.0333 0x1468 ohci1394 - ok
13:51:57.0505 0x1468 [ 92831BAF6F475F342F1F9605B27C354D, 0915AE09E3E8B9B3BC4C7B9B90BB7993317F62FC78C26F0318A2A838857A3EA8 ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe
13:51:57.0536 0x1468 OODefragAgent - ok
13:51:57.0661 0x1468 [ BFAEDDE456C73BB28363D7176BB1820D, 7F33F6084A29E9334479AA797A07DC958986B32785C578D281FDA8682887BF6F ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
13:51:57.0676 0x1468 OpenVPNService - ok
13:51:57.0864 0x1468 [ 4E2D0656946F2A19FED1C60E0E4FC1AF, 5551D5BD89EB650C5485BBB58DAA5473044B7C967B72687A27430FA9A1E812FE ] Origin Client Service C:\Program Files\Origin\OriginClientService.exe
13:51:57.0895 0x1468 Origin Client Service - ok
13:51:57.0973 0x1468 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:51:57.0988 0x1468 ose - ok
13:51:58.0129 0x1468 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:51:58.0191 0x1468 osppsvc - ok
13:51:58.0222 0x1468 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:51:58.0238 0x1468 p2pimsvc - ok
13:51:58.0269 0x1468 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
13:51:58.0285 0x1468 p2psvc - ok
13:51:58.0363 0x1468 [ 9DC0BA8730B8FE61D3B71A3EEF2E836F, 1022721977D86C45B0649C9C6AAB44B9E52917DF5D82FBA17A7219826A846180 ] ParagonLDM C:\Windows\system32\drivers\biont_bs.sys
13:51:58.0378 0x1468 ParagonLDM - ok
13:51:58.0456 0x1468 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\drivers\parport.sys
13:51:58.0488 0x1468 Parport - ok
13:51:58.0503 0x1468 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:51:58.0519 0x1468 partmgr - ok
13:51:58.0519 0x1468 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
13:51:58.0534 0x1468 Parvdm - ok
13:51:58.0550 0x1468 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:51:58.0566 0x1468 PcaSvc - ok
13:51:58.0581 0x1468 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
13:51:58.0581 0x1468 pci - ok
13:51:58.0597 0x1468 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
13:51:58.0597 0x1468 pciide - ok
13:51:58.0612 0x1468 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:51:58.0628 0x1468 pcmcia - ok
13:51:58.0628 0x1468 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
13:51:58.0644 0x1468 pcw - ok
13:51:58.0706 0x1468 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:51:58.0737 0x1468 PEAUTH - ok
13:51:58.0768 0x1468 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:51:58.0800 0x1468 PeerDistSvc - ok
13:51:58.0831 0x1468 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
13:51:58.0878 0x1468 pla - ok
13:51:58.0956 0x1468 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:51:58.0987 0x1468 PlugPlay - ok
13:51:59.0065 0x1468 [ 713E294439D982BB161317DE0136FAA0, 439DE38F993B3EBFAE7053A90AE5EA47BEEF02E28E261F23CA6A6037FC3676C4 ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
13:51:59.0096 0x1468 pneteth - ok
13:51:59.0096 0x1468 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:51:59.0112 0x1468 PNRPAutoReg - ok
13:51:59.0143 0x1468 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:51:59.0174 0x1468 PNRPsvc - ok
13:51:59.0236 0x1468 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:51:59.0268 0x1468 PolicyAgent - ok
13:51:59.0268 0x1468 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
13:51:59.0299 0x1468 Power - ok
13:51:59.0346 0x1468 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:51:59.0392 0x1468 PptpMiniport - ok
13:51:59.0408 0x1468 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
13:51:59.0424 0x1468 Processor - ok
13:51:59.0517 0x1468 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
13:51:59.0533 0x1468 ProfSvc - ok
13:51:59.0548 0x1468 [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:51:59.0548 0x1468 ProtectedStorage - ok
13:51:59.0611 0x1468 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:51:59.0642 0x1468 Psched - ok
13:51:59.0736 0x1468 [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
13:51:59.0751 0x1468 PSI_SVC_2 - ok
13:51:59.0814 0x1468 [ 3A6489DCB6F28970B6BBD9687777FA00, 23F8C7B8A4B95925AA53D7F0AA4C349EA38CBEDF31AC9EAC17189CBBEAEF7B5C ] pwdrvio C:\Windows\system32\pwdrvio.sys
13:51:59.0814 0x1468 pwdrvio - ok
13:51:59.0892 0x1468 [ 9D00D015159B6ADF0980BAEEB5DCC5E4, C944564FD992084E86DD581B73E8DFDA54DBDA8A4396F6675BDA771ED50AF6C5 ] pwdspio C:\Windows\system32\pwdspio.sys
13:51:59.0892 0x1468 pwdspio - ok
13:51:59.0985 0x1468 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:52:00.0001 0x1468 ql2300 - ok
13:52:00.0063 0x1468 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:52:00.0079 0x1468 ql40xx - ok
13:52:00.0110 0x1468 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
13:52:00.0141 0x1468 QWAVE - ok
13:52:00.0172 0x1468 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:52:00.0188 0x1468 QWAVEdrv - ok
13:52:00.0204 0x1468 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:52:00.0235 0x1468 RasAcd - ok
13:52:00.0282 0x1468 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:52:00.0313 0x1468 RasAgileVpn - ok
13:52:00.0328 0x1468 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
13:52:00.0344 0x1468 RasAuto - ok
13:52:00.0344 0x1468 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:52:00.0360 0x1468 Rasl2tp - ok
13:52:00.0375 0x1468 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
13:52:00.0391 0x1468 RasMan - ok
13:52:00.0406 0x1468 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:52:00.0422 0x1468 RasPppoe - ok
13:52:00.0453 0x1468 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:52:00.0516 0x1468 RasSstp - ok
13:52:00.0687 0x1468 [ 67EAD2898F681B4ECA6E385AA39C8539, BD3D46234DD4FB6232CFF073E75CA8E35E06B416D205DCD6564E30D7548ED6F6 ] Razer Game Scanner Service C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
13:52:00.0703 0x1468 Razer Game Scanner Service - ok
13:52:00.0718 0x1468 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:52:00.0750 0x1468 rdbss - ok
13:52:00.0796 0x1468 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
13:52:00.0812 0x1468 rdpbus - ok
13:52:00.0828 0x1468 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:52:00.0859 0x1468 RDPCDD - ok
13:52:00.0890 0x1468 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:52:00.0906 0x1468 RDPDR - ok
13:52:00.0937 0x1468 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:52:00.0984 0x1468 RDPENCDD - ok
13:52:00.0984 0x1468 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:52:01.0015 0x1468 RDPREFMP - ok
13:52:01.0108 0x1468 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:52:01.0124 0x1468 RDPWD - ok
13:52:01.0202 0x1468 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:52:01.0218 0x1468 rdyboost - ok
13:52:01.0467 0x1468 [ BBFCAC1C23B867AE5D7EF96DF40680C5, D7A60D2B1AA96F93A797778B6B2D2663C1F18CA0990298EC4D7B6F4E959481F4 ] Realtek87B C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
13:52:01.0467 0x1468 Realtek87B - detected UnsignedFile.Multi.Generic ( 1 )
13:52:02.0076 0x1468 Detect skipped due to KSN trusted
13:52:02.0076 0x1468 Realtek87B - ok
13:52:02.0107 0x1468 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:52:02.0122 0x1468 RemoteAccess - ok
13:52:02.0169 0x1468 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:52:02.0200 0x1468 RemoteRegistry - ok
13:52:02.0247 0x1468 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:52:02.0278 0x1468 RpcEptMapper - ok
13:52:02.0294 0x1468 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
13:52:02.0325 0x1468 RpcLocator - ok
13:52:02.0341 0x1468 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
13:52:02.0356 0x1468 RpcSs - ok
13:52:02.0481 0x1468 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:52:02.0528 0x1468 rspndr - ok
13:52:02.0793 0x1468 [ 0867F0EC74C8DC997F078F427E611169, 901839DA4AC9FFED00A030F4108078C92D59D7F91380CE725513866252E351E3 ] RTCore32 C:\Program Files\MSI Afterburner\RTCore32.sys
13:52:02.0809 0x1468 RTCore32 - detected UnsignedFile.Multi.Generic ( 1 )
13:52:03.0417 0x1468 Detect skipped due to KSN trusted
13:52:03.0417 0x1468 RTCore32 - ok
13:52:03.0651 0x1468 [ BCB84B430A92AE31940870DF304AE659, 19851270FCB35F958ACE00FA835B44BF31BFE52E0AF8EACC161B217756B6B769 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
13:52:03.0682 0x1468 RTL8167 - ok
13:52:03.0901 0x1468 [ 325590E7E9587459643BA24D2CF73BF2, 92699FF111C597D6DF0AA4CE059F199E3E67CD15E43C102968E3285995FF0079 ] RTL8187 C:\Windows\system32\DRIVERS\rtl8187.sys
13:52:03.0932 0x1468 RTL8187 - ok
13:52:04.0556 0x1468 [ 45F606823EAA469582318C722C76A29D, 1016FBE111638AE369F7C5FF6CA33178FD6CB06D361F3B488DE6C4D85A22253A ] RUBotSrv C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
13:52:04.0587 0x1468 RUBotSrv - ok
13:52:04.0712 0x1468 [ 1E80E6B1DF5B1ADA40F9627A44AE2DE1, 2327112FBBC08464C27E1105FE3BEEC51AB9041C528102B4EEB348586014E9AD ] rzendpt C:\Windows\system32\DRIVERS\rzendpt.sys
13:52:04.0728 0x1468 rzendpt - ok
13:52:04.0977 0x1468 [ 8ACD8981ED99105443896B632F87F300, 03984C0CB52B4B0930403C3E50945D9648EA2AEBE13AC4FF58A2B43AA5B7E990 ] rzpmgrk C:\Windows\system32\drivers\rzpmgrk.sys
13:52:04.0993 0x1468 rzpmgrk - ok
13:52:05.0071 0x1468 [ 560069DC51D3CC7F9CF1F4E940F93CAE, 16E2B071991B470A76DFF4B6312D3C7E2133AD9AC4B6A62DDA4E32281952FB23 ] rzpnk C:\Windows\system32\drivers\rzpnk.sys
13:52:05.0102 0x1468 rzpnk - ok
13:52:05.0196 0x1468 [ 28BE53C21C617B86D497BF55D908B3A8, 69BA3C84D6E9E157ED11DD75EB91CAD6F1DD676E508EC4EB251F3EF3D968EFE0 ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys
13:52:05.0211 0x1468 rzudd - ok
13:52:05.0242 0x1468 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:52:05.0274 0x1468 s3cap - ok
13:52:05.0305 0x1468 [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] SamSs C:\Windows\system32\lsass.exe
13:52:05.0336 0x1468 SamSs - ok
13:52:05.0586 0x1468 [ 230FD3749904CA045EA5EC0AA14006E9, D7C79238F862B471740AFF4CC3982658D1339795E9EC884A8921EFE2E547D7C3 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2\WNt500x86\Sandra.sys
13:52:05.0601 0x1468 SANDRA - ok
13:52:05.0617 0x1468 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:52:05.0632 0x1468 sbp2port - ok
13:52:05.0712 0x1468 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:52:05.0759 0x1468 SCardSvr - ok
13:52:05.0822 0x1468 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:52:05.0853 0x1468 scfilter - ok
13:52:06.0024 0x1468 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
13:52:06.0087 0x1468 Schedule - ok
13:52:06.0134 0x1468 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:52:06.0165 0x1468 SCPolicySvc - ok
13:52:06.0180 0x1468 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:52:06.0227 0x1468 SDRSVC - ok
13:52:06.0290 0x1468 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:52:06.0352 0x1468 secdrv - ok
13:52:06.0368 0x1468 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
13:52:06.0414 0x1468 seclogon - ok
13:52:06.0446 0x1468 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
13:52:06.0461 0x1468 SENS - ok
13:52:06.0508 0x1468 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:52:06.0524 0x1468 SensrSvc - ok
13:52:06.0602 0x1468 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:52:06.0648 0x1468 Serenum - ok
13:52:06.0695 0x1468 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:52:06.0742 0x1468 Serial - ok
13:52:06.0820 0x1468 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:52:06.0867 0x1468 sermouse - ok
13:52:06.0898 0x1468 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
13:52:06.0929 0x1468 SessionEnv - ok
13:52:06.0976 0x1468 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:52:07.0007 0x1468 sffdisk - ok
13:52:07.0023 0x1468 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:52:07.0054 0x1468 sffp_mmc - ok
13:52:07.0085 0x1468 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:52:07.0132 0x1468 sffp_sd - ok
13:52:07.0179 0x1468 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:52:07.0210 0x1468 sfloppy - ok
13:52:07.0709 0x1468 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:52:07.0772 0x1468 SharedAccess - ok
13:52:07.0803 0x1468 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:52:07.0834 0x1468 ShellHWDetection - ok
13:52:07.0912 0x1468 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:52:07.0928 0x1468 sisagp - ok
13:52:07.0990 0x1468 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:52:08.0006 0x1468 SiSRaid2 - ok
13:52:08.0052 0x1468 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:52:08.0068 0x1468 SiSRaid4 - ok
13:52:08.0162 0x1468 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:52:08.0193 0x1468 Smb - ok
13:52:08.0255 0x1468 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:52:08.0286 0x1468 SNMPTRAP - ok
13:52:08.0442 0x1468 [ DC8D2952FB6FFBAEC67BD1B93A34DF11, 0BD1523A68900B80ED1BCCB967643525CCA55D4FF4622D0128913690E6BB619E ] speedfan C:\Windows\system32\speedfan.sys
13:52:08.0458 0x1468 speedfan - ok
13:52:08.0489 0x1468 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
13:52:08.0505 0x1468 spldr - ok
13:52:08.0583 0x1468 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
13:52:08.0598 0x1468 Spooler - ok
13:52:08.0770 0x1468 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
13:52:08.0848 0x1468 sppsvc - ok
13:52:08.0895 0x1468 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:52:08.0926 0x1468 sppuinotify - ok
13:52:09.0160 0x1468 [ A199171385BE17973FD800FA91F8F78A, 815091DC5A3506A3C8414B9D0213A61DF8289BA8645289CC9D338820536B42EA ] sptd C:\Windows\system32\Drivers\sptd.sys
13:52:09.0160 0x1468 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: A199171385BE17973FD800FA91F8F78A, sha256: 815091DC5A3506A3C8414B9D0213A61DF8289BA8645289CC9D338820536B42EA
13:52:09.0160 0x1468 sptd - detected LockedFile.Multi.Generic ( 1 )
13:52:09.0768 0x1468 Detect skipped due to KSN trusted
13:52:09.0768 0x1468 sptd - ok
13:52:09.0815 0x1468 [ 7B426B8E809EDF081D771EF429345528, 7ED3E35368CAFD8EB884FBD8B0BF1E2207E5F78374AE69993368E64432D7531B ] sp_rsdrv2 C:\Windows\system32\drivers\sp_rsdrv2.sys
13:52:09.0831 0x1468 sp_rsdrv2 - detected UnsignedFile.Multi.Generic ( 1 )
13:52:10.0470 0x1468 Detect skipped due to KSN trusted
13:52:10.0470 0x1468 sp_rsdrv2 - ok
13:52:10.0689 0x1468 [ 2798E5AA05DACF91DA029005176756F1, 01843A76536D72E258E4841D2522367B7EFD271E12EA00BFF970B41569D6824C ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:52:10.0704 0x1468 SQLWriter - ok
13:52:10.0798 0x1468 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:52:10.0876 0x1468 srv - ok
13:52:11.0001 0x1468 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:52:11.0016 0x1468 srv2 - ok
13:52:11.0048 0x1468 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:52:11.0079 0x1468 srvnet - ok
13:52:11.0157 0x1468 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:52:11.0204 0x1468 SSDPSRV - ok
13:52:11.0250 0x1468 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:52:11.0297 0x1468 SstpSvc - ok
13:52:11.0750 0x1468 [ BE9ACF067442E33FC03056D124A99A52, 63CE301C23E188BCFB1A27AA9E2494B8120561F291364EC271DFFDB20EE57839 ] ST2012_Svc C:\Program Files\Spyware Terminator\st_rsser.exe
13:52:11.0781 0x1468 ST2012_Svc - ok
13:52:12.0171 0x1468 [ 5FF569CDD4F84E79F0C2EE742FB9368E, 266BB0E06B58BD1D9C793E5BBC0A5819278E62C952032E5D05A7DBF4EEC78292 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:52:12.0186 0x1468 Stereo Service - ok
13:52:12.0233 0x1468 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:52:12.0233 0x1468 stexstor - ok
13:52:12.0358 0x1468 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
13:52:12.0420 0x1468 StiSvc - ok
13:52:12.0467 0x1468 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:52:12.0483 0x1468 storflt - ok
13:52:12.0514 0x1468 [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
13:52:12.0561 0x1468 StorSvc - ok
13:52:12.0639 0x1468 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:52:12.0654 0x1468 storvsc - ok
13:52:12.0686 0x1468 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
13:52:12.0701 0x1468 swenum - ok
13:52:12.0904 0x1468 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:52:12.0951 0x1468 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
13:52:13.0590 0x1468 Detect skipped due to KSN trusted
13:52:13.0590 0x1468 SwitchBoard - ok
13:52:13.0637 0x1468 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
13:52:13.0668 0x1468 swprv - ok
13:52:13.0762 0x1468 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
13:52:13.0793 0x1468 SysMain - ok
13:52:13.0809 0x1468 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
13:52:13.0840 0x1468 TabletInputService - ok
13:52:13.0918 0x1468 [ AB0BCCDE4709F0C3FFA45F6E387DBEAB, 2C4F54B851F491528F9A3E442F11F597DA07E51D4576F96001F64BEEEDB4DA35 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
13:52:13.0980 0x1468 tap0901 - ok
13:52:14.0012 0x1468 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
13:52:14.0043 0x1468 TapiSrv - ok
13:52:14.0043 0x1468 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
13:52:14.0090 0x1468 TBS - ok
13:52:14.0417 0x1468 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:52:14.0464 0x1468 Tcpip - ok
13:52:14.0495 0x1468 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:52:14.0511 0x1468 TCPIP6 - ok
13:52:14.0542 0x1468 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:52:14.0573 0x1468 tcpipreg - ok
13:52:14.0636 0x1468 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:52:14.0667 0x1468 TDPIPE - ok
13:52:14.0714 0x1468 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:52:14.0729 0x1468 TDTCP - ok
13:52:14.0760 0x1468 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:52:14.0807 0x1468 tdx - ok
13:52:14.0854 0x1468 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:52:14.0870 0x1468 TermDD - ok
13:52:15.0010 0x1468 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
13:52:15.0072 0x1468 TermService - ok
13:52:15.0088 0x1468 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
13:52:15.0135 0x1468 Themes - ok
13:52:15.0213 0x1468 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
13:52:15.0244 0x1468 THREADORDER - ok
13:52:15.0291 0x1468 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
13:52:15.0353 0x1468 TrkWks - ok
13:52:15.0509 0x1468 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:52:15.0556 0x1468 TrustedInstaller - ok
13:52:15.0603 0x1468 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:52:15.0618 0x1468 tssecsrv - ok
13:52:15.0634 0x1468 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:52:15.0681 0x1468 TsUsbFlt - ok
13:52:15.0712 0x1468 [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:52:15.0743 0x1468 TsUsbGD - ok
13:52:15.0837 0x1468 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:52:15.0852 0x1468 tunnel - ok
13:52:16.0057 0x1468 [ 0397852EF1E5463D57F22C689F6354F9, 620845F35754DE1772CBC750A1F787C6C5130FFB8CE24DE51ADD2F5921B33477 ] t_mouse.sys C:\Windows\system32\DRIVERS\t_mouse.sys
13:52:16.0073 0x1468 t_mouse.sys - ok
13:52:16.0135 0x1468 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:52:16.0151 0x1468 uagp35 - ok
13:52:16.0182 0x1468 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:52:16.0213 0x1468 udfs - ok
13:52:16.0244 0x1468 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:52:16.0354 0x1468 UI0Detect - ok
13:52:16.0525 0x1468 [ 950821BFC2951F349540FA16433CA800, 8143FF2967B77E1BBDA5949769A74CD104FEA8AC38C75FB84E911FC6C85ACD18 ] UimBus C:\Windows\system32\DRIVERS\UimBus.sys
13:52:16.0525 0x1468 UimBus - ok
13:52:16.0619 0x1468 [ 6ABC3943F6FBCE54DAB42E6757CADC0B, 299A393140B40A53BCA756A6A0B5FF86D517462575BA2AB8E27969FF579B50F3 ] Uim_DEVIM C:\Windows\system32\DRIVERS\uim_devim.sys
13:52:16.0634 0x1468 Uim_DEVIM - ok
13:52:16.0790 0x1468 [ 0EC2117399CADDC2D197DB24C57135FD, 6FDED81FEA785CAD6AA9C626A618C440BA9BDA3E14CBD205B693C093BF9B8FF2 ] Uim_IM C:\Windows\system32\Drivers\Uim_IM.sys
13:52:16.0822 0x1468 Uim_IM - ok
13:52:16.0931 0x1468 [ AA16B72277CDCE5310DEF8BB8F5DB695, 78462F27BBAD9D44C62A6565F5C4364DEADC0D3F476D5927E0651217F1A59F9D ] Uim_Vim C:\Windows\system32\Drivers\Uim_Vim.sys
13:52:16.0946 0x1468 Uim_Vim - ok
13:52:17.0058 0x1468 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:52:17.0073 0x1468 uliagpkx - ok
13:52:17.0136 0x1468 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:52:17.0167 0x1468 umbus - ok
13:52:17.0214 0x1468 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:52:17.0229 0x1468 UmPass - ok
13:52:17.0312 0x1468 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
13:52:17.0344 0x1468 UmRdpService - ok
13:52:17.0407 0x1468 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
13:52:17.0485 0x1468 upnphost - ok
13:52:17.0610 0x1468 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:52:17.0656 0x1468 usbaudio - ok
13:52:17.0703 0x1468 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:52:17.0734 0x1468 usbccgp - ok
13:52:17.0797 0x1468 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:52:17.0828 0x1468 usbcir - ok
13:52:17.0890 0x1468 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:52:17.0922 0x1468 usbehci - ok
13:52:18.0031 0x1468 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:52:18.0078 0x1468 usbhub - ok
13:52:18.0124 0x1468 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:52:18.0171 0x1468 usbohci - ok
13:52:18.0265 0x1468 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:52:18.0280 0x1468 usbprint - ok
13:52:18.0358 0x1468 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:52:18.0374 0x1468 usbscan - ok
13:52:18.0468 0x1468 [ 007C0C8D5B01D82ACEB70431D15083F6, 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C ] usbser C:\Windows\system32\DRIVERS\usbser.sys
13:52:18.0514 0x1468 usbser - ok
13:52:18.0546 0x1468 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:52:18.0577 0x1468 USBSTOR - ok
13:52:18.0608 0x1468 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:52:18.0639 0x1468 usbuhci - ok
13:52:18.0780 0x1468 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:52:18.0811 0x1468 usbvideo - ok
13:52:18.0826 0x1468 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
13:52:18.0858 0x1468 UxSms - ok
13:52:18.0873 0x1468 [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] VaultSvc C:\Windows\system32\lsass.exe
13:52:18.0889 0x1468 VaultSvc - ok
13:52:19.0216 0x1468 [ 7C1842F09D57B8855459B86AAD9C97E1, 86E76FA59CCDDC0FECC54444B5017F159F2058DDF6B356AA5C9CB314F4DA7541 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
13:52:19.0248 0x1468 VBoxDrv - ok
13:52:19.0388 0x1468 [ 67F5898F8111800D4C7639A6599F2EC3, C1436F16BD9D9EDB686D92A5DA793DF64665826641FDF99191C4D27CE5C65B7C ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:52:19.0404 0x1468 VBoxNetAdp - ok
13:52:19.0560 0x1468 [ F735FC8C580DAEB449BEF8CF2626516C, F4F316829C3D9A62D83326732003ABAAF99024C43F02DD1E8F94C5EA3EE6E842 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
13:52:19.0591 0x1468 VBoxUSBMon - ok
13:52:19.0794 0x1468 [ 2BE85EECCC3F537C685ACF0FC4D5341C, 13FB079C220D6EB29515ED293C97DAAA6CE364C00B67B2D2251E742412DCEFAD ] VC10SecS C:\Program Files\Virtual CD v10\System\VC10SecS.exe
13:52:19.0809 0x1468 VC10SecS - ok
13:52:19.0809 0x1468 Suspicious service (NoAccess): vdrv1000
13:52:19.0981 0x1468 [ F1382BD8FDD95A3ACD5E0D88015DC2E7, 6AB88512BDD7F19F298F17FE561F1011D5E83DF9C2318C9B59473A95CB3FA449 ] vdrv1000 C:\Windows\system32\DRIVERS\vdrv1000.sys
13:52:19.0996 0x1468 vdrv1000 - detected LockedService.Multi.Generic ( 1 )
13:52:20.0605 0x1468 Detect skipped due to KSN trusted
13:52:20.0605 0x1468 vdrv1000 - ok
13:52:20.0792 0x1468 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:52:20.0808 0x1468 vdrvroot - ok
13:52:20.0964 0x1468 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
13:52:20.0995 0x1468 vds - ok
13:52:21.0073 0x1468 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:52:21.0120 0x1468 vga - ok
13:52:21.0151 0x1468 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:52:21.0182 0x1468 VgaSave - ok
13:52:21.0244 0x1468 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:52:21.0260 0x1468 vhdmp - ok
13:52:21.0338 0x1468 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:52:21.0354 0x1468 viaagp - ok
13:52:21.0385 0x1468 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:52:21.0416 0x1468 ViaC7 - ok
13:52:21.0463 0x1468 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
13:52:21.0478 0x1468 viaide - ok
13:52:21.0853 0x1468 [ 2562943B90AFA9829097FB4274276D1D, EE003EF7A3EC49CFEF2EED841482721D7A89368967BFC44CE8DD9D3BDAF0572F ] VMAuthdService C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
13:52:21.0868 0x1468 VMAuthdService - ok
13:52:21.0915 0x1468 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:52:21.0915 0x1468 vmbus - ok
13:52:21.0931 0x1468 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:52:21.0946 0x1468 VMBusHID - ok
13:52:21.0993 0x1468 [ D644FFEA14778DDA59BDA8492BCED4B6, 5146A0181AEED5727C729DE451B3F2070FF8DD4A0B32AD6BD3DEB42232B5FAE1 ] vmci C:\Windows\system32\DRIVERS\vmci.sys
13:52:22.0009 0x1468 vmci - ok
13:52:22.0087 0x1468 [ 5BADB72A9A880660BC966DC97237207B, 254BF9B4CCF70133F340E752018A4C2C139226E6ECF931962811780DD55F2841 ] vmkbd2 C:\Windows\system32\drivers\VMkbd.sys
13:52:22.0102 0x1468 vmkbd2 - ok
13:52:22.0134 0x1468 [ 872DE8E16A2821804D8E4EC76A1E38B4, 346C2EDE1A0AEA3A1B2D4C3066B1AF94FFC00B5D3401E323C0FD46D8D824C563 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
13:52:22.0134 0x1468 VMnetAdapter - ok
13:52:22.0180 0x1468 [ 2ECECADD1F5AE56F297B81F2AC464B03, 6EA6EDE53AE420EF750A14045399AAD77D07C80324C0C60E74127E350C7E7090 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
13:52:22.0196 0x1468 VMnetBridge - ok
13:52:22.0227 0x1468 [ 05A869D1B12B08B5601487CA534B5021, 07A4BE681C0C0B23CBD5C05715DAA887D4DDE6D99251BC5D748F321940C23315 ] VMnetDHCP C:\Windows\system32\vmnetdhcp.exe
13:52:22.0243 0x1468 VMnetDHCP - ok
13:52:22.0258 0x1468 [ 448788D4D9C6E7F20BA7C6487B52D44E, 8643B237262099998049D23B5BE1F65C224500E8947B2FAC798B5A00132082A4 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
13:52:22.0274 0x1468 VMnetuserif - ok
13:52:22.0383 0x1468 [ F3922FB27510E28FAC82A0DC442A900E, 11D42F62460647EADFABC29873D20CC77B117B676D30655B7919A1C0EBBFA86F ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
13:52:22.0399 0x1468 VMUSBArbService - ok
13:52:22.0446 0x1468 [ F13B73E932CACDDE5ED825BDF7AA9637, 4B6C8D82324314294AE439ACDE933E6C8E77635ADE933BC52A0CD9A68927702D ] VMware NAT Service C:\Windows\system32\vmnat.exe
13:52:22.0461 0x1468 VMware NAT Service - ok
13:52:22.0789 0x1468 [ 5591F0BB3713AB911D4021124D1FDB54, 21AB28EABBAFC41E7FF4F318D03785274EB842DCD8BDED814155FB29413769D7 ] VMwareHostd C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
13:52:22.0992 0x1468 VMwareHostd - ok
13:52:23.0038 0x1468 [ E80257E1A4B5A905857705FF5C4787AE, AA354C4A46A0B7D13584FACB9EBF699820E24D18B3EFD830E5E811C7F16BD1B4 ] vmx86 C:\Windows\system32\Drivers\vmx86.sys
13:52:23.0054 0x1468 vmx86 - ok
13:52:23.0085 0x1468 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:52:23.0085 0x1468 volmgr - ok
13:52:23.0116 0x1468 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:52:23.0132 0x1468 volmgrx - ok
13:52:23.0148 0x1468 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:52:23.0148 0x1468 volsnap - ok
13:52:23.0210 0x1468 [ B26536ADD1D748CDA104D856C979AE79, C88FBCD63DB3607232616FAB989F0FD7FB00ED542E6AC1BC76076A7C13A6FB22 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
13:52:23.0226 0x1468 vpcbus - ok
13:52:23.0257 0x1468 [ A0F7E923A6261760130F22B85DF9040E, E70ED14497262C75CC2D4B67B046BB43D8F47A4B8487D258694891E9B4C6DA44 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:52:23.0319 0x1468 vpcnfltr - ok
13:52:23.0335 0x1468 [ 5F4B55E91CE7E2523C9E1E0ECE858869, 3C395198C1845A15C4E39888383587A5E481E2761B885DBB5FC2C17C7075E6B4 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
13:52:23.0382 0x1468 vpcusb - ok
13:52:23.0444 0x1468 [ B487191FE18D6863381A1AC55482469A, 77A6C87E833E90FFD2FF51C6B28041D8AE9C6CE293DA4166E65470C18C017971 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
13:52:23.0475 0x1468 vpcvmm - ok
13:52:23.0522 0x1468 [ 9257FF91AEA61F05B200F2CBBDB67BDF, CCFC55843B526E483D31DD0FC723E5D346D78352861F6ECBC3EAD07145F317D1 ] Vsdatant C:\Windows\system32\drivers\vsdatant.sys
13:52:23.0538 0x1468 Vsdatant - ok
13:52:23.0709 0x1468 [ ABC70D66394C27F0B50E41A19E89C2D7, EFB1354DDB5599D13D5397EB34EC865D7F23344650C64C5A04622430A6B22B77 ] vsmon C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
13:52:23.0756 0x1468 vsmon - ok
13:52:23.0803 0x1468 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:52:23.0818 0x1468 vsmraid - ok
13:52:23.0850 0x1468 [ 843081D296F617DDFAE4D70F2564C852, A2F0A31AE740850996E1595E0C21E3365387B049480999ACA8DE2AE5394232E2 ] vsock C:\Windows\system32\drivers\vsock.sys
13:52:23.0865 0x1468 vsock - ok
13:52:23.0912 0x1468 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
13:52:23.0959 0x1468 VSS - ok
13:52:24.0037 0x1468 [ 43725C38A00C5667AD8CA82C1790D465, 3E06294DADE18CE1D103363C85A6F22FF53F076AE41E8772362C747B2DC16E3E ] vstor2-mntapi20-shared C:\Windows\system32\drivers\vstor2-mntapi20-shared.sys
13:52:24.0052 0x1468 vstor2-mntapi20-shared - ok
13:52:24.0084 0x1468 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:52:24.0099 0x1468 vwifibus - ok
13:52:24.0115 0x1468 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:52:24.0146 0x1468 vwififlt - ok
13:52:24.0193 0x1468 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:52:24.0224 0x1468 vwifimp - ok
13:52:24.0255 0x1468 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
13:52:24.0286 0x1468 W32Time - ok
13:52:24.0318 0x1468 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:52:24.0333 0x1468 WacomPen - ok
13:52:24.0364 0x1468 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:52:24.0380 0x1468 WANARP - ok
13:52:24.0380 0x1468 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:52:24.0396 0x1468 Wanarpv6 - ok
13:52:24.0458 0x1468 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
13:52:24.0489 0x1468 wbengine - ok
13:52:24.0505 0x1468 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:52:24.0520 0x1468 WbioSrvc - ok
13:52:24.0614 0x1468 [ 70FF13D0C853ACEA859737EC8A8D220F, 71AA16F732840EFC8DBE84C0A7C36A8036F3DDB48A289FC7DC249C2ADCEF3E89 ] WCMVCAM C:\Windows\system32\DRIVERS\wcmvcam.sys
13:52:24.0645 0x1468 WCMVCAM - ok
13:52:24.0661 0x1468 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:52:24.0676 0x1468 wcncsvc - ok
13:52:24.0692 0x1468 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:52:24.0692 0x1468 WcsPlugInService - ok
13:52:24.0723 0x1468 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
13:52:24.0723 0x1468 Wd - ok
13:52:24.0786 0x1468 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:52:24.0786 0x1468 Wdf01000 - ok
13:52:24.0801 0x1468 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:52:24.0817 0x1468 WdiServiceHost - ok
13:52:24.0832 0x1468 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:52:24.0832 0x1468 WdiSystemHost - ok
13:52:24.0864 0x1468 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
13:52:24.0895 0x1468 WebClient - ok
13:52:24.0910 0x1468 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:52:24.0926 0x1468 Wecsvc - ok
13:52:24.0926 0x1468 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:52:24.0942 0x1468 wercplsupport - ok
13:52:24.0988 0x1468 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
13:52:25.0020 0x1468 WerSvc - ok
13:52:25.0082 0x1468 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:52:25.0098 0x1468 WfpLwf - ok
13:52:25.0098 0x1468 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:52:25.0113 0x1468 WIMMount - ok
13:52:25.0160 0x1468 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:52:25.0207 0x1468 WinDefend - ok
13:52:25.0222 0x1468 WinHttpAutoProxySvc - ok
13:52:25.0285 0x1468 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:52:25.0316 0x1468 Winmgmt - ok
13:52:25.0394 0x1468 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
13:52:25.0441 0x1468 WinRM - ok
13:52:25.0519 0x1468 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:52:25.0534 0x1468 WinUsb - ok
13:52:25.0644 0x1468 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:52:25.0675 0x1468 Wlansvc - ok
13:52:26.0158 0x1468 [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:52:26.0190 0x1468 wlidsvc - ok
13:52:26.0252 0x1468 [ 1F596392149CAC51F7C095AF7D533934, 7D8649D951E7719DE49B5E7BA4296A0736753A73FE30A45F96F370ADD81E6B2B ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
13:52:26.0252 0x1468 WmHidLo - ok
13:52:26.0314 0x1468 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:52:26.0314 0x1468 WmiAcpi - ok
13:52:26.0330 0x1468 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:52:26.0361 0x1468 wmiApSrv - ok
13:52:26.0455 0x1468 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:52:26.0486 0x1468 WMPNetworkSvc - ok
13:52:26.0548 0x1468 [ 6F04646BC690F8BBFC344BE32A60796D, DE2B4BE88CE38D6297F58BE2C643A3838C0470E2E3AB6289755E39B5E59061D7 ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
13:52:26.0564 0x1468 WmVirHid - ok
13:52:26.0626 0x1468 [ 1D6CA43D562333F4DFB40BCEF2453F3A, BEEC5587ACE8ABF1DB0B9B68E43B29082AA2F4A6415CEC8536086944D506A704 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
13:52:26.0626 0x1468 WmXlCore - ok
13:52:26.0642 0x1468 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:52:26.0658 0x1468 WPCSvc - ok
13:52:26.0673 0x1468 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:52:26.0689 0x1468 WPDBusEnum - ok
13:52:26.0704 0x1468 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:52:26.0736 0x1468 ws2ifsl - ok
13:52:26.0751 0x1468 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
13:52:26.0767 0x1468 wscsvc - ok
13:52:26.0767 0x1468 WSearch - ok
13:52:26.0845 0x1468 [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
13:52:26.0892 0x1468 wuauserv - ok
13:52:26.0907 0x1468 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:52:26.0938 0x1468 WudfPf - ok
13:52:26.0985 0x1468 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:52:27.0016 0x1468 WUDFRd - ok
13:52:27.0063 0x1468 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:52:27.0094 0x1468 wudfsvc - ok
13:52:27.0126 0x1468 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
13:52:27.0141 0x1468 WwanSvc - ok
13:52:27.0297 0x1468 [ DAA74DB95EB93E7493884FCB71F90617, 5368B179479A5C4F061D8FF4DE18AEF39A14855ACFBA1D47A21BDB67697CE649 ] WZCOOK C:\Users\Friedrich\Desktop\Exploit Sets\aircrack 2.1\win32\wzcook.exe
13:52:27.0313 0x1468 WZCOOK - detected UnsignedFile.Multi.Generic ( 1 )
13:52:28.0218 0x1468 Detect skipped due to KSN trusted
13:52:28.0218 0x1468 WZCOOK - ok
13:52:28.0342 0x1468 [ CE0C846127D6ABB1E2A22E59682B2527, 9FDDECDC964A2E0AD306C68E1CF6B8B77388BBD0EC7642B61EE03273381777F7 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
13:52:28.0374 0x1468 xnacc - ok
13:52:28.0452 0x1468 [ 276842A27953BE204A2507096F09B1F3, 9D614C5D3BB679CCF15CA6DD044318692EA6D89B89D80D690E79A1C0B941430F ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
13:52:28.0467 0x1468 xusb21 - ok
13:52:28.0530 0x1468 [ A8A49F0427D783BFF78BC3226B4ABD0D, BE074147C825292C5A4CB859EE0238061511753F24348975BC51B313F370DD2C ] ZAPrivacyService C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
13:52:28.0545 0x1468 ZAPrivacyService - ok
13:52:28.0686 0x1468 [ A0E02EE5D259CBC2A0844E9AEB5DC9DD, F3FC69545E48407AEA01D8F1443C3D6F2FDEAF5683B4B319ABDDD1B03983B58E ] ZoneAlarm AntiTheft C:\Program Files\CheckPoint\AntiTheft\Antitheft.exe
13:52:28.0732 0x1468 ZoneAlarm AntiTheft - ok
13:52:28.0810 0x1468 [ 3CB263CF60B253BEAD6E0205E1FA5669, 2BE90700FBB6DACBAE600065F1F364828DC91036F9A7EAB5156B9BDC6DF398A9 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
13:52:28.0826 0x1468 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
13:52:28.0857 0x1468 ================ Scan global ===============================
13:52:28.0888 0x1468 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
13:52:28.0920 0x1468 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
13:52:28.0935 0x1468 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
13:52:28.0966 0x1468 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
13:52:28.0998 0x1468 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
13:52:28.0998 0x1468 [ Global ] - ok
__________________ |
|
28.03.2015, 14:57
| #19 |
| | re 7.2 TDSKiller-LOG: Teil 2 Code:
ATTFilter 13:52:28.0998 0x1468 ================ Scan MBR ==================================
13:52:28.0998 0x1468 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:52:29.0122 0x1468 \Device\Harddisk0\DR0 - ok
13:52:29.0138 0x1468 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:52:29.0341 0x1468 \Device\Harddisk1\DR1 - ok
13:52:29.0341 0x1468 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk3\DR3
13:52:29.0873 0x1468 \Device\Harddisk3\DR3 - ok
13:52:29.0873 0x1468 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
13:52:30.0248 0x1468 \Device\Harddisk2\DR2 - ok
13:52:30.0248 0x1468 ================ Scan VBR ==================================
13:52:30.0248 0x1468 [ 2304D6384339F03F022DDB0DABA41E42 ] \Device\Harddisk0\DR0\Partition1
13:52:30.0279 0x1468 \Device\Harddisk0\DR0\Partition1 - ok
13:52:30.0294 0x1468 [ B3F6234387526643305E8FB300708F0C ] \Device\Harddisk1\DR1\Partition1
13:52:30.0357 0x1468 \Device\Harddisk1\DR1\Partition1 - ok
13:52:30.0357 0x1468 [ 9C0228DE540D2D235A548B2A40644D90 ] \Device\Harddisk3\DR3\Partition1
13:52:30.0450 0x1468 \Device\Harddisk3\DR3\Partition1 - ok
13:52:30.0450 0x1468 [ 89EE3C2FD4D144EF6F7FE36D5DE95218 ] \Device\Harddisk2\DR2\Partition1
13:52:30.0513 0x1468 \Device\Harddisk2\DR2\Partition1 - ok
13:52:30.0513 0x1468 [ 234F1DDB7B0FD306282AB036208E4D3E ] \Device\Harddisk2\DR2\Partition2
13:52:30.0575 0x1468 \Device\Harddisk2\DR2\Partition2 - ok
13:52:30.0575 0x1468 ================ Scan generic autorun ======================
13:52:30.0622 0x1468 [ 0C944B589C7959F4F271F833D8B1489A, BB15DEDE6C8C280B7A4C14FD03C5BB9B040FEFFE0F06830B126952CF265E1FE9 ] C:\Program Files\Virtual CD v10\System\VC10Play.exe
13:52:30.0638 0x1468 VC10Player - ok
13:52:30.0669 0x1468 [ 796227FCA947A0B8E3D6A097B27F2363, F14B1F8CF253A27554D4C24228911355FA475AABF086B66A498E825E8E3CBFA5 ] C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
13:52:30.0669 0x1468 USB3MON - ok
13:52:30.0716 0x1468 [ 1B4F1E30129D8F511CCF35002D3BC43D, 5F6DB243387B4775BFEF74C8D8AEA25F8E82F3462CE294555FD0281587EE430B ] C:\Program Files\CheckPoint\AKL\AkSA.exe
13:52:30.0747 0x1468 ISW - ok
13:52:30.0825 0x1468 [ DD15D9965943525DB892296B3DE6E263, 17ACDA449D284DDDA27BF30E5055F549DEFDAEBB8F05E4D13F199CE7886F6846 ] C:\Program Files\Microsoft LifeCam\LifeExp.exe
13:52:30.0840 0x1468 LifeCam - ok
13:52:30.0950 0x1468 [ D468102B308978A0D60E11E8E120FDC8, F52CD70AC28F42299820218FFA633570B9741B3960486486176E9EDDE176690E ] C:\Program Files\Razer\Synapse\RzSynapse.exe
13:52:30.0981 0x1468 Razer Synapse - ok
13:52:30.0996 0x1468 [ 9D197E4D8D7ED5302609808CD21D56C0, E8343971C9E5141C9A26E552063666BB3AA1067FD7E7F9462976D07F1D9D5DE1 ] C:\Program Files\Logitech\Gaming Software\LWEMon.exe
13:52:31.0012 0x1468 Start WingMan Profiler - ok
13:52:31.0106 0x1468 [ 3D9405DC4F26BF0FE6138AE8DC2D4F9F, F6348C4FE965F6BC1A04ACB187B2600B5DE19E5C497BDAFB4A0C4B1B5B486CD3 ] C:\Program Files\Kalenderchen\Kalenderchen.exe
13:52:31.0171 0x1468 DMS-Kalenderchen - detected UnsignedFile.Multi.Generic ( 1 )
13:52:31.0770 0x1468 Detect skipped due to KSN trusted
13:52:31.0770 0x1468 DMS-Kalenderchen - ok
13:52:31.0770 0x1468 Waiting for KSN requests completion. In queue: 166
13:52:32.0848 0x1468 AV detected via SS2: ZoneAlarm Extreme Security Antivirus, C:\Program Files\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.2.15.0 ), 0x40000 ( disabled : updated )
13:52:32.0848 0x1468 FW detected via SS2: ZoneAlarm Extreme Security Firewall, C:\Program Files\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.2.15.0 ), 0x40010 ( disabled )
13:52:32.0848 0x1468 Win FW state via NFP2: enabled
13:52:33.0379 0x1468 ============================================================
13:52:33.0379 0x1468 Scan finished
13:52:33.0379 0x1468 ============================================================
13:52:33.0379 0x1460 Detected object count: 1
13:52:33.0379 0x1460 Actual detected object count: 1
13:53:07.0003 0x1460 nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:53:07.0003 0x1460 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
__________________ Where do you want to go today?  |
|
28.03.2015, 21:58
| #20 |
| /// the machine /// TB-Ausbilder | svchost.exe greift auf clickhosterseiten zu (im hintergrund) Benutzt Du irgend ne Disk-Verschlüsselung? Daher kann der Forged EIntrag kommen. Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.03.2015, 09:57
| #21 |
| | re8 Moin Schrauber, Damit wir im System rumwerkeln können, habe ich nun alle festplatten bis auf meine zwei 3TB hd's vom mainboard abgesteckt, und mit Acronis 2014(BootCD) Laufwerk C: auf die andere festplatte geklont. Die Hauptfestplatte bezeichnen wir als WD Black, das geklonte System als WD Red. Da es kein GPT ist, werden logischerweise nur jeweils 2TB von win erkannt. der rest ist jeweils 'unalloziiert'. Nun habe ich die WD Black mal abgesteckt, und das geklonte system auf der WD Red gestartet. JEtzt wird es spannend, dort nämlich passieren die seltsamen Verbindungsaufrufe nicht!! Formatiere ich jetzt die WD Black(hauptfestplatte) und klone von der WD Red das system auf die WD Black zurück, spielt die svchost wieder eigenleben (auf der WD Black). Also vermute ich das entweder die spyware nur auf den Vendor/DeviceID reagiert, der bootmanger oder bootsector irgendwie befallen ist, oder evtl was im 'unalloziierten bereich' liegt. Eine Verschlüsselung wurde nicht eingesetzt. Hier ein Screenshot von dem geklonten system das knapp 40 min. läuft ohne svchost-verhalten, im Anhang: PS: Wir können uns also auf Laufwerk C: austoben.  MBR -LOG. FZEX = WD Black, EFRX = WD Red Code:
ATTFilter Detected Windows version: 6.1 Build 7601 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x000000E0
2 valid drive(s) found.
Details for Disk 0 - WDC WD3003FZEX-00Z4SA0 Rev 01.01A01:
Device name : \\.\PhysicalDrive0
Geometry (C/H/S) : 364801/255/63
Boot loader reputation : Known Good (Windows 7)
Cross view comparison : Passed
Partition table integrity: Passed
Boot loader hashes
SHA-1 : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
MD5 : A36C5E4F47E84449FF07ED3517B43A31
Details for Disk 1 - WDC WD30EFRX-68EUZN0 Rev 80.00A80:
Device name : \\.\PhysicalDrive1
Geometry (C/H/S) : 364801/255/63
Boot loader reputation : Known Good (Windows 7)
Cross view comparison : Passed
Partition table integrity: Passed
Boot loader hashes
SHA-1 : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
MD5 : A36C5E4F47E84449FF07ED3517B43A31
__________________ --> svchost.exe greift auf clickhosterseiten zu (im hintergrund) |
|
29.03.2015, 16:26
| #22 |
| /// the machine /// TB-Ausbilder | svchost.exe greift auf clickhosterseiten zu (im hintergrund) Was sagt denn MBAR jetzt zu beiden Platten?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.03.2015, 05:53
| #23 |
| | re9 Malwarebytes Anti Rootkit-LOG: WD Black Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2015.03.30.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
Friedrich :: DSLSERVICE [administrator]
30.03.2015 05:44:15
mbar-log-2015-03-30 (05-44-15).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 453635
Time elapsed: 47 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 4
Physical Sector #5860513168 on Drive #0 (Forged physical sector) -> No action taken.
Physical Sector #5860515472 on Drive #0 (Forged physical sector) -> No action taken.
Physical Sector #5860515508 on Drive #0 (Forged physical sector) -> No action taken.
Physical Sector #5860515544 on Drive #0 (Forged physical sector) -> No action taken.
(end)
Malwarebytes Anti Rootkit-LOG: WD Red Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2015.03.30.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
Friedrich :: DSLSERVICE [administrator]
30.03.2015 04:16:00
mbar-log-2015-03-30 (04-16-00).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 453550
Time elapsed: 52 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 1
Physical Sector #5860513168 on Drive #0 (Forged physical sector) -> No action taken.
(end)
__________________ Where do you want to go today? |
|
30.03.2015, 17:15
| #24 |
| /// the machine /// TB-Ausbilder | svchost.exe greift auf clickhosterseiten zu (im hintergrund) Bei Black mal löschen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.03.2015, 19:35
| #25 |
| | re10 Grüß dich Schrauber, Du wirst es nicht glauben, aber Tatsächlich war die malware (welche auch immer) in den "Forged physical sector" versteckt. Die verbindungsaufrufe finden nun nichtmehr statt! pff wer hätte das gedacht, bin erstaunt. Zwar sind nach neustart die Forged physical sector's wieder da, jedoch kein Malwareauftreten mehr zu beobachten. Genial. aber wie kann das sein. Was sind diese 'vergessenen sectoren' ??!? Malwarebytes Anti Rootkit-LOG: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2015.03.30.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
Friedrich :: DSLSERVICE [administrator]
30.03.2015 18:44:48
mbar-log-2015-03-30 (18-44-48).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 452982
Time elapsed: 44 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 4
Physical Sector #5860513168 on Drive #0 (Forged physical sector) -> Replace on reboot.
Physical Sector #5860515472 on Drive #0 (Forged physical sector) -> Replace on reboot.
Physical Sector #5860515508 on Drive #0 (Forged physical sector) -> Replace on reboot.
Physical Sector #5860515544 on Drive #0 (Forged physical sector) -> Replace on reboot.
(end)
Nach dem neustart hab ich nochmal gescannt, die sektoren sind wieder da aber die malware wohl hin und fort. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2015.03.30.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
Friedrich :: DSLSERVICE [administrator]
30.03.2015 19:39:21
mbar-log-2015-03-30 (19-39-21).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 129976
Time elapsed: 35 minute(s), 15 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 4
Physical Sector #5860513168 on Drive #0 (Forged physical sector) -> No action taken.
Physical Sector #5860515472 on Drive #0 (Forged physical sector) -> No action taken.
Physical Sector #5860515508 on Drive #0 (Forged physical sector) -> No action taken.
Physical Sector #5860515544 on Drive #0 (Forged physical sector) -> No action taken.
(end)
__________________ Where do you want to go today? |
|
31.03.2015, 05:21
| #26 |
| /// the machine /// TB-Ausbilder | svchost.exe greift auf clickhosterseiten zu (im hintergrund) das heisst nicht vergessen, sondern gefälscht 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.04.2015, 12:26
| #27 |
| |  re10.1 Ach jaa, sorry Forged, ich las 'forget' *ditsch*. Habe das jetzt über die Woche hin beobachtet und bisher ist alles soweit clean. Damit können wir den Thread hier abschließen und ich bedanke mich nochmals für deine tolle Unterstützung. Ohne die wir vermutlich nicht auf die Sektoren gestoßen wären. Danke. mfg. Friedrich 
__________________ Where do you want to go today? |
|
06.04.2015, 17:49
| #28 |
| /// the machine /// TB-Ausbilder | svchost.exe greift auf clickhosterseiten zu (im hintergrund) Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst... und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu svchost.exe greift auf clickhosterseiten zu (im hintergrund) |
| antivirus, bho, bluescreen, cashclicker, chromium, clickjacking, combofix, desktop, festplatte, firefox, helper, hijack, hängt, internet explorer, junkware, logfile, malware, mozilla, netzwerk, problem, realtek, registry, scan, security, software, svchost, svchost.exe, system, updates, usb |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
