| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malware BefallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.07.2016, 01:30
| #1 |
| |  Malware Befall Guten Abend, Ich hab ein kleines Problem mein adwcleaner findet in Meinem system ***** [ Folders ] ***** Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ***** [ Files ] ***** File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal entfernt es auch aber so wie ich google chrome öffne ist es wieder da ich bin ein wenig ratlos. |
|
08.07.2016, 06:09
| #2 |
| /// TB-Ausbilder   | Malware Befall Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
08.07.2016, 09:36
| #3 |
| | Malware Befall Hallo Matthias, Danke für deine schnelle Antwort.
__________________FRST: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by user (administrator) on USARUS (08-07-2016 10:24:05)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (Update) (X64) Language: Englisch (Großbritannien)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-03-28] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-28] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C9C9EA59-0D5C-446D-B32B-4B43A299F5FE}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-265705268-327926828-2355950754-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-265705268-327926828-2355950754-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> {205F75E7-9F3D-4B05-ABC4-F803E24E6A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {205F75E7-9F3D-4B05-ABC4-F803E24E6A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-265705268-327926828-2355950754-1001 -> {205F75E7-9F3D-4B05-ABC4-F803E24E6A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-20]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-20]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-20]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-20]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-20]
CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-20]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-06]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-08]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-28] (IDT, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmcsp; C:\Windows\System32\drivers\amdkmcsp.sys [85704 2014-06-17] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-06-17] (Advanced Micro Devices, Inc.)
S0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [230088 2014-06-17] (Advanced Micro Devices, Inc. )
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-08 10:24 - 2016-07-08 10:24 - 00010738 _____ C:\Users\user\Desktop\FRST.txt
2016-07-08 10:23 - 2016-07-08 10:24 - 00000000 ____D C:\FRST
2016-07-08 10:22 - 2016-07-08 10:22 - 02390016 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-07-05 00:43 - 2016-07-05 00:43 - 03712064 _____ C:\Users\user\Downloads\adwcleaner_5.201.exe
2016-06-08 21:14 - 2016-06-08 21:24 - 00000000 ____D C:\Users\user\Downloads\Farid Bang - Blut (Deluxe Edition) (2016)
2016-06-08 19:54 - 2016-06-08 20:50 - 171892817 _____ C:\Users\user\Downloads\M2550.rar
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-08 10:12 - 2016-01-20 05:47 - 00001128 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-08 03:11 - 2016-01-03 04:20 - 00000000 ____D C:\AdwCleaner
2016-07-08 03:11 - 2014-11-28 20:30 - 00065536 _____ C:\windows\system32\spu_storage.bin
2016-07-08 03:11 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-08 03:04 - 2016-01-20 05:47 - 00001132 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-08 02:21 - 2015-12-30 03:39 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-08 02:14 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-07-08 01:32 - 2015-12-29 23:29 - 00000000 ____D C:\Users\user\AppData\Roaming\TS3Client
2016-07-02 13:54 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2016-06-30 13:23 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-06-24 17:49 - 2015-12-29 13:31 - 00000000 ____D C:\Users\user\AppData\Local\TeamSpeak 3 Client
2016-06-23 22:02 - 2016-01-20 08:06 - 00007602 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-06-20 20:00 - 2015-12-29 13:17 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-265705268-327926828-2355950754-1001
2016-06-20 13:11 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 01:05 - 2016-01-20 05:48 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 01:05 - 2016-01-20 05:48 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-15 22:40 - 2016-01-12 02:19 - 00484008 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-09 16:48 - 2014-11-29 05:22 - 00755596 _____ C:\windows\system32\perfh007.dat
2016-06-09 16:48 - 2014-11-29 05:22 - 00172696 _____ C:\windows\system32\perfc007.dat
2016-06-09 16:48 - 2014-03-18 17:32 - 01783968 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-09 16:43 - 2016-03-16 13:22 - 00000132 _____ C:\Users\user\Desktop\Neues Textdokument.txt
2016-06-09 16:40 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
==================== Files in the root of some directories =======
2016-01-20 08:06 - 2016-06-23 22:02 - 0007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-07 13:41
==================== End of FRST.txt ============================
--- --- --- --- --- --- Addition: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by user (administrator) on USARUS (08-07-2016 10:24:05)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (Update) (X64) Language: Englisch (Großbritannien)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-03-28] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-28] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C9C9EA59-0D5C-446D-B32B-4B43A299F5FE}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-265705268-327926828-2355950754-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-265705268-327926828-2355950754-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> {205F75E7-9F3D-4B05-ABC4-F803E24E6A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {205F75E7-9F3D-4B05-ABC4-F803E24E6A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-265705268-327926828-2355950754-1001 -> {205F75E7-9F3D-4B05-ABC4-F803E24E6A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-20]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-20]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-20]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-20]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-20]
CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-20]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-06]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-08]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-28] (IDT, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmcsp; C:\Windows\System32\drivers\amdkmcsp.sys [85704 2014-06-17] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-06-17] (Advanced Micro Devices, Inc.)
S0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [230088 2014-06-17] (Advanced Micro Devices, Inc. )
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-08 10:24 - 2016-07-08 10:24 - 00010738 _____ C:\Users\user\Desktop\FRST.txt
2016-07-08 10:23 - 2016-07-08 10:24 - 00000000 ____D C:\FRST
2016-07-08 10:22 - 2016-07-08 10:22 - 02390016 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-07-05 00:43 - 2016-07-05 00:43 - 03712064 _____ C:\Users\user\Downloads\adwcleaner_5.201.exe
2016-06-08 21:14 - 2016-06-08 21:24 - 00000000 ____D C:\Users\user\Downloads\Farid Bang - Blut (Deluxe Edition) (2016)
2016-06-08 19:54 - 2016-06-08 20:50 - 171892817 _____ C:\Users\user\Downloads\M2550.rar
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-08 10:12 - 2016-01-20 05:47 - 00001128 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-08 03:11 - 2016-01-03 04:20 - 00000000 ____D C:\AdwCleaner
2016-07-08 03:11 - 2014-11-28 20:30 - 00065536 _____ C:\windows\system32\spu_storage.bin
2016-07-08 03:11 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-08 03:04 - 2016-01-20 05:47 - 00001132 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-08 02:21 - 2015-12-30 03:39 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-08 02:14 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-07-08 01:32 - 2015-12-29 23:29 - 00000000 ____D C:\Users\user\AppData\Roaming\TS3Client
2016-07-02 13:54 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2016-06-30 13:23 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-06-24 17:49 - 2015-12-29 13:31 - 00000000 ____D C:\Users\user\AppData\Local\TeamSpeak 3 Client
2016-06-23 22:02 - 2016-01-20 08:06 - 00007602 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-06-20 20:00 - 2015-12-29 13:17 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-265705268-327926828-2355950754-1001
2016-06-20 13:11 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 01:05 - 2016-01-20 05:48 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 01:05 - 2016-01-20 05:48 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-15 22:40 - 2016-01-12 02:19 - 00484008 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-09 16:48 - 2014-11-29 05:22 - 00755596 _____ C:\windows\system32\perfh007.dat
2016-06-09 16:48 - 2014-11-29 05:22 - 00172696 _____ C:\windows\system32\perfc007.dat
2016-06-09 16:48 - 2014-03-18 17:32 - 01783968 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-09 16:43 - 2016-03-16 13:22 - 00000132 _____ C:\Users\user\Desktop\Neues Textdokument.txt
2016-06-09 16:40 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
==================== Files in the root of some directories =======
2016-01-20 08:06 - 2016-06-23 22:02 - 0007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-07 13:41
==================== End of FRST.txt ============================
--- --- --- --- --- --- |
|
08.07.2016, 09:37
| #4 |
| | Malware Befall TDSSKiller: Code:
ATTFilter 10:27:58.0621 0x0f7c TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
10:27:58.0621 0x0f7c UEFI system
10:28:11.0335 0x0f7c ============================================================
10:28:11.0335 0x0f7c Current date / time: 2016/07/08 10:28:11.0335
10:28:11.0335 0x0f7c SystemInfo:
10:28:11.0335 0x0f7c
10:28:11.0335 0x0f7c OS Version: 6.3.9600 ServicePack: 0.0
10:28:11.0335 0x0f7c Product type: Workstation
10:28:11.0335 0x0f7c ComputerName: USARUS
10:28:11.0335 0x0f7c UserName: user
10:28:11.0335 0x0f7c Windows directory: C:\windows
10:28:11.0335 0x0f7c System windows directory: C:\windows
10:28:11.0335 0x0f7c Running under WOW64
10:28:11.0335 0x0f7c Processor architecture: Intel x64
10:28:11.0335 0x0f7c Number of processors: 4
10:28:11.0335 0x0f7c Page size: 0x1000
10:28:11.0335 0x0f7c Boot type: Normal boot
10:28:11.0335 0x0f7c ============================================================
10:28:11.0807 0x0f7c KLMD registered as C:\windows\system32\drivers\77245880.sys
10:28:12.0956 0x0f7c System UUID: {9D5C93BD-71A5-9C03-94D1-8D229C48C37D}
10:28:13.0637 0x0f7c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:28:13.0653 0x0f7c ============================================================
10:28:13.0653 0x0f7c \Device\Harddisk0\DR0:
10:28:13.0653 0x0f7c GPT partitions:
10:28:13.0653 0x0f7c \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {559D839E-0903-4087-A533-E9F1DD36E657}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
10:28:13.0653 0x0f7c \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {A563D233-0F50-4F70-9DA4-0D83525EF646}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
10:28:13.0653 0x0f7c \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8026ABC7-EDAC-41C8-9CD8-7A42A705340B}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
10:28:13.0653 0x0f7c \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E8231315-95E9-46D0-B7AA-C8C6E689B7C5}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0x724FE000
10:28:13.0653 0x0f7c \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C8B6E7AC-4678-4DEA-A331-AB1C1EC6C46C}, Name: Basic data partition, StartLBA 0x727F2000, BlocksNum 0x1F12000
10:28:13.0653 0x0f7c MBR partitions:
10:28:13.0653 0x0f7c ============================================================
10:28:13.0669 0x0f7c C: <-> \Device\Harddisk0\DR0\Partition4
10:28:13.0715 0x0f7c D: <-> \Device\Harddisk0\DR0\Partition5
10:28:13.0715 0x0f7c ============================================================
10:28:13.0715 0x0f7c Initialize success
10:28:13.0715 0x0f7c ============================================================
10:28:50.0849 0x08e8 ============================================================
10:28:50.0849 0x08e8 Scan started
10:28:50.0849 0x08e8 Mode: Manual; SigCheck; TDLFS;
10:28:50.0849 0x08e8 ============================================================
10:28:50.0849 0x08e8 KSN ping started
10:28:53.0194 0x08e8 KSN ping finished: true
10:28:54.0158 0x08e8 ================ Scan system memory ========================
10:28:54.0158 0x08e8 System memory - ok
10:28:54.0158 0x08e8 ================ Scan services =============================
10:28:54.0265 0x08e8 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\windows\System32\drivers\1394ohci.sys
10:28:54.0297 0x08e8 1394ohci - ok
10:28:54.0308 0x08e8 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\windows\system32\drivers\3ware.sys
10:28:54.0326 0x08e8 3ware - ok
10:28:54.0352 0x08e8 [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI C:\windows\system32\drivers\ACPI.sys
10:28:54.0372 0x08e8 ACPI - ok
10:28:54.0380 0x08e8 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\windows\system32\Drivers\acpiex.sys
10:28:54.0389 0x08e8 acpiex - ok
10:28:54.0404 0x08e8 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\windows\System32\drivers\acpipagr.sys
10:28:54.0413 0x08e8 acpipagr - ok
10:28:54.0426 0x08e8 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\windows\System32\drivers\acpipmi.sys
10:28:54.0435 0x08e8 AcpiPmi - ok
10:28:54.0450 0x08e8 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\windows\System32\drivers\acpitime.sys
10:28:54.0459 0x08e8 acpitime - ok
10:28:54.0486 0x08e8 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\windows\system32\drivers\ADP80XX.SYS
10:28:54.0518 0x08e8 ADP80XX - ok
10:28:54.0548 0x08e8 [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc C:\windows\System32\aelupsvc.dll
10:28:54.0561 0x08e8 AeLookupSvc - ok
10:28:54.0590 0x08e8 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\windows\system32\drivers\afd.sys
10:28:54.0609 0x08e8 AFD - ok
10:28:54.0624 0x08e8 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\windows\system32\drivers\agp440.sys
10:28:54.0632 0x08e8 agp440 - ok
10:28:54.0660 0x08e8 [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache C:\windows\system32\DRIVERS\ahcache.sys
10:28:54.0670 0x08e8 ahcache - ok
10:28:54.0676 0x08e8 [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG C:\windows\System32\alg.exe
10:28:54.0687 0x08e8 ALG - ok
10:28:54.0710 0x08e8 [ 606C8F129FE18D6E3EA2FD542D43D72D, 1BDB9B1C3C8345429FFF25189DCA16F4174F29B5C5DFD5AEB5C277CD4E6EBCA8 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
10:28:54.0726 0x08e8 AMD External Events Utility - ok
10:28:54.0788 0x08e8 [ B12D8F8A42080B955D027EE56F5BD1C3, AA4763AF1D77F7F1FF3BFEC5B800E7E38F954C1488B19ED645B04FEC4D771A1C ] AMD FUEL Service C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
10:28:54.0798 0x08e8 AMD FUEL Service - detected UnsignedFile.Multi.Generic ( 1 )
10:28:57.0214 0x08e8 Detect skipped due to KSN trusted
10:28:57.0214 0x08e8 AMD FUEL Service - ok
10:28:57.0261 0x08e8 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\windows\System32\drivers\amdk8.sys
10:28:57.0276 0x08e8 AmdK8 - ok
10:28:57.0292 0x08e8 [ 02F26B62F44850545B78850B662C9EB5, 341492715263CFB1A56951FC5A2FA76483FC75FA185ADBDA9D31C0EEB8172D07 ] amdkmcsp C:\windows\System32\drivers\amdkmcsp.sys
10:28:57.0308 0x08e8 amdkmcsp - ok
10:28:57.0308 0x08e8 amdkmdag - ok
10:28:57.0354 0x08e8 [ C0C27A1094F6EA978FB2CAACFDE0E594, 9B481D55ED3D55A975CB1EB32DD0DB9AD032D592585A5799F81918EFB7843AAE ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
10:28:57.0370 0x08e8 amdkmdap - ok
10:28:57.0386 0x08e8 [ C04F35935BF6274F5593B78C7B295760, 29BC36696B3D5C75DEF9C9D96D3C06E5C6D964A00B4D5CD354CB08002E085191 ] amdkmpfd C:\windows\system32\drivers\amdkmpfd.sys
10:28:57.0401 0x08e8 amdkmpfd - ok
10:28:57.0417 0x08e8 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\windows\System32\drivers\amdppm.sys
10:28:57.0417 0x08e8 AmdPPM - ok
10:28:57.0433 0x08e8 [ 1EDE6ADCA69E2F44EE2628DD4DAA30C5, A49875468FC592C2657534DFF443DA19BA02C3F0DC0F8192CD5A270C43C88B62 ] amdpsp C:\windows\system32\drivers\amdpsp.sys
10:28:57.0448 0x08e8 amdpsp - ok
10:28:57.0448 0x08e8 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\windows\system32\drivers\amdsata.sys
10:28:57.0464 0x08e8 amdsata - ok
10:28:57.0479 0x08e8 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
10:28:57.0495 0x08e8 amdsbs - ok
10:28:57.0495 0x08e8 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\windows\system32\drivers\amdxata.sys
10:28:57.0511 0x08e8 amdxata - ok
10:28:57.0526 0x08e8 [ 5EA556BC3AECA6ADD398B13D898C52D3, A5EA0A827DCD146E1A1CCF3A4A58CA0CE06AAF3D36F209F932D7B796F4E89A8F ] amd_sata C:\windows\system32\drivers\amd_sata.sys
10:28:57.0542 0x08e8 amd_sata - ok
10:28:57.0542 0x08e8 [ B5A18CB1C6D7DD5C5393E7A79CE79826, 2A5AB52BCD98B7C7C1FC98D56FD9C9E99A2345841A221AF860AC64C4B9ED199E ] amd_xata C:\windows\system32\drivers\amd_xata.sys
10:28:57.0558 0x08e8 amd_xata - ok
10:28:57.0589 0x08e8 [ E5F36F2FF6E8BC2E9E51655489EA753D, 83A7BA29D411C039511A9306C0136099572EE8E306E1C87207F3E721568C0136 ] AmUStor C:\windows\system32\drivers\AmUStor.SYS
10:28:57.0589 0x08e8 AmUStor - ok
10:28:57.0604 0x08e8 [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3 C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:28:57.0620 0x08e8 AODDriver4.3 - ok
10:28:57.0651 0x08e8 [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc C:\windows\system32\inetsrv\apphostsvc.dll
10:28:57.0667 0x08e8 AppHostSvc - ok
10:28:57.0683 0x08e8 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\windows\system32\drivers\appid.sys
10:28:57.0683 0x08e8 AppID - ok
10:28:57.0698 0x08e8 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\windows\System32\appidsvc.dll
10:28:57.0714 0x08e8 AppIDSvc - ok
10:28:57.0729 0x08e8 [ 8D6F535461F6CFF75A8ADDF83024C904, F2A97EC4A6284F28B685A3CE2D450F61E75EE8692D718A6AA352D5734BBBAD7B ] Appinfo C:\windows\System32\appinfo.dll
10:28:57.0745 0x08e8 Appinfo - ok
10:28:57.0761 0x08e8 [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness C:\windows\system32\AppReadiness.dll
10:28:57.0776 0x08e8 AppReadiness - ok
10:28:57.0834 0x08e8 [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc C:\windows\system32\appxdeploymentserver.dll
10:28:57.0868 0x08e8 AppXSvc - ok
10:28:57.0899 0x08e8 [ CF6E96336D3B247AB48F28CC570B83D8, B606BE7A2127E8FD3C7DFFEE844EFC8ABCBD08FE48384692B7B5928970AD54E3 ] APXACC C:\windows\system32\DRIVERS\appexDrv.sys
10:28:57.0911 0x08e8 APXACC - ok
10:28:57.0937 0x08e8 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\windows\system32\drivers\arcsas.sys
10:28:57.0947 0x08e8 arcsas - ok
10:28:58.0004 0x08e8 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:28:58.0012 0x08e8 aspnet_state - ok
10:28:58.0018 0x08e8 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\windows\system32\drivers\atapi.sys
10:28:58.0026 0x08e8 atapi - ok
10:28:58.0050 0x08e8 [ 886767FD022213F7885416134E9082E5, E248D82210FBEBF62C23EBEC74A976B2D1A4E62D3B7638D95B2574B77BA05DD0 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
10:28:58.0063 0x08e8 AudioEndpointBuilder - ok
10:28:58.0089 0x08e8 [ 79B134ECE836B406B212E28C24011538, 1B875DD23CCAD8A2759DCDBCDCF3DE14231B9DB5EEC8E84FE081E41A52A047A1 ] Audiosrv C:\windows\System32\Audiosrv.dll
10:28:58.0114 0x08e8 Audiosrv - ok
10:28:58.0135 0x08e8 [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV C:\windows\System32\AxInstSV.dll
10:28:58.0145 0x08e8 AxInstSV - ok
10:28:58.0173 0x08e8 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
10:28:58.0183 0x08e8 b06bdrv - ok
10:28:58.0210 0x08e8 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\windows\System32\drivers\BasicDisplay.sys
10:28:58.0218 0x08e8 BasicDisplay - ok
10:28:58.0224 0x08e8 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\windows\System32\drivers\BasicRender.sys
10:28:58.0232 0x08e8 BasicRender - ok
10:28:58.0260 0x08e8 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\windows\System32\drivers\bcmfn2.sys
10:28:58.0268 0x08e8 bcmfn2 - ok
10:28:58.0283 0x08e8 [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC C:\windows\System32\bdesvc.dll
10:28:58.0299 0x08e8 BDESVC - ok
10:28:58.0314 0x08e8 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\windows\system32\drivers\Beep.sys
10:28:58.0330 0x08e8 Beep - ok
10:28:58.0377 0x08e8 [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE C:\windows\System32\bfe.dll
10:28:58.0408 0x08e8 BFE - ok
10:28:58.0439 0x08e8 [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS C:\windows\System32\qmgr.dll
10:28:58.0471 0x08e8 BITS - ok
10:28:58.0502 0x08e8 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:28:58.0518 0x08e8 Bonjour Service - ok
10:28:58.0518 0x08e8 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\windows\system32\DRIVERS\bowser.sys
10:28:58.0533 0x08e8 bowser - ok
10:28:58.0564 0x08e8 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
10:28:58.0580 0x08e8 BrokerInfrastructure - ok
10:28:58.0596 0x08e8 [ D528D6A92D187777691993DD757AF19A, 2C79978310193431E5FC462368424A172858D5351C92D4815C2A7E35B5DDE50C ] Browser C:\windows\System32\browser.dll
10:28:58.0611 0x08e8 Browser - ok
10:28:58.0611 0x08e8 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\windows\System32\drivers\BthAvrcpTg.sys
10:28:58.0627 0x08e8 BthAvrcpTg - ok
10:28:58.0627 0x08e8 [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum C:\windows\System32\drivers\bthhfenum.sys
10:28:58.0643 0x08e8 BthHFEnum - ok
10:28:58.0643 0x08e8 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\windows\System32\drivers\BthHFHid.sys
10:28:58.0658 0x08e8 bthhfhid - ok
10:28:58.0658 0x08e8 [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM C:\windows\System32\drivers\bthmodem.sys
10:28:58.0674 0x08e8 BTHMODEM - ok
10:28:58.0674 0x08e8 [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv C:\windows\system32\bthserv.dll
10:28:58.0689 0x08e8 bthserv - ok
10:28:58.0689 0x08e8 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
10:28:58.0705 0x08e8 cdfs - ok
10:28:58.0721 0x08e8 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\windows\System32\drivers\cdrom.sys
10:28:58.0736 0x08e8 cdrom - ok
10:28:58.0752 0x08e8 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc C:\windows\System32\certprop.dll
10:28:58.0768 0x08e8 CertPropSvc - ok
10:28:58.0783 0x08e8 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\windows\System32\drivers\circlass.sys
10:28:58.0783 0x08e8 circlass - ok
10:28:58.0814 0x08e8 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\windows\system32\drivers\CLFS.sys
10:28:58.0830 0x08e8 CLFS - ok
10:28:58.0861 0x08e8 [ 5C646CAC91E086F7FF53C7F2E857F263, 67AF6FBF88B7EE530A9BA53833EAFCC78BF8362E82BF81180858F1D17DFC73E6 ] CLVirtualDrive C:\windows\system32\DRIVERS\CLVirtualDrive.sys
10:28:58.0861 0x08e8 CLVirtualDrive - ok
10:28:58.0877 0x08e8 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\windows\System32\drivers\CmBatt.sys
10:28:58.0893 0x08e8 CmBatt - ok
10:28:58.0927 0x08e8 [ 0DE32A0BB1FE2A773666572F79584520, C417C12476B937265BEDC9A2C3C3F6C50FD19AEC096362337B0921627A2A92EA ] CNG C:\windows\system32\Drivers\cng.sys
10:28:58.0937 0x08e8 CNG - ok
10:28:58.0952 0x08e8 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\windows\System32\drivers\CompositeBus.sys
10:28:58.0968 0x08e8 CompositeBus - ok
10:28:58.0968 0x08e8 COMSysApp - ok
10:28:58.0984 0x08e8 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\windows\system32\drivers\condrv.sys
10:28:58.0999 0x08e8 condrv - ok
10:28:59.0015 0x08e8 [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc C:\windows\system32\cryptsvc.dll
10:28:59.0015 0x08e8 CryptSvc - ok
10:28:59.0030 0x08e8 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\windows\system32\drivers\dam.sys
10:28:59.0030 0x08e8 dam - ok
10:28:59.0086 0x08e8 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch C:\windows\system32\rpcss.dll
10:28:59.0110 0x08e8 DcomLaunch - ok
10:28:59.0137 0x08e8 [ AF3FF97AC2A73E70F8A8D11FB694175B, 3AA25BF9DED08056F52ACF246118C13C8816B5E8AA4D8606DB7DAB4E4E6A9169 ] defragsvc C:\windows\System32\defragsvc.dll
10:28:59.0154 0x08e8 defragsvc - ok
10:28:59.0187 0x08e8 [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\windows\system32\das.dll
10:28:59.0203 0x08e8 DeviceAssociationService - ok
10:28:59.0222 0x08e8 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall C:\windows\system32\umpnpmgr.dll
10:28:59.0233 0x08e8 DeviceInstall - ok
10:28:59.0246 0x08e8 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\windows\system32\Drivers\dfsc.sys
10:28:59.0257 0x08e8 Dfsc - ok
10:28:59.0277 0x08e8 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
10:28:59.0285 0x08e8 dg_ssudbus - ok
10:28:59.0301 0x08e8 [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp C:\windows\system32\dhcpcore.dll
10:28:59.0316 0x08e8 Dhcp - ok
10:28:59.0330 0x08e8 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\windows\system32\drivers\disk.sys
10:28:59.0339 0x08e8 disk - ok
10:28:59.0362 0x08e8 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\windows\System32\drivers\dmvsc.sys
10:28:59.0370 0x08e8 dmvsc - ok
10:28:59.0391 0x08e8 [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache C:\windows\System32\dnsrslvr.dll
10:28:59.0403 0x08e8 Dnscache - ok
10:28:59.0422 0x08e8 [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc C:\windows\System32\dot3svc.dll
10:28:59.0436 0x08e8 dot3svc - ok
10:28:59.0444 0x08e8 [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS C:\windows\system32\dps.dll
10:28:59.0459 0x08e8 DPS - ok
10:28:59.0470 0x08e8 [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud C:\windows\system32\drivers\drmkaud.sys
10:28:59.0477 0x08e8 drmkaud - ok
10:28:59.0496 0x08e8 [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc C:\windows\System32\DeviceSetupManager.dll
10:28:59.0512 0x08e8 DsmSvc - ok
10:28:59.0556 0x08e8 [ C7D252742946DD395670649742FBD73D, 333CC984CF318D36EA8C5867077A1732A214445EB6B7CF7AC2E8F1C8259CD9C7 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
10:28:59.0599 0x08e8 DXGKrnl - ok
10:28:59.0629 0x08e8 [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress C:\windows\system32\DRIVERS\e1i63x64.sys
10:28:59.0646 0x08e8 e1iexpress - ok
10:28:59.0671 0x08e8 [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost C:\windows\System32\eapsvc.dll
10:28:59.0686 0x08e8 Eaphost - ok
10:28:59.0776 0x08e8 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\windows\system32\drivers\evbda.sys
10:28:59.0859 0x08e8 ebdrv - ok
10:28:59.0886 0x08e8 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS C:\windows\System32\lsass.exe
10:28:59.0897 0x08e8 EFS - ok
10:28:59.0907 0x08e8 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\windows\system32\drivers\EhStorClass.sys
10:28:59.0917 0x08e8 EhStorClass - ok
10:28:59.0935 0x08e8 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\windows\system32\drivers\EhStorTcgDrv.sys
10:28:59.0945 0x08e8 EhStorTcgDrv - ok
10:28:59.0967 0x08e8 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\windows\System32\drivers\errdev.sys
10:28:59.0974 0x08e8 ErrDev - ok
10:29:00.0004 0x08e8 [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem C:\windows\system32\es.dll
10:29:00.0022 0x08e8 EventSystem - ok
10:29:00.0050 0x08e8 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\windows\system32\drivers\exfat.sys
10:29:00.0067 0x08e8 exfat - ok
10:29:00.0077 0x08e8 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\windows\system32\drivers\fastfat.sys
10:29:00.0089 0x08e8 fastfat - ok
10:29:00.0116 0x08e8 [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax C:\windows\system32\fxssvc.exe
10:29:00.0144 0x08e8 Fax - ok
10:29:00.0151 0x08e8 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\windows\System32\drivers\fdc.sys
10:29:00.0160 0x08e8 fdc - ok
10:29:00.0174 0x08e8 [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost C:\windows\system32\fdPHost.dll
10:29:00.0187 0x08e8 fdPHost - ok
10:29:00.0192 0x08e8 [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub C:\windows\system32\fdrespub.dll
10:29:00.0205 0x08e8 FDResPub - ok
10:29:00.0214 0x08e8 [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc C:\windows\system32\fhsvc.dll
10:29:00.0224 0x08e8 fhsvc - ok
10:29:00.0230 0x08e8 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
10:29:00.0239 0x08e8 FileInfo - ok
10:29:00.0251 0x08e8 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\windows\system32\drivers\filetrace.sys
10:29:00.0263 0x08e8 Filetrace - ok
10:29:00.0268 0x08e8 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\windows\System32\drivers\flpydisk.sys
10:29:00.0276 0x08e8 flpydisk - ok
10:29:00.0303 0x08e8 [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr C:\windows\system32\drivers\fltmgr.sys
10:29:00.0318 0x08e8 FltMgr - ok
10:29:00.0371 0x08e8 [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache C:\windows\system32\FntCache.dll
10:29:00.0405 0x08e8 FontCache - ok
10:29:00.0432 0x08e8 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:29:00.0432 0x08e8 FontCache3.0.0.0 - ok
10:29:00.0463 0x08e8 [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends C:\windows\system32\drivers\FsDepends.sys
10:29:00.0463 0x08e8 FsDepends - ok
10:29:00.0479 0x08e8 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
10:29:00.0479 0x08e8 Fs_Rec - ok
10:29:00.0495 0x08e8 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
10:29:00.0526 0x08e8 fvevol - ok
10:29:00.0541 0x08e8 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\windows\System32\drivers\fxppm.sys
10:29:00.0541 0x08e8 FxPPM - ok
10:29:00.0541 0x08e8 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
10:29:00.0557 0x08e8 gagp30kx - ok
10:29:00.0604 0x08e8 [ 4A336C92A790A3F7C2D9952C73FCFA16, 2EB400EBAA2B50A97F442D18107316A172A92660F5D712D1C58D39172C9CD80C ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
10:29:00.0620 0x08e8 GamesAppIntegrationService - ok
10:29:00.0635 0x08e8 [ A404AE536DD73FC8118A15BFF0BD4FC0, EA24D7866FEB40DD72713601E14DBDA60497324222196B8E0791DA656DBF5DA7 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:29:00.0651 0x08e8 GamesAppService - ok
10:29:00.0666 0x08e8 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\windows\System32\drivers\vmgencounter.sys
10:29:00.0666 0x08e8 gencounter - ok
10:29:00.0682 0x08e8 [ EF3AE7773394DF49CE74AF78A1C8D23D, CB12FF004C460A89F12AFF2467512B479A07CA10D4280CD4E624A5A9CDAB9C1B ] GPIOClx0101 C:\windows\system32\Drivers\msgpioclx.sys
10:29:00.0698 0x08e8 GPIOClx0101 - ok
10:29:00.0745 0x08e8 [ 383DA813409316D69603C1D849834D24, E1AAD3AB567457B00B8A378D5BA37ED653EE451FF79D071A8815FB8B1EB90DAF ] gpsvc C:\windows\System32\gpsvc.dll
10:29:00.0776 0x08e8 gpsvc - ok
10:29:00.0807 0x08e8 [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:29:00.0807 0x08e8 gupdate - ok
10:29:00.0823 0x08e8 [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:29:00.0823 0x08e8 gupdatem - ok
10:29:00.0854 0x08e8 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
10:29:00.0870 0x08e8 HdAudAddService - ok
10:29:00.0870 0x08e8 [ 498288DD5CA42C2D36D125893E968C53, 03B62FA51F9195D77170DCEFF3A93A6898AA96FB610044DDAE83767DA12745C5 ] HDAudBus C:\windows\System32\drivers\HDAudBus.sys
10:29:00.0885 0x08e8 HDAudBus - ok
10:29:00.0885 0x08e8 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\windows\System32\drivers\HidBatt.sys
10:29:00.0885 0x08e8 HidBatt - ok
10:29:00.0901 0x08e8 [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth C:\windows\System32\drivers\hidbth.sys
10:29:00.0901 0x08e8 HidBth - ok
10:29:00.0932 0x08e8 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\windows\System32\drivers\hidi2c.sys
10:29:00.0932 0x08e8 hidi2c - ok
10:29:00.0948 0x08e8 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\windows\System32\drivers\hidir.sys
10:29:00.0963 0x08e8 HidIr - ok
10:29:00.0979 0x08e8 [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv C:\windows\system32\hidserv.dll
10:29:00.0995 0x08e8 hidserv - ok
10:29:01.0010 0x08e8 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\windows\System32\drivers\hidusb.sys
10:29:01.0026 0x08e8 HidUsb - ok
10:29:01.0026 0x08e8 [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc C:\windows\system32\kmsvc.dll
10:29:01.0041 0x08e8 hkmsvc - ok
10:29:01.0057 0x08e8 [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\windows\system32\ListSvc.dll
10:29:01.0073 0x08e8 HomeGroupListener - ok
10:29:01.0104 0x08e8 [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\windows\system32\provsvc.dll
10:29:01.0120 0x08e8 HomeGroupProvider - ok
10:29:01.0135 0x08e8 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
10:29:01.0151 0x08e8 HpSAMD - ok
10:29:01.0198 0x08e8 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\windows\system32\drivers\HTTP.sys
10:29:01.0213 0x08e8 HTTP - ok
10:29:01.0229 0x08e8 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
10:29:01.0245 0x08e8 hwpolicy - ok
10:29:01.0245 0x08e8 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\windows\System32\drivers\hyperkbd.sys
10:29:01.0260 0x08e8 hyperkbd - ok
10:29:01.0260 0x08e8 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\windows\system32\DRIVERS\HyperVideo.sys
10:29:01.0276 0x08e8 HyperVideo - ok
10:29:01.0307 0x08e8 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\windows\System32\drivers\i8042prt.sys
10:29:01.0307 0x08e8 i8042prt - ok
10:29:01.0323 0x08e8 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\windows\System32\drivers\iaLPSSi_GPIO.sys
10:29:01.0338 0x08e8 iaLPSSi_GPIO - ok
10:29:01.0338 0x08e8 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\windows\System32\drivers\iaLPSSi_I2C.sys
10:29:01.0354 0x08e8 iaLPSSi_I2C - ok
10:29:01.0370 0x08e8 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\windows\system32\drivers\iaStorAV.sys
10:29:01.0401 0x08e8 iaStorAV - ok
10:29:01.0401 0x08e8 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
10:29:01.0433 0x08e8 iaStorV - ok
10:29:01.0439 0x08e8 IEEtwCollectorService - ok
10:29:01.0486 0x08e8 [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT C:\windows\System32\ikeext.dll
10:29:01.0517 0x08e8 IKEEXT - ok
10:29:01.0542 0x08e8 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\windows\system32\drivers\intelide.sys
10:29:01.0551 0x08e8 intelide - ok
10:29:01.0583 0x08e8 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\windows\system32\drivers\intelpep.sys
10:29:01.0591 0x08e8 intelpep - ok
10:29:01.0597 0x08e8 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\windows\System32\drivers\intelppm.sys
10:29:01.0607 0x08e8 intelppm - ok
10:29:01.0613 0x08e8 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
10:29:01.0625 0x08e8 IpFilterDriver - ok
10:29:01.0664 0x08e8 [ DFC4050D58565ADBEE793A8D4AEBDAE6, 89B900408F030CD45753A11D6AE6CBAB87E8B0E3F8401402D2D8713C045BF488 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
10:29:01.0690 0x08e8 iphlpsvc - ok
10:29:01.0717 0x08e8 [ FD9C9E9E3F0ED51502C7E8C066BE26B9, 290E74380F1543DD22C9F3821513B3E2FB42E995724238D8779CBBCB4FC386C8 ] IPMIDRV C:\windows\System32\drivers\IPMIDrv.sys
10:29:01.0726 0x08e8 IPMIDRV - ok
10:29:01.0732 0x08e8 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\windows\system32\drivers\ipnat.sys
10:29:01.0742 0x08e8 IPNAT - ok
10:29:01.0751 0x08e8 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\windows\system32\drivers\irenum.sys
10:29:01.0761 0x08e8 IRENUM - ok
10:29:01.0771 0x08e8 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\windows\system32\drivers\isapnp.sys
10:29:01.0778 0x08e8 isapnp - ok
10:29:01.0795 0x08e8 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\windows\System32\drivers\msiscsi.sys
10:29:01.0808 0x08e8 iScsiPrt - ok
10:29:01.0830 0x08e8 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\windows\System32\drivers\kbdclass.sys
10:29:01.0838 0x08e8 kbdclass - ok
10:29:01.0865 0x08e8 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\windows\System32\drivers\kbdhid.sys
10:29:01.0875 0x08e8 kbdhid - ok
10:29:01.0900 0x08e8 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\windows\system32\DRIVERS\kdnic.sys
10:29:01.0909 0x08e8 kdnic - ok
10:29:01.0919 0x08e8 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso C:\windows\system32\lsass.exe
10:29:01.0929 0x08e8 KeyIso - ok
10:29:01.0935 0x08e8 [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
10:29:01.0945 0x08e8 KSecDD - ok
10:29:01.0962 0x08e8 [ 35C19AF2116F67914712D7C4CBE47B8C, 5F976726880A6E51D7ABFA7E3EF7294C6FB7F383DC5710A2C2EC8DD26DAEC204 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
10:29:01.0973 0x08e8 KSecPkg - ok
10:29:01.0986 0x08e8 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
10:29:01.0995 0x08e8 ksthunk - ok
10:29:02.0021 0x08e8 [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm C:\windows\system32\msdtckrm.dll
10:29:02.0038 0x08e8 KtmRm - ok
10:29:02.0060 0x08e8 [ 46378ECCB4A29AA81BF296641C2501EF, 5AB79BD824C00EF1338FDB8450692318AB14E0AE4145C30B37136767DFC1E4F9 ] LanmanServer C:\windows\system32\srvsvc.dll
10:29:02.0075 0x08e8 LanmanServer - ok
10:29:02.0106 0x08e8 [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
10:29:02.0120 0x08e8 LanmanWorkstation - ok
10:29:02.0149 0x08e8 [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc C:\windows\System32\GeofenceMonitorService.dll
10:29:02.0166 0x08e8 lfsvc - ok
10:29:02.0172 0x08e8 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
10:29:02.0183 0x08e8 lltdio - ok
10:29:02.0213 0x08e8 [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc C:\windows\System32\lltdsvc.dll
10:29:02.0228 0x08e8 lltdsvc - ok
10:29:02.0241 0x08e8 [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts C:\windows\System32\lmhsvc.dll
10:29:02.0249 0x08e8 lmhosts - ok
10:29:02.0268 0x08e8 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
10:29:02.0278 0x08e8 LSI_SAS - ok
10:29:02.0295 0x08e8 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
10:29:02.0304 0x08e8 LSI_SAS2 - ok
10:29:02.0309 0x08e8 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\windows\system32\drivers\lsi_sas3.sys
10:29:02.0316 0x08e8 LSI_SAS3 - ok
10:29:02.0316 0x08e8 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\windows\system32\drivers\lsi_sss.sys
10:29:02.0332 0x08e8 LSI_SSS - ok
10:29:02.0363 0x08e8 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\windows\System32\lsm.dll
10:29:02.0379 0x08e8 LSM - ok
10:29:02.0394 0x08e8 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\windows\system32\drivers\luafv.sys
10:29:02.0410 0x08e8 luafv - ok
10:29:02.0410 0x08e8 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\windows\system32\drivers\megasas.sys
10:29:02.0426 0x08e8 megasas - ok
10:29:02.0441 0x08e8 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\windows\system32\drivers\megasr.sys
10:29:02.0457 0x08e8 megasr - ok
10:29:02.0472 0x08e8 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS C:\windows\system32\mmcss.dll
10:29:02.0488 0x08e8 MMCSS - ok
10:29:02.0504 0x08e8 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\windows\system32\drivers\modem.sys
10:29:02.0504 0x08e8 Modem - ok
10:29:02.0535 0x08e8 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\windows\System32\drivers\monitor.sys
10:29:02.0535 0x08e8 monitor - ok
10:29:02.0566 0x08e8 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\windows\System32\drivers\mouclass.sys
10:29:02.0582 0x08e8 mouclass - ok
10:29:02.0582 0x08e8 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\windows\System32\drivers\mouhid.sys
10:29:02.0597 0x08e8 mouhid - ok
10:29:02.0597 0x08e8 [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr C:\windows\system32\drivers\mountmgr.sys
10:29:02.0613 0x08e8 mountmgr - ok
10:29:02.0613 0x08e8 [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
10:29:02.0629 0x08e8 mpsdrv - ok
10:29:02.0660 0x08e8 [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc C:\windows\system32\mpssvc.dll
10:29:02.0691 0x08e8 MpsSvc - ok
10:29:02.0723 0x08e8 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
10:29:02.0738 0x08e8 MRxDAV - ok
10:29:02.0769 0x08e8 [ 89DE71940A0E7F5BA617AE08321EF5C3, BD056C9E18E902D6F118E59A6AC68415BFA0690A02D2B360F6C111CE3B5EAC67 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
10:29:02.0785 0x08e8 mrxsmb - ok
10:29:02.0816 0x08e8 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
10:29:02.0832 0x08e8 mrxsmb10 - ok
10:29:02.0848 0x08e8 [ EE16457030175F449BAB0ABD279F4B6A, DF627054136079553A24AD12DC7374F1ACEEAD782EFFDC278996AD7BCCE98877 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
10:29:02.0863 0x08e8 mrxsmb20 - ok
10:29:02.0879 0x08e8 [ 4E888019078AC363076A5433E89AA4F8, 3DEBDA290230B3E83F956C902C960E39463B7EFE86439199521356762769FD91 ] MsBridge C:\windows\system32\DRIVERS\bridge.sys
10:29:02.0879 0x08e8 MsBridge - ok
10:29:02.0894 0x08e8 [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC C:\windows\System32\msdtc.exe
10:29:02.0910 0x08e8 MSDTC - ok
10:29:02.0926 0x08e8 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\windows\system32\drivers\Msfs.sys
10:29:02.0941 0x08e8 Msfs - ok
10:29:02.0973 0x08e8 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\windows\System32\drivers\msgpiowin32.sys
10:29:02.0973 0x08e8 msgpiowin32 - ok
10:29:02.0988 0x08e8 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
10:29:03.0004 0x08e8 mshidkmdf - ok
10:29:03.0004 0x08e8 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\windows\System32\drivers\mshidumdf.sys
10:29:03.0019 0x08e8 mshidumdf - ok
10:29:03.0019 0x08e8 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
10:29:03.0035 0x08e8 msisadrv - ok
10:29:03.0051 0x08e8 [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI C:\windows\system32\iscsiexe.dll
10:29:03.0066 0x08e8 MSiSCSI - ok
10:29:03.0066 0x08e8 msiserver - ok
10:29:03.0082 0x08e8 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
10:29:03.0082 0x08e8 MSKSSRV - ok
10:29:03.0097 0x08e8 [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp C:\windows\system32\DRIVERS\mslldp.sys
10:29:03.0113 0x08e8 MsLldp - ok
10:29:03.0129 0x08e8 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
10:29:03.0138 0x08e8 MSPCLOCK - ok
10:29:03.0147 0x08e8 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
10:29:03.0156 0x08e8 MSPQM - ok
10:29:03.0176 0x08e8 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\windows\system32\drivers\MsRPC.sys
10:29:03.0194 0x08e8 MsRPC - ok
10:29:03.0202 0x08e8 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\windows\System32\drivers\mssmbios.sys
10:29:03.0210 0x08e8 mssmbios - ok
10:29:03.0221 0x08e8 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
10:29:03.0230 0x08e8 MSTEE - ok
10:29:03.0239 0x08e8 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\windows\System32\drivers\MTConfig.sys
10:29:03.0247 0x08e8 MTConfig - ok
10:29:03.0255 0x08e8 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\windows\system32\Drivers\mup.sys
10:29:03.0264 0x08e8 Mup - ok
10:29:03.0271 0x08e8 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\windows\system32\drivers\mvumis.sys
10:29:03.0280 0x08e8 mvumis - ok
10:29:03.0311 0x08e8 [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent C:\windows\system32\qagentRT.dll
10:29:03.0331 0x08e8 napagent - ok
10:29:03.0367 0x08e8 [ 78514B073CC5775800A65BFB82A0D66B, DCD18E277569F23921E899F508860F89ABD417C74A7776152A4463284A989488 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
10:29:03.0383 0x08e8 NativeWifiP - ok
10:29:03.0399 0x08e8 [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc C:\windows\System32\ncasvc.dll
10:29:03.0412 0x08e8 NcaSvc - ok
10:29:03.0419 0x08e8 [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService C:\windows\System32\ncbservice.dll
10:29:03.0430 0x08e8 NcbService - ok
10:29:03.0462 0x08e8 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\windows\System32\NcdAutoSetup.dll
10:29:03.0472 0x08e8 NcdAutoSetup - ok
10:29:03.0521 0x08e8 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\windows\system32\drivers\ndis.sys
10:29:03.0554 0x08e8 NDIS - ok
10:29:03.0571 0x08e8 [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
10:29:03.0581 0x08e8 NdisCap - ok
10:29:03.0594 0x08e8 [ 9F1DA20E943BE7AA4ED5F3E1EBA78B37, CCD99962917BBE256F64AE14CCC9FD12433C72B5DB98E0E57CA8F212A11B3C8F ] NdisImPlatform C:\windows\system32\DRIVERS\NdisImPlatform.sys
10:29:03.0606 0x08e8 NdisImPlatform - ok
10:29:03.0615 0x08e8 [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
10:29:03.0615 0x08e8 NdisTapi - ok
10:29:03.0631 0x08e8 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
10:29:03.0631 0x08e8 Ndisuio - ok
10:29:03.0647 0x08e8 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\windows\System32\drivers\NdisVirtualBus.sys
10:29:03.0647 0x08e8 NdisVirtualBus - ok
10:29:03.0662 0x08e8 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
10:29:03.0678 0x08e8 NdisWan - ok
10:29:03.0678 0x08e8 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\windows\system32\DRIVERS\ndiswan.sys
10:29:03.0694 0x08e8 NdisWanLegacy - ok
10:29:03.0694 0x08e8 [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
10:29:03.0725 0x08e8 NDProxy - ok
10:29:03.0725 0x08e8 [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu C:\windows\system32\drivers\Ndu.sys
10:29:03.0740 0x08e8 Ndu - ok
10:29:03.0756 0x08e8 [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
10:29:03.0756 0x08e8 NetBIOS - ok
10:29:03.0772 0x08e8 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
10:29:03.0800 0x08e8 NetBT - ok
10:29:03.0811 0x08e8 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon C:\windows\system32\lsass.exe
10:29:03.0821 0x08e8 Netlogon - ok
10:29:03.0834 0x08e8 [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman C:\windows\System32\netman.dll
10:29:03.0850 0x08e8 Netman - ok
10:29:03.0867 0x08e8 [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm C:\windows\System32\netprofmsvc.dll
10:29:03.0888 0x08e8 netprofm - ok
10:29:03.0909 0x08e8 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:29:03.0931 0x08e8 NetTcpPortSharing - ok
10:29:03.0937 0x08e8 [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc C:\windows\system32\DRIVERS\netvsc63.sys
10:29:03.0944 0x08e8 netvsc - ok
10:29:03.0976 0x08e8 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\windows\System32\nlasvc.dll
10:29:03.0991 0x08e8 NlaSvc - ok
10:29:03.0991 0x08e8 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\windows\system32\drivers\Npfs.sys
10:29:04.0007 0x08e8 Npfs - ok
10:29:04.0007 0x08e8 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\windows\System32\drivers\npsvctrig.sys
10:29:04.0023 0x08e8 npsvctrig - ok
10:29:04.0023 0x08e8 [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi C:\windows\system32\nsisvc.dll
10:29:04.0038 0x08e8 nsi - ok
10:29:04.0054 0x08e8 [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
10:29:04.0054 0x08e8 nsiproxy - ok
10:29:04.0132 0x08e8 [ 9980B262DBE439AE6BDC91AA985F19EE, E998E4CAE9CD103ADA9CA3C737C4DAD017D056828BFA42A41C7B4E4E108FB13C ] Ntfs C:\windows\system32\drivers\Ntfs.sys
10:29:04.0179 0x08e8 Ntfs - ok
10:29:04.0210 0x08e8 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\windows\system32\drivers\Null.sys
10:29:04.0226 0x08e8 Null - ok
10:29:04.0241 0x08e8 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\windows\system32\drivers\nvraid.sys
10:29:04.0257 0x08e8 nvraid - ok
10:29:04.0257 0x08e8 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\windows\system32\drivers\nvstor.sys
10:29:04.0273 0x08e8 nvstor - ok
10:29:04.0273 0x08e8 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
10:29:04.0288 0x08e8 nv_agp - ok
10:29:04.0351 0x08e8 [ 8DD366F3B9F16ED722A6A66D956DA27F, 3A61B3D7B0D60CAA801FFDA086BFDDCF9C820CB11114DC60FDC9B30F828CC04F ] omniserv C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
10:29:04.0351 0x08e8 omniserv - detected UnsignedFile.Multi.Generic ( 1 )
10:29:06.0718 0x08e8 Detect skipped due to KSN trusted
10:29:06.0718 0x08e8 omniserv - ok
10:29:06.0733 0x08e8 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
10:29:06.0749 0x08e8 p2pimsvc - ok
10:29:06.0764 0x08e8 [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc C:\windows\system32\p2psvc.dll
10:29:06.0780 0x08e8 p2psvc - ok
10:29:06.0796 0x08e8 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\windows\System32\drivers\parport.sys
10:29:06.0796 0x08e8 Parport - ok
10:29:06.0811 0x08e8 [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr C:\windows\system32\drivers\partmgr.sys
10:29:06.0827 0x08e8 partmgr - ok
10:29:06.0843 0x08e8 [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc C:\windows\System32\pcasvc.dll
10:29:06.0858 0x08e8 PcaSvc - ok
10:29:06.0874 0x08e8 [ 275AFE3FA35E8D78BE97695DF49817C6, 447CEBB16285AE073B4251D2DA71399306EF2DCB7F56286ABE2F0BD6C83EB489 ] pci C:\windows\system32\drivers\pci.sys
10:29:06.0889 0x08e8 pci - ok
10:29:06.0905 0x08e8 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\windows\system32\drivers\pciide.sys
10:29:06.0921 0x08e8 pciide - ok
10:29:06.0921 0x08e8 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\windows\system32\drivers\pcmcia.sys
10:29:06.0936 0x08e8 pcmcia - ok
10:29:06.0936 0x08e8 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\windows\system32\drivers\pcw.sys
10:29:06.0952 0x08e8 pcw - ok
10:29:06.0968 0x08e8 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\windows\system32\drivers\pdc.sys
10:29:06.0983 0x08e8 pdc - ok
10:29:06.0999 0x08e8 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\windows\system32\drivers\peauth.sys
10:29:07.0015 0x08e8 PEAUTH - ok
10:29:07.0077 0x08e8 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\windows\SysWow64\perfhost.exe
10:29:07.0093 0x08e8 PerfHost - ok
10:29:07.0155 0x08e8 [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla C:\windows\system32\pla.dll
10:29:07.0186 0x08e8 pla - ok
10:29:07.0202 0x08e8 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay C:\windows\system32\umpnpmgr.dll
10:29:07.0218 0x08e8 PlugPlay - ok
10:29:07.0218 0x08e8 [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
10:29:07.0233 0x08e8 PNRPAutoReg - ok
10:29:07.0249 0x08e8 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
10:29:07.0249 0x08e8 PNRPsvc - ok
10:29:07.0296 0x08e8 [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
10:29:07.0311 0x08e8 PolicyAgent - ok
10:29:07.0327 0x08e8 [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power C:\windows\system32\umpo.dll
10:29:07.0343 0x08e8 Power - ok
10:29:07.0436 0x08e8 [ 346F352E17EA5793C726D3F6582BA855, 5CD830CDCC73335EDC58D26D1BC8B8830DA885CA6D1E21BB7EE763354B5C35EA ] PrintNotify C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll
10:29:07.0499 0x08e8 PrintNotify - ok
10:29:07.0530 0x08e8 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\windows\System32\drivers\processr.sys
10:29:07.0530 0x08e8 Processor - ok
10:29:07.0561 0x08e8 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\windows\system32\profsvc.dll
10:29:07.0577 0x08e8 ProfSvc - ok
10:29:07.0593 0x08e8 [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched C:\windows\system32\DRIVERS\pacer.sys
10:29:07.0608 0x08e8 Psched - ok
10:29:07.0624 0x08e8 [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE C:\windows\system32\qwave.dll
10:29:07.0639 0x08e8 QWAVE - ok
10:29:07.0655 0x08e8 [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
10:29:07.0671 0x08e8 QWAVEdrv - ok
10:29:07.0671 0x08e8 [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
10:29:07.0686 0x08e8 RasAcd - ok
10:29:07.0686 0x08e8 [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto C:\windows\System32\rasauto.dll
10:29:07.0702 0x08e8 RasAuto - ok
10:29:07.0718 0x08e8 [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan C:\windows\System32\rasmans.dll
10:29:07.0749 0x08e8 RasMan - ok
10:29:07.0764 0x08e8 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
10:29:07.0764 0x08e8 RasPppoe - ok
10:29:07.0780 0x08e8 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
10:29:07.0796 0x08e8 rdbss - ok
10:29:07.0796 0x08e8 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\windows\System32\drivers\rdpbus.sys
10:29:07.0811 0x08e8 rdpbus - ok
10:29:07.0811 0x08e8 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\windows\system32\drivers\rdpdr.sys
10:29:07.0827 0x08e8 RDPDR - ok
10:29:07.0858 0x08e8 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
10:29:07.0874 0x08e8 RdpVideoMiniport - ok
10:29:07.0874 0x08e8 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
10:29:07.0889 0x08e8 rdyboost - ok
10:29:07.0921 0x08e8 [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS C:\windows\system32\drivers\ReFS.sys
10:29:07.0936 0x08e8 ReFS - ok
10:29:07.0968 0x08e8 [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess C:\windows\System32\mprdim.dll
10:29:07.0983 0x08e8 RemoteAccess - ok
10:29:07.0999 0x08e8 [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry C:\windows\system32\regsvc.dll
10:29:08.0014 0x08e8 RemoteRegistry - ok
10:29:08.0093 0x08e8 [ 9E18DF158751CF968E7DF83256D70233, 89385DA5ABD283F289E37D7D9E33358B06216E9B3659B2E70F19FD5BA49C7F90 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
10:29:08.0108 0x08e8 RichVideo64 - ok
10:29:08.0124 0x08e8 [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
10:29:08.0139 0x08e8 RpcEptMapper - ok
10:29:08.0155 0x08e8 [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator C:\windows\system32\locator.exe
10:29:08.0155 0x08e8 RpcLocator - ok
10:29:08.0186 0x08e8 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs C:\windows\system32\rpcss.dll
10:29:08.0218 0x08e8 RpcSs - ok
10:29:08.0233 0x08e8 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
10:29:08.0249 0x08e8 rspndr - ok
10:29:08.0280 0x08e8 [ 9CF8593B62102545CB1652A1D8748FDD, 818639795720A7567CCE01EBC24A0119BFDCEA1B7A5ED4A11B5012D763C1B5CC ] RSUSBSTOR C:\windows\System32\Drivers\RtsUStor.sys
10:29:08.0280 0x08e8 RSUSBSTOR - ok
10:29:08.0327 0x08e8 [ 3AB1AA5155684F40E2F5215A258D2471, 3D6A5F603FA6809651A006EA31F57920A45642B6B9E8EC80E5399D1301F635E4 ] RTL8168 C:\windows\system32\DRIVERS\Rt630x64.sys
10:29:08.0343 0x08e8 RTL8168 - ok
10:29:08.0358 0x08e8 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\windows\System32\drivers\vms3cap.sys
10:29:08.0358 0x08e8 s3cap - ok
10:29:08.0374 0x08e8 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs C:\windows\system32\lsass.exe
10:29:08.0389 0x08e8 SamSs - ok
10:29:08.0405 0x08e8 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
10:29:08.0405 0x08e8 sbp2port - ok
10:29:08.0436 0x08e8 [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr C:\windows\System32\SCardSvr.dll
10:29:08.0452 0x08e8 SCardSvr - ok
10:29:08.0468 0x08e8 [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum C:\windows\System32\ScDeviceEnum.dll
10:29:08.0483 0x08e8 ScDeviceEnum - ok
10:29:08.0483 0x08e8 [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
10:29:08.0499 0x08e8 scfilter - ok
10:29:08.0546 0x08e8 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\windows\system32\schedsvc.dll
10:29:08.0577 0x08e8 Schedule - ok
10:29:08.0614 0x08e8 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc C:\windows\System32\certprop.dll
10:29:08.0627 0x08e8 SCPolicySvc - ok
10:29:08.0665 0x08e8 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\windows\System32\drivers\sdbus.sys
10:29:08.0685 0x08e8 sdbus - ok
10:29:08.0698 0x08e8 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\windows\System32\drivers\sdstor.sys
10:29:08.0707 0x08e8 sdstor - ok
10:29:08.0716 0x08e8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
10:29:08.0732 0x08e8 secdrv - ok
10:29:08.0747 0x08e8 [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon C:\windows\system32\seclogon.dll
10:29:08.0747 0x08e8 seclogon - ok
10:29:08.0778 0x08e8 [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS C:\windows\System32\sens.dll
10:29:08.0778 0x08e8 SENS - ok
10:29:08.0794 0x08e8 [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc C:\windows\system32\sensrsvc.dll
10:29:08.0825 0x08e8 SensrSvc - ok
10:29:08.0841 0x08e8 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\windows\system32\drivers\SerCx.sys
10:29:08.0841 0x08e8 SerCx - ok
10:29:08.0857 0x08e8 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\windows\system32\drivers\SerCx2.sys
10:29:08.0872 0x08e8 SerCx2 - ok
10:29:08.0888 0x08e8 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\windows\System32\drivers\serenum.sys
10:29:08.0888 0x08e8 Serenum - ok
10:29:08.0903 0x08e8 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\windows\System32\drivers\serial.sys
10:29:08.0903 0x08e8 Serial - ok
10:29:08.0935 0x08e8 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\windows\System32\drivers\sermouse.sys
10:29:08.0935 0x08e8 sermouse - ok
10:29:08.0966 0x08e8 [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv C:\windows\system32\sessenv.dll
10:29:08.0982 0x08e8 SessionEnv - ok
10:29:08.0997 0x08e8 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\windows\System32\drivers\sfloppy.sys
10:29:08.0997 0x08e8 sfloppy - ok
10:29:09.0029 0x08e8 [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess C:\windows\System32\ipnathlp.dll
10:29:09.0044 0x08e8 SharedAccess - ok
10:29:09.0091 0x08e8 [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:29:09.0107 0x08e8 ShellHWDetection - ok
10:29:09.0122 0x08e8 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
10:29:09.0122 0x08e8 SiSRaid2 - ok
10:29:09.0122 0x08e8 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
10:29:09.0138 0x08e8 SiSRaid4 - ok
10:29:09.0154 0x08e8 [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost C:\windows\System32\smphost.dll
10:29:09.0154 0x08e8 smphost - ok
10:29:09.0185 0x08e8 [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP C:\windows\System32\snmptrap.exe
10:29:09.0200 0x08e8 SNMPTRAP - ok
10:29:09.0216 0x08e8 [ 33977549C2CED09936E05BEE7659EAFF, EB95C72ED0EAC59A50E6882B2501049191A796542C42414FAF0028907C669B21 ] spaceport C:\windows\system32\drivers\spaceport.sys
10:29:09.0232 0x08e8 spaceport - ok
10:29:09.0247 0x08e8 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\windows\system32\drivers\SpbCx.sys
10:29:09.0263 0x08e8 SpbCx - ok
10:29:09.0294 0x08e8 [ FE0CB40F36D3FCDD3A1B312EF72C38D5, 42EA50869752164764DFE8CE7E1C247BE8342A0C15F39158DC808E8A692C460F ] Spooler C:\windows\System32\spoolsv.exe
10:29:09.0310 0x08e8 Spooler - ok
10:29:09.0466 0x08e8 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\windows\system32\sppsvc.exe
10:29:09.0625 0x08e8 sppsvc - ok
10:29:09.0665 0x08e8 [ 2B78788A1485F9B99A578A299DF42C02, A87183A9B13585C9E850437A45237105D39D7F3212ADB079D6AB430B67A59643 ] srv C:\windows\system32\DRIVERS\srv.sys
10:29:09.0681 0x08e8 srv - ok
10:29:09.0704 0x08e8 [ FD163F487CBA9C98AFFEB546C80F49A2, 18DAAD173C0517F7BBF5D0C914302D98931E3BA6DAA36DC91D8DB0743EC40563 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
10:29:09.0725 0x08e8 srv2 - ok
10:29:09.0735 0x08e8 [ 716059F37BCCB1ABEDE99EBE82E8E362, 05F27B0FABBBC0E324F06D20ABEF51EDA3316C9F7F85C1AD24639CD6DE1BC8AC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
10:29:09.0747 0x08e8 srvnet - ok
10:29:09.0771 0x08e8 [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
10:29:09.0786 0x08e8 SSDPSRV - ok
10:29:09.0792 0x08e8 [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc C:\windows\system32\sstpsvc.dll
10:29:09.0806 0x08e8 SstpSvc - ok
10:29:09.0832 0x08e8 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
10:29:09.0842 0x08e8 ssudmdm - ok
10:29:09.0881 0x08e8 [ 857693A4DA826BCD422C48114AA72B10, E6614B190004B17FDF9ED9FEFC8965B819D4D65CC6480BB5557317A6DDBC4B09 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
10:29:09.0890 0x08e8 STacSV - detected UnsignedFile.Multi.Generic ( 1 )
10:29:12.0370 0x08e8 Detect skipped due to KSN trusted
10:29:12.0370 0x08e8 STacSV - ok
10:29:12.0448 0x08e8 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\windows\system32\drivers\stexstor.sys
10:29:12.0448 0x08e8 stexstor - ok
10:29:12.0480 0x08e8 [ A73F13903345464F04D463B84890A271, F22A088D94418420CA3943D34CB233B82B36A6A66BB36000A44726244D794AFF ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
10:29:12.0495 0x08e8 STHDA - ok
10:29:12.0542 0x08e8 [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc C:\windows\System32\wiaservc.dll
10:29:12.0558 0x08e8 stisvc - ok
10:29:12.0573 0x08e8 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\windows\system32\drivers\storahci.sys
10:29:12.0589 0x08e8 storahci - ok
10:29:12.0605 0x08e8 [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt C:\windows\system32\DRIVERS\vmstorfl.sys
10:29:12.0605 0x08e8 storflt - ok
10:29:12.0620 0x08e8 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\windows\system32\drivers\stornvme.sys
10:29:12.0620 0x08e8 stornvme - ok
10:29:12.0636 0x08e8 [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc C:\windows\system32\storsvc.dll
10:29:12.0651 0x08e8 StorSvc - ok
10:29:12.0651 0x08e8 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\windows\system32\drivers\storvsc.sys
10:29:12.0667 0x08e8 storvsc - ok
10:29:12.0683 0x08e8 [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc C:\windows\system32\svsvc.dll
10:29:12.0683 0x08e8 svsvc - ok
10:29:12.0698 0x08e8 [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum C:\windows\System32\drivers\swenum.sys
10:29:12.0714 0x08e8 swenum - ok
10:29:12.0745 0x08e8 [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv C:\windows\System32\swprv.dll
10:29:12.0761 0x08e8 swprv - ok
10:29:12.0808 0x08e8 [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain C:\windows\system32\sysmain.dll
10:29:12.0839 0x08e8 SysMain - ok
10:29:12.0870 0x08e8 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
10:29:12.0886 0x08e8 SystemEventsBroker - ok
10:29:12.0902 0x08e8 [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\windows\System32\TabSvc.dll
10:29:12.0902 0x08e8 TabletInputService - ok
10:29:12.0917 0x08e8 [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv C:\windows\System32\tapisrv.dll
10:29:12.0933 0x08e8 TapiSrv - ok
10:29:13.0011 0x08e8 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip C:\windows\system32\drivers\tcpip.sys
10:29:13.0073 0x08e8 Tcpip - ok
10:29:13.0120 0x08e8 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
10:29:13.0183 0x08e8 TCPIP6 - ok
10:29:13.0214 0x08e8 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
10:29:13.0214 0x08e8 tcpipreg - ok
10:29:13.0245 0x08e8 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\windows\system32\DRIVERS\tdx.sys
10:29:13.0261 0x08e8 tdx - ok
10:29:13.0261 0x08e8 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\windows\System32\drivers\terminpt.sys
10:29:13.0276 0x08e8 terminpt - ok
10:29:13.0323 0x08e8 [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService C:\windows\System32\termsrv.dll
10:29:13.0339 0x08e8 TermService - ok
10:29:13.0370 0x08e8 [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes C:\windows\system32\themeservice.dll
10:29:13.0386 0x08e8 Themes - ok
10:29:13.0402 0x08e8 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER C:\windows\system32\mmcss.dll
10:29:13.0402 0x08e8 THREADORDER - ok
10:29:13.0417 0x08e8 [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker C:\windows\System32\TimeBrokerServer.dll
10:29:13.0433 0x08e8 TimeBroker - ok
10:29:13.0448 0x08e8 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\windows\system32\drivers\tpm.sys
10:29:13.0448 0x08e8 TPM - ok
10:29:13.0464 0x08e8 [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks C:\windows\System32\trkwks.dll
10:29:13.0480 0x08e8 TrkWks - ok
10:29:13.0511 0x08e8 [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
10:29:13.0526 0x08e8 TrustedInstaller - ok
10:29:13.0542 0x08e8 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
10:29:13.0542 0x08e8 TsUsbFlt - ok
10:29:13.0542 0x08e8 [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD C:\windows\System32\drivers\TsUsbGD.sys
10:29:13.0558 0x08e8 TsUsbGD - ok
10:29:13.0558 0x08e8 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
10:29:13.0573 0x08e8 tunnel - ok
10:29:13.0573 0x08e8 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\windows\system32\drivers\uagp35.sys
10:29:13.0589 0x08e8 uagp35 - ok
10:29:13.0589 0x08e8 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\windows\System32\drivers\uaspstor.sys
10:29:13.0605 0x08e8 UASPStor - ok
10:29:13.0636 0x08e8 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\windows\System32\drivers\ucx01000.sys
10:29:13.0651 0x08e8 UCX01000 - ok
10:29:13.0683 0x08e8 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\windows\system32\DRIVERS\udfs.sys
10:29:13.0698 0x08e8 udfs - ok
10:29:13.0714 0x08e8 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\windows\System32\drivers\UEFI.sys
10:29:13.0730 0x08e8 UEFI - ok
10:29:13.0761 0x08e8 [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect C:\windows\system32\UI0Detect.exe
10:29:13.0761 0x08e8 UI0Detect - ok
10:29:13.0776 0x08e8 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
10:29:13.0792 0x08e8 uliagpkx - ok
10:29:13.0792 0x08e8 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\windows\System32\drivers\umbus.sys
10:29:13.0808 0x08e8 umbus - ok
10:29:13.0808 0x08e8 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\windows\System32\drivers\umpass.sys
10:29:13.0823 0x08e8 UmPass - ok
10:29:13.0823 0x08e8 [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService C:\windows\System32\umrdp.dll
10:29:13.0839 0x08e8 UmRdpService - ok
10:29:13.0855 0x08e8 [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost C:\windows\System32\upnphost.dll
10:29:13.0886 0x08e8 upnphost - ok
10:29:13.0886 0x08e8 [ 433ECDE01A52691FA7ACA51C10C09B70, B896296A3F8EF2AF3AC5F0091B9848156608586F1E10A95D70700BAB51E8062A ] usbccgp C:\windows\System32\drivers\usbccgp.sys
10:29:13.0901 0x08e8 usbccgp - ok
10:29:13.0901 0x08e8 [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir C:\windows\System32\drivers\usbcir.sys
10:29:13.0917 0x08e8 usbcir - ok
10:29:13.0933 0x08e8 [ BBFD17B6B954FC9FA02E62D604052069, 47D2B7228EABA7F37F69A1756B69FFFB19F0C2CC2869C5BF674E4FD9257488A2 ] usbehci C:\windows\System32\drivers\usbehci.sys
10:29:13.0948 0x08e8 usbehci - ok
10:29:13.0964 0x08e8 [ 5A4AC5D05A7C97C68596416C05D6F2B4, 1CDE5172B763D2D65379B9F3ABACC080AF676DB9354EC98A455E620C4CE3E18A ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys
10:29:13.0964 0x08e8 usbfilter - ok
10:29:13.0980 0x08e8 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\windows\System32\drivers\usbhub.sys
10:29:13.0995 0x08e8 usbhub - ok
10:29:14.0011 0x08e8 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\windows\System32\drivers\UsbHub3.sys
10:29:14.0026 0x08e8 USBHUB3 - ok
10:29:14.0058 0x08e8 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\windows\System32\drivers\usbohci.sys
10:29:14.0058 0x08e8 usbohci - ok
10:29:14.0089 0x08e8 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\windows\System32\drivers\usbprint.sys
10:29:14.0089 0x08e8 usbprint - ok
10:29:14.0105 0x08e8 [ EA23453240137F6773174E0D93F61A69, 579AD09FB428C2BB8B4055128620A7AADD1B606C1EA44B87A01D69A84232A5D9 ] USBSTOR C:\windows\System32\drivers\USBSTOR.SYS
10:29:14.0120 0x08e8 USBSTOR - ok
10:29:14.0136 0x08e8 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\windows\System32\drivers\usbuhci.sys
10:29:14.0136 0x08e8 usbuhci - ok
10:29:14.0167 0x08e8 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\windows\System32\drivers\USBXHCI.SYS
10:29:14.0183 0x08e8 USBXHCI - ok
10:29:14.0198 0x08e8 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc C:\windows\system32\lsass.exe
10:29:14.0214 0x08e8 VaultSvc - ok
10:29:14.0245 0x08e8 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
10:29:14.0245 0x08e8 vdrvroot - ok
10:29:14.0292 0x08e8 [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds C:\windows\System32\vds.exe
10:29:14.0323 0x08e8 vds - ok
10:29:14.0339 0x08e8 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\windows\system32\drivers\VerifierExt.sys
10:29:14.0355 0x08e8 VerifierExt - ok
10:29:14.0433 0x08e8 [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp C:\windows\System32\drivers\vhdmp.sys
10:29:14.0448 0x08e8 vhdmp - ok
10:29:14.0464 0x08e8 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\windows\system32\drivers\viaide.sys
10:29:14.0464 0x08e8 viaide - ok
10:29:14.0480 0x08e8 [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus C:\windows\system32\drivers\vmbus.sys
10:29:14.0480 0x08e8 vmbus - ok
10:29:14.0480 0x08e8 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\windows\System32\drivers\VMBusHID.sys
10:29:14.0495 0x08e8 VMBusHID - ok
10:29:14.0526 0x08e8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\windows\System32\ICSvc.dll
10:29:14.0542 0x08e8 vmicguestinterface - ok
10:29:14.0558 0x08e8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat C:\windows\System32\ICSvc.dll
10:29:14.0573 0x08e8 vmicheartbeat - ok
10:29:14.0589 0x08e8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\windows\System32\ICSvc.dll
10:29:14.0605 0x08e8 vmickvpexchange - ok
10:29:14.0620 0x08e8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv C:\windows\System32\ICSvc.dll
10:29:14.0636 0x08e8 vmicrdv - ok
10:29:14.0652 0x08e8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown C:\windows\System32\ICSvc.dll
10:29:14.0667 0x08e8 vmicshutdown - ok
10:29:14.0683 0x08e8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync C:\windows\System32\ICSvc.dll
10:29:14.0698 0x08e8 vmictimesync - ok
10:29:14.0714 0x08e8 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss C:\windows\System32\ICSvc.dll
10:29:14.0730 0x08e8 vmicvss - ok
10:29:14.0745 0x08e8 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\windows\system32\drivers\volmgr.sys
10:29:14.0745 0x08e8 volmgr - ok
10:29:14.0761 0x08e8 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
10:29:14.0776 0x08e8 volmgrx - ok
10:29:14.0792 0x08e8 [ 4BB9BC49DEE1A319EC58274A7BBED663, 624491089623A5B68C01A6A000E60D450E8E467619ACEBB90C6FDED0CF670F95 ] volsnap C:\windows\system32\drivers\volsnap.sys
10:29:14.0823 0x08e8 volsnap - ok
10:29:14.0839 0x08e8 [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci C:\windows\System32\drivers\vpci.sys
10:29:14.0855 0x08e8 vpci - ok
10:29:14.0886 0x08e8 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\windows\system32\drivers\vsmraid.sys
10:29:14.0901 0x08e8 vsmraid - ok
10:29:14.0948 0x08e8 [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS C:\windows\system32\vssvc.exe
10:29:14.0995 0x08e8 VSS - ok
10:29:14.0995 0x08e8 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\windows\system32\drivers\vstxraid.sys
10:29:15.0011 0x08e8 VSTXRAID - ok
10:29:15.0026 0x08e8 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
10:29:15.0042 0x08e8 vwifibus - ok
10:29:15.0073 0x08e8 [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time C:\windows\system32\w32time.dll
10:29:15.0089 0x08e8 W32Time - ok
10:29:15.0136 0x08e8 [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc C:\windows\system32\inetsrv\w3logsvc.dll
10:29:15.0136 0x08e8 w3logsvc - ok
10:29:15.0152 0x08e8 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\windows\System32\drivers\wacompen.sys
10:29:15.0167 0x08e8 WacomPen - ok
10:29:15.0183 0x08e8 [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS C:\windows\system32\inetsrv\iisw3adm.dll
10:29:15.0198 0x08e8 WAS - ok
10:29:15.0245 0x08e8 [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine C:\windows\system32\wbengine.exe
10:29:15.0292 0x08e8 wbengine - ok
10:29:15.0308 0x08e8 [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc C:\windows\System32\wbiosrvc.dll
10:29:15.0323 0x08e8 WbioSrvc - ok
10:29:15.0339 0x08e8 [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc C:\windows\System32\wcmsvc.dll
10:29:15.0339 0x08e8 Wcmsvc - ok
10:29:15.0355 0x08e8 [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc C:\windows\System32\wcncsvc.dll
10:29:15.0370 0x08e8 wcncsvc - ok
10:29:15.0386 0x08e8 [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
10:29:15.0386 0x08e8 WcsPlugInService - ok
10:29:15.0417 0x08e8 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\windows\system32\drivers\WdBoot.sys
10:29:15.0433 0x08e8 WdBoot - ok
10:29:15.0464 0x08e8 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
10:29:15.0480 0x08e8 Wdf01000 - ok
10:29:15.0495 0x08e8 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\windows\system32\drivers\WdFilter.sys
10:29:15.0511 0x08e8 WdFilter - ok
10:29:15.0526 0x08e8 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost C:\windows\system32\wdi.dll
10:29:15.0542 0x08e8 WdiServiceHost - ok
10:29:15.0558 0x08e8 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost C:\windows\system32\wdi.dll
10:29:15.0558 0x08e8 WdiSystemHost - ok
10:29:15.0589 0x08e8 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\windows\system32\Drivers\WdNisDrv.sys
10:29:15.0589 0x08e8 WdNisDrv - ok
10:29:15.0620 0x08e8 WdNisSvc - ok
10:29:15.0652 0x08e8 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\windows\System32\webclnt.dll
10:29:15.0667 0x08e8 WebClient - ok
10:29:15.0683 0x08e8 [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc C:\windows\system32\wecsvc.dll
10:29:15.0698 0x08e8 Wecsvc - ok
10:29:15.0714 0x08e8 [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC C:\windows\system32\wephostsvc.dll
10:29:15.0714 0x08e8 WEPHOSTSVC - ok
10:29:15.0730 0x08e8 [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport C:\windows\System32\wercplsupport.dll
10:29:15.0745 0x08e8 wercplsupport - ok
10:29:15.0761 0x08e8 [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc C:\windows\System32\WerSvc.dll
10:29:15.0761 0x08e8 WerSvc - ok
10:29:15.0776 0x08e8 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\windows\system32\DRIVERS\wfplwfs.sys
10:29:15.0792 0x08e8 WFPLWFS - ok
10:29:15.0808 0x08e8 [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc C:\windows\System32\wiarpc.dll
10:29:15.0823 0x08e8 WiaRpc - ok
10:29:15.0839 0x08e8 [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
10:29:15.0839 0x08e8 WIMMount - ok
10:29:15.0855 0x08e8 WinDefend - ok
10:29:15.0886 0x08e8 [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
10:29:15.0901 0x08e8 WinHttpAutoProxySvc - ok
10:29:15.0948 0x08e8 [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
10:29:15.0964 0x08e8 Winmgmt - ok
10:29:16.0026 0x08e8 [ C8D6344BDE2691A196E61C0D3372EAB7, FF8EB79D8A7E298343C22B83276FF68293D08A9DA438BB22600BEFC4CA93A91D ] WinRM C:\windows\system32\WsmSvc.dll
10:29:16.0089 0x08e8 WinRM - ok
10:29:16.0105 0x08e8 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb C:\windows\System32\drivers\WinUsb.sys
10:29:16.0120 0x08e8 WinUsb - ok
10:29:16.0167 0x08e8 [ EF252510DB6C3511E30418BD2AC95A2D, 75B496F5C611129D9D19B382503830FDB0E2E61D4880D2821AE381DF578C5E56 ] WlanSvc C:\windows\System32\wlansvc.dll
10:29:16.0198 0x08e8 WlanSvc - ok
10:29:16.0261 0x08e8 [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc C:\windows\system32\wlidsvc.dll
10:29:16.0292 0x08e8 wlidsvc - ok
10:29:16.0308 0x08e8 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\windows\System32\drivers\wmiacpi.sys
10:29:16.0323 0x08e8 WmiAcpi - ok
10:29:16.0355 0x08e8 [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
10:29:16.0355 0x08e8 wmiApSrv - ok
10:29:16.0370 0x08e8 WMPNetworkSvc - ok
10:29:16.0412 0x08e8 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\windows\system32\drivers\Wof.sys
10:29:16.0424 0x08e8 Wof - ok
10:29:16.0472 0x08e8 [ 5071E71CC05346D88C5A08EB8B5A05E3, EA2B14130EDD1846B2E25D310B0D49253CFB43C22D3DC7B3179DF7349CC4AEFB ] workfolderssvc C:\windows\system32\workfolderssvc.dll
10:29:16.0511 0x08e8 workfolderssvc - ok
10:29:16.0540 0x08e8 [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr C:\windows\system32\DRIVERS\wpcfltr.sys
10:29:16.0549 0x08e8 wpcfltr - ok
10:29:16.0563 0x08e8 [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc C:\windows\System32\wpcsvc.dll
10:29:16.0572 0x08e8 WPCSvc - ok
10:29:16.0592 0x08e8 [ D27491CFCE452C154CECFA155AD0EBC8, 1F3F74C253E3B07DE7EFE27C34DD9AF08617C7B03BB44C2902F69BA9DA3F21F2 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
10:29:16.0603 0x08e8 WPDBusEnum - ok
10:29:16.0623 0x08e8 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\windows\system32\drivers\WpdUpFltr.sys
10:29:16.0631 0x08e8 WpdUpFltr - ok
10:29:16.0643 0x08e8 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
10:29:16.0653 0x08e8 ws2ifsl - ok
10:29:16.0667 0x08e8 [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc C:\windows\System32\wscsvc.dll
10:29:16.0678 0x08e8 wscsvc - ok
10:29:16.0683 0x08e8 WSearch - ok
10:29:16.0766 0x08e8 [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService C:\windows\System32\WSService.dll
10:29:16.0854 0x08e8 WSService - ok
10:29:16.0958 0x08e8 [ 688DAAE720E39DA86822785195646663, DB6E0F89496BB74EDF8378E6AE06364B19249701F6ACD176A0DCA1951E81A63D ] wuauserv C:\windows\system32\wuaueng.dll
10:29:17.0039 0x08e8 wuauserv - ok
10:29:17.0064 0x08e8 [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
10:29:17.0074 0x08e8 WudfPf - ok
10:29:17.0087 0x08e8 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd C:\windows\System32\drivers\WUDFRd.sys
10:29:17.0099 0x08e8 WUDFRd - ok
10:29:17.0107 0x08e8 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP C:\windows\system32\DRIVERS\WUDFRd.sys
10:29:17.0119 0x08e8 WUDFSensorLP - ok
10:29:17.0138 0x08e8 [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc C:\windows\System32\WUDFSvc.dll
10:29:17.0149 0x08e8 wudfsvc - ok
10:29:17.0157 0x08e8 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs C:\windows\system32\DRIVERS\WUDFRd.sys
10:29:17.0169 0x08e8 WUDFWpdFs - ok
10:29:17.0177 0x08e8 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp C:\windows\System32\drivers\WUDFRd.sys
10:29:17.0190 0x08e8 WUDFWpdMtp - ok
10:29:17.0220 0x08e8 [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc C:\windows\System32\wwansvc.dll
10:29:17.0241 0x08e8 WwanSvc - ok
10:29:17.0249 0x08e8 ================ Scan global ===============================
10:29:17.0276 0x08e8 [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\windows\system32\basesrv.dll
10:29:17.0307 0x08e8 [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\windows\system32\winsrv.dll
10:29:17.0323 0x08e8 [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\windows\system32\sxssrv.dll
10:29:17.0354 0x08e8 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\windows\system32\services.exe
10:29:17.0354 0x08e8 [ Global ] - ok
10:29:17.0354 0x08e8 ================ Scan MBR ==================================
10:29:17.0370 0x08e8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
10:29:17.0432 0x08e8 \Device\Harddisk0\DR0 - ok
10:29:17.0432 0x08e8 ================ Scan VBR ==================================
10:29:17.0479 0x08e8 [ 725261DE7021D47DC02BFE7077D3D063 ] \Device\Harddisk0\DR0\Partition1
10:29:17.0557 0x08e8 \Device\Harddisk0\DR0\Partition1 - ok
10:29:17.0573 0x08e8 [ 3861A176BE596273D6243346B520F14C ] \Device\Harddisk0\DR0\Partition2
10:29:17.0635 0x08e8 \Device\Harddisk0\DR0\Partition2 - ok
10:29:17.0651 0x08e8 [ 3C3AE86DABD656D63090D98328DF5661 ] \Device\Harddisk0\DR0\Partition3
10:29:17.0651 0x08e8 \Device\Harddisk0\DR0\Partition3 - ok
10:29:17.0651 0x08e8 [ 36BEE7855BE905CBC35602E6D5B9D268 ] \Device\Harddisk0\DR0\Partition4
10:29:17.0729 0x08e8 \Device\Harddisk0\DR0\Partition4 - ok
10:29:17.0783 0x08e8 [ 9DD77214B293D1FAA3463A4C4B8415F0 ] \Device\Harddisk0\DR0\Partition5
10:29:17.0796 0x08e8 \Device\Harddisk0\DR0\Partition5 - ok
10:29:17.0797 0x08e8 ================ Scan generic autorun ======================
10:29:17.0840 0x08e8 [ 96A1D93D16F959C6F5A63E749A9F2EF7, 9EDD4EEC5C625ECF4A1C82318ED6B74404E63A3D43312B53E4F627D76D47658C ] C:\Program Files\IDT\WDM\beats64.exe
10:29:17.0844 0x08e8 BeatsOSDApp - detected UnsignedFile.Multi.Generic ( 1 )
10:29:20.0217 0x08e8 Detect skipped due to KSN trusted
10:29:20.0217 0x08e8 BeatsOSDApp - ok
10:29:20.0249 0x08e8 [ 1F918DDAE59E246B8F48CE5AA400B3AA, 8896809E855AE08B43E41B25A6BDCA8ED1905BBFC59E7B779070EAA0BBC1B319 ] C:\Program Files\IDT\WDM\sttray64.exe
10:29:20.0296 0x08e8 SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
10:29:22.0697 0x08e8 Detect skipped due to KSN trusted
10:29:22.0697 0x08e8 SysTrayApp - ok
10:29:22.0900 0x08e8 [ DE9938F17D9B173B1CA83E218F03CCC0, BC007746535036743640A17E4AB495114F1370A7522BA6391309266C0B7789A2 ] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
10:29:22.0978 0x08e8 SimplePass - ok
10:29:22.0994 0x08e8 [ 9159063E3EF84A832DB5251447BACE9C, EE1DD20A5176816F484DD6945674750F43EC37B13355815FD20459097028EAA5 ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
10:29:23.0010 0x08e8 OPBHOBroker - ok
10:29:23.0025 0x08e8 [ AC382EA1AA21E592C808E46D95E6533D, B2941B6AAB48C245B47E94C74F0A1149A66428586ED3747C74C45BBFDA03741E ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
10:29:23.0041 0x08e8 OPBHOBrokerDesktop - ok
10:29:23.0088 0x08e8 [ D5DDC3EC0BF960389E9A964D7CC8CC30, 02C06CF596B33B1883C371EA9B61B1EC41319EFF853A54864329129699534769 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
10:29:23.0103 0x08e8 StartCCC - ok
10:29:23.0150 0x08e8 [ BDAE453D2EBCCDE40FC17F3094A43E29, B4642A62F78B3034D51ED8A60BD1353D269A62FCF14AF4FFA87DC7E02A6CC7A0 ] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
10:29:23.0166 0x08e8 AppEx Accelerator UI - ok
10:29:23.0353 0x08e8 [ CE1DEC053DA24927E89D9AA196D31281, 39DD431CFCD10AA4E176062E33A0262FEE5806E192B37037C97439B1CEF232C8 ] C:\Program Files\CCleaner\CCleaner64.exe
10:29:23.0525 0x08e8 CCleaner Monitoring - ok
10:29:23.0525 0x08e8 Waiting for KSN requests completion. In queue: 6
10:29:24.0555 0x08e8 Waiting for KSN requests completion. In queue: 6
10:29:25.0566 0x08e8 Waiting for KSN requests completion. In queue: 6
10:29:26.0593 0x08e8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x61100 ( enabled : updated )
10:29:26.0609 0x08e8 Win FW state via NFP2: enabled ( trusted )
10:29:29.0016 0x08e8 ============================================================
10:29:29.0016 0x08e8 Scan finished
10:29:29.0016 0x08e8 ============================================================
10:29:29.0016 0x0420 Detected object count: 0
10:29:29.0016 0x0420 Actual detected object count: 0
Marcus |
|
08.07.2016, 20:27
| #5 |
| /// TB-Ausbilder | Malware Befall Servus, du hast zweimal die FRST.txt gepostet. Bitte poste noch die Addition.txt. |
|
08.07.2016, 21:05
| #6 |
| | Malware Befall Guten abend, entschuldige da ist mir wohl ein Fehler unterlaufen. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by user (2016-07-08 10:24:37)
Running from C:\Users\user\Desktop
Windows 8.1 (Update) (X64) (2015-12-29 00:40:52)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-265705268-327926828-2355950754-500 - Administrator - Disabled)
Guest (S-1-5-21-265705268-327926828-2355950754-501 - Limited - Disabled)
user (S-1-5-21-265705268-327926828-2355950754-1001 - Administrator - Enabled) => C:\Users\user
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.2.5426 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3004 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{4B4EDB7B-4F54-4B86-8A4A-E1C5803CA374}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {110A8BA2-27CF-44B7-82D3-9DF53ADDFF62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
Task: {22400094-3C6B-430C-A115-2A9A73F87A25} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {3FCABFBC-D42D-463B-A89D-F17D11667E32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {7E54405C-D6EE-4A0E-A5FB-AAC907D869A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A4F75DA9-B58D-4491-BE24-994C065ED5F3} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {CDBE0655-A914-4AA8-8B6B-4C2CB2DB56BE} - System32\Tasks\{D46163CE-C917-4D98-87A4-32A610FC17E8} => pcalua.exe -a C:\Users\user\Downloads\InstallWoW.exe -d C:\Users\user\Downloads
Task: {D8C46A4F-2B41-45DA-817B-E53A3ED85C01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
Task: {F5382434-9BEB-4976-BF14-5E78048A2811} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Public\Desktop\TripAdvisor.lnk -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=none&locale=all&pf=cndt&s=TripAdvisor_dt&tp=dticon (No File)
==================== Loaded Modules (Whitelisted) ==============
2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-11-28 20:58 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-06-18 01:05 - 2016-06-15 10:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 01:05 - 2016-06-15 10:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-265705268-327926828-2355950754-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\StartupApproved\Run: => "AppEx Accelerator UI"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{01C2178B-767E-4329-843F-07DEE5FA0C2C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D71EAC52-44BE-43A5-8260-B5BA144F585A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{CB42BE65-064B-4DAB-82ED-9E8D48E39404}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{5C8855A3-C1F9-4CB7-B4D6-4510B49B50CD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{3C334840-1FE1-4F08-9477-BA6AB694AF2B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BE5D59D8-5712-48D6-9023-5C87FD2A86E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA86B1B0-7E64-4C98-985B-8B6375401272}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{736F5BE3-5333-4CF7-96D0-4DF82EA67029}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{48246045-6638-4A3A-AA6C-D8FD1C9A07B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
28-04-2016 23:36:27 Scheduled Checkpoint
07-05-2016 14:48:47 Scheduled Checkpoint
15-05-2016 01:57:57 Scheduled Checkpoint
09-06-2016 16:39:59 Windows Modules Installer
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/08/2016 03:12:04 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: The operation completed successfully. 0x0.
Error: (07/08/2016 03:12:04 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Context: Application, SystemIndex Catalogue
Error: (07/08/2016 03:12:04 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Error: (07/08/2016 03:11:07 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: The operation completed successfully. 0x0.
Error: (07/08/2016 03:11:07 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Context: Application, SystemIndex Catalogue
Error: (07/08/2016 03:11:07 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Error: (07/08/2016 03:07:42 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-265705268-327926828-2355950754-1001}/">.
Error: (07/08/2016 03:05:15 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: The operation completed successfully. 0x0.
Error: (07/08/2016 03:05:15 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Context: Application, SystemIndex Catalogue
Error: (07/08/2016 03:05:15 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
System errors:
=============
Error: (07/08/2016 03:11:58 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "USARUS" auf Transport "NetBT_Tcpip_{C9C9EA59-0D5C-446D-B32B-4B43A299F5FE}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GamesAppIntegrationService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.
Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo64 Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Bonjour Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Print Spooler" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.
Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst " HP SimplePass Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2016-07-08 10:23:33.250
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-08 10:23:33.079
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-08 10:23:32.579
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-08 10:23:32.407
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-08 10:16:51.230
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-08 10:16:51.043
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-08 10:16:50.276
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-08 10:16:50.088
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-05 00:44:38.783
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-05 00:44:38.495
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD A10-6700 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 16%
Total physical RAM: 7604.86 MB
Available physical RAM: 6349.97 MB
Total Virtual: 8820.86 MB
Available Virtual: 7498.08 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:914.5 GB) (Free:857.12 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:15.54 GB) (Free:1.97 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 546B79C5)
Partition: GPT.
==================== End of Addition.txt ============================
|
|
08.07.2016, 21:12
| #7 |
| /// TB-Ausbilder | Malware Befall Ich habe mit dem Entwickler von AdwCleaner gesprochen. Es handelt sich bei dem von dir genannten Fund um einen Fehlalarm. Dieser wird in Kürze behoben. Gibt es sonst noch Probleme? |
|
08.07.2016, 21:27
| #8 |
| | Malware Befall Dann bin ich ja erstmal beruhigt, nein sonst ist alles ok, danke für die schnelle Hilfe !  |
|
08.07.2016, 21:29
| #9 | |||||||||||
| /// TB-Ausbilder | Malware BefallZitat:
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
11.07.2016, 18:34
| #10 |
| /// TB-Ausbilder | Malware Befall Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Malware Befall |
| abend, adwcleaner, appdata, befall, chrome, default, google, google chrome, guten, kleines, local, malware, meinem, problem, ratlos, system, wenig |
Linear-Darstellung
