Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Malware Befall

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.07.2016, 01:30   #1
Silfchen
 
Malware Befall - Standard

Malware Befall



Guten Abend,
Ich hab ein kleines Problem mein adwcleaner findet in Meinem system

***** [ Folders ] *****

Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

***** [ Files ] *****

File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal

entfernt es auch aber so wie ich google chrome öffne ist es wieder da ich bin ein wenig ratlos.

Alt 08.07.2016, 06:09   #2
M-K-D-B
/// TB-Ausbilder
 
Malware Befall - Standard

Malware Befall






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
  • Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________


Alt 08.07.2016, 09:36   #3
Silfchen
 
Malware Befall - Standard

Malware Befall



Hallo Matthias, Danke für deine schnelle Antwort.

FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by user (administrator) on USARUS (08-07-2016 10:24:05)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (Update) (X64) Language: Englisch (Großbritannien)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-03-28] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-28] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C9C9EA59-0D5C-446D-B32B-4B43A299F5FE}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-265705268-327926828-2355950754-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-265705268-327926828-2355950754-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> {205F75E7-9F3D-4B05-ABC4-F803E24E6A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {205F75E7-9F3D-4B05-ABC4-F803E24E6A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-265705268-327926828-2355950754-1001 -> {205F75E7-9F3D-4B05-ABC4-F803E24E6A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()

Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-20]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-20]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-20]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-20]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-20]
CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-20]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-06]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-28] (IDT, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\System32\drivers\amdkmcsp.sys [85704 2014-06-17] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-06-17] (Advanced Micro Devices, Inc.)
S0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [230088 2014-06-17] (Advanced Micro Devices, Inc. )
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-08 10:24 - 2016-07-08 10:24 - 00010738 _____ C:\Users\user\Desktop\FRST.txt
2016-07-08 10:23 - 2016-07-08 10:24 - 00000000 ____D C:\FRST
2016-07-08 10:22 - 2016-07-08 10:22 - 02390016 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-07-05 00:43 - 2016-07-05 00:43 - 03712064 _____ C:\Users\user\Downloads\adwcleaner_5.201.exe
2016-06-08 21:14 - 2016-06-08 21:24 - 00000000 ____D C:\Users\user\Downloads\Farid Bang - Blut (Deluxe Edition) (2016)
2016-06-08 19:54 - 2016-06-08 20:50 - 171892817 _____ C:\Users\user\Downloads\M2550.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-08 10:12 - 2016-01-20 05:47 - 00001128 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-08 03:11 - 2016-01-03 04:20 - 00000000 ____D C:\AdwCleaner
2016-07-08 03:11 - 2014-11-28 20:30 - 00065536 _____ C:\windows\system32\spu_storage.bin
2016-07-08 03:11 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-08 03:04 - 2016-01-20 05:47 - 00001132 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-08 02:21 - 2015-12-30 03:39 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-08 02:14 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-07-08 01:32 - 2015-12-29 23:29 - 00000000 ____D C:\Users\user\AppData\Roaming\TS3Client
2016-07-02 13:54 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2016-06-30 13:23 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-06-24 17:49 - 2015-12-29 13:31 - 00000000 ____D C:\Users\user\AppData\Local\TeamSpeak 3 Client
2016-06-23 22:02 - 2016-01-20 08:06 - 00007602 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-06-20 20:00 - 2015-12-29 13:17 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-265705268-327926828-2355950754-1001
2016-06-20 13:11 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 01:05 - 2016-01-20 05:48 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 01:05 - 2016-01-20 05:48 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-15 22:40 - 2016-01-12 02:19 - 00484008 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-09 16:48 - 2014-11-29 05:22 - 00755596 _____ C:\windows\system32\perfh007.dat
2016-06-09 16:48 - 2014-11-29 05:22 - 00172696 _____ C:\windows\system32\perfc007.dat
2016-06-09 16:48 - 2014-03-18 17:32 - 01783968 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-09 16:43 - 2016-03-16 13:22 - 00000132 _____ C:\Users\user\Desktop\Neues Textdokument.txt
2016-06-09 16:40 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp

==================== Files in the root of some directories =======

2016-01-20 08:06 - 2016-06-23 22:02 - 0007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-07 13:41

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---

--- --- ---


Addition:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by user (administrator) on USARUS (08-07-2016 10:24:05)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (Update) (X64) Language: Englisch (Großbritannien)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-03-28] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-28] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C9C9EA59-0D5C-446D-B32B-4B43A299F5FE}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-265705268-327926828-2355950754-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-265705268-327926828-2355950754-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> {205F75E7-9F3D-4B05-ABC4-F803E24E6A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {205F75E7-9F3D-4B05-ABC4-F803E24E6A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-265705268-327926828-2355950754-1001 -> {205F75E7-9F3D-4B05-ABC4-F803E24E6A95} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()

Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-20]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-20]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-20]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-20]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-20]
CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-20]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-06]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-28] (IDT, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\System32\drivers\amdkmcsp.sys [85704 2014-06-17] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-06-17] (Advanced Micro Devices, Inc.)
S0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [230088 2014-06-17] (Advanced Micro Devices, Inc. )
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-08 10:24 - 2016-07-08 10:24 - 00010738 _____ C:\Users\user\Desktop\FRST.txt
2016-07-08 10:23 - 2016-07-08 10:24 - 00000000 ____D C:\FRST
2016-07-08 10:22 - 2016-07-08 10:22 - 02390016 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-07-05 00:43 - 2016-07-05 00:43 - 03712064 _____ C:\Users\user\Downloads\adwcleaner_5.201.exe
2016-06-08 21:14 - 2016-06-08 21:24 - 00000000 ____D C:\Users\user\Downloads\Farid Bang - Blut (Deluxe Edition) (2016)
2016-06-08 19:54 - 2016-06-08 20:50 - 171892817 _____ C:\Users\user\Downloads\M2550.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-08 10:12 - 2016-01-20 05:47 - 00001128 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-08 03:11 - 2016-01-03 04:20 - 00000000 ____D C:\AdwCleaner
2016-07-08 03:11 - 2014-11-28 20:30 - 00065536 _____ C:\windows\system32\spu_storage.bin
2016-07-08 03:11 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-08 03:04 - 2016-01-20 05:47 - 00001132 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-08 02:21 - 2015-12-30 03:39 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-08 02:14 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-07-08 01:32 - 2015-12-29 23:29 - 00000000 ____D C:\Users\user\AppData\Roaming\TS3Client
2016-07-02 13:54 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2016-06-30 13:23 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-06-24 17:49 - 2015-12-29 13:31 - 00000000 ____D C:\Users\user\AppData\Local\TeamSpeak 3 Client
2016-06-23 22:02 - 2016-01-20 08:06 - 00007602 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-06-20 20:00 - 2015-12-29 13:17 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-265705268-327926828-2355950754-1001
2016-06-20 13:11 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 01:05 - 2016-01-20 05:48 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 01:05 - 2016-01-20 05:48 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-15 22:40 - 2016-01-12 02:19 - 00484008 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-09 16:48 - 2014-11-29 05:22 - 00755596 _____ C:\windows\system32\perfh007.dat
2016-06-09 16:48 - 2014-11-29 05:22 - 00172696 _____ C:\windows\system32\perfc007.dat
2016-06-09 16:48 - 2014-03-18 17:32 - 01783968 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-09 16:43 - 2016-03-16 13:22 - 00000132 _____ C:\Users\user\Desktop\Neues Textdokument.txt
2016-06-09 16:40 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp

==================== Files in the root of some directories =======

2016-01-20 08:06 - 2016-06-23 22:02 - 0007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-07 13:41

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---

--- --- ---
__________________

Alt 08.07.2016, 09:37   #4
Silfchen
 
Malware Befall - Standard

Malware Befall



TDSSKiller:
Code:
ATTFilter
10:27:58.0621 0x0f7c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
10:27:58.0621 0x0f7c  UEFI system
10:28:11.0335 0x0f7c  ============================================================
10:28:11.0335 0x0f7c  Current date / time: 2016/07/08 10:28:11.0335
10:28:11.0335 0x0f7c  SystemInfo:
10:28:11.0335 0x0f7c  
10:28:11.0335 0x0f7c  OS Version: 6.3.9600 ServicePack: 0.0
10:28:11.0335 0x0f7c  Product type: Workstation
10:28:11.0335 0x0f7c  ComputerName: USARUS
10:28:11.0335 0x0f7c  UserName: user
10:28:11.0335 0x0f7c  Windows directory: C:\windows
10:28:11.0335 0x0f7c  System windows directory: C:\windows
10:28:11.0335 0x0f7c  Running under WOW64
10:28:11.0335 0x0f7c  Processor architecture: Intel x64
10:28:11.0335 0x0f7c  Number of processors: 4
10:28:11.0335 0x0f7c  Page size: 0x1000
10:28:11.0335 0x0f7c  Boot type: Normal boot
10:28:11.0335 0x0f7c  ============================================================
10:28:11.0807 0x0f7c  KLMD registered as C:\windows\system32\drivers\77245880.sys
10:28:12.0956 0x0f7c  System UUID: {9D5C93BD-71A5-9C03-94D1-8D229C48C37D}
10:28:13.0637 0x0f7c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:28:13.0653 0x0f7c  ============================================================
10:28:13.0653 0x0f7c  \Device\Harddisk0\DR0:
10:28:13.0653 0x0f7c  GPT partitions:
10:28:13.0653 0x0f7c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {559D839E-0903-4087-A533-E9F1DD36E657}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
10:28:13.0653 0x0f7c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {A563D233-0F50-4F70-9DA4-0D83525EF646}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
10:28:13.0653 0x0f7c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8026ABC7-EDAC-41C8-9CD8-7A42A705340B}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
10:28:13.0653 0x0f7c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E8231315-95E9-46D0-B7AA-C8C6E689B7C5}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0x724FE000
10:28:13.0653 0x0f7c  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C8B6E7AC-4678-4DEA-A331-AB1C1EC6C46C}, Name: Basic data partition, StartLBA 0x727F2000, BlocksNum 0x1F12000
10:28:13.0653 0x0f7c  MBR partitions:
10:28:13.0653 0x0f7c  ============================================================
10:28:13.0669 0x0f7c  C: <-> \Device\Harddisk0\DR0\Partition4
10:28:13.0715 0x0f7c  D: <-> \Device\Harddisk0\DR0\Partition5
10:28:13.0715 0x0f7c  ============================================================
10:28:13.0715 0x0f7c  Initialize success
10:28:13.0715 0x0f7c  ============================================================
10:28:50.0849 0x08e8  ============================================================
10:28:50.0849 0x08e8  Scan started
10:28:50.0849 0x08e8  Mode: Manual; SigCheck; TDLFS; 
10:28:50.0849 0x08e8  ============================================================
10:28:50.0849 0x08e8  KSN ping started
10:28:53.0194 0x08e8  KSN ping finished: true
10:28:54.0158 0x08e8  ================ Scan system memory ========================
10:28:54.0158 0x08e8  System memory - ok
10:28:54.0158 0x08e8  ================ Scan services =============================
10:28:54.0265 0x08e8  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\windows\System32\drivers\1394ohci.sys
10:28:54.0297 0x08e8  1394ohci - ok
10:28:54.0308 0x08e8  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\windows\system32\drivers\3ware.sys
10:28:54.0326 0x08e8  3ware - ok
10:28:54.0352 0x08e8  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\windows\system32\drivers\ACPI.sys
10:28:54.0372 0x08e8  ACPI - ok
10:28:54.0380 0x08e8  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\windows\system32\Drivers\acpiex.sys
10:28:54.0389 0x08e8  acpiex - ok
10:28:54.0404 0x08e8  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\windows\System32\drivers\acpipagr.sys
10:28:54.0413 0x08e8  acpipagr - ok
10:28:54.0426 0x08e8  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\windows\System32\drivers\acpipmi.sys
10:28:54.0435 0x08e8  AcpiPmi - ok
10:28:54.0450 0x08e8  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\windows\System32\drivers\acpitime.sys
10:28:54.0459 0x08e8  acpitime - ok
10:28:54.0486 0x08e8  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\windows\system32\drivers\ADP80XX.SYS
10:28:54.0518 0x08e8  ADP80XX - ok
10:28:54.0548 0x08e8  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
10:28:54.0561 0x08e8  AeLookupSvc - ok
10:28:54.0590 0x08e8  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\windows\system32\drivers\afd.sys
10:28:54.0609 0x08e8  AFD - ok
10:28:54.0624 0x08e8  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\windows\system32\drivers\agp440.sys
10:28:54.0632 0x08e8  agp440 - ok
10:28:54.0660 0x08e8  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\windows\system32\DRIVERS\ahcache.sys
10:28:54.0670 0x08e8  ahcache - ok
10:28:54.0676 0x08e8  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\windows\System32\alg.exe
10:28:54.0687 0x08e8  ALG - ok
10:28:54.0710 0x08e8  [ 606C8F129FE18D6E3EA2FD542D43D72D, 1BDB9B1C3C8345429FFF25189DCA16F4174F29B5C5DFD5AEB5C277CD4E6EBCA8 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
10:28:54.0726 0x08e8  AMD External Events Utility - ok
10:28:54.0788 0x08e8  [ B12D8F8A42080B955D027EE56F5BD1C3, AA4763AF1D77F7F1FF3BFEC5B800E7E38F954C1488B19ED645B04FEC4D771A1C ] AMD FUEL Service C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
10:28:54.0798 0x08e8  AMD FUEL Service - detected UnsignedFile.Multi.Generic ( 1 )
10:28:57.0214 0x08e8  Detect skipped due to KSN trusted
10:28:57.0214 0x08e8  AMD FUEL Service - ok
10:28:57.0261 0x08e8  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\windows\System32\drivers\amdk8.sys
10:28:57.0276 0x08e8  AmdK8 - ok
10:28:57.0292 0x08e8  [ 02F26B62F44850545B78850B662C9EB5, 341492715263CFB1A56951FC5A2FA76483FC75FA185ADBDA9D31C0EEB8172D07 ] amdkmcsp        C:\windows\System32\drivers\amdkmcsp.sys
10:28:57.0308 0x08e8  amdkmcsp - ok
10:28:57.0308 0x08e8  amdkmdag - ok
10:28:57.0354 0x08e8  [ C0C27A1094F6EA978FB2CAACFDE0E594, 9B481D55ED3D55A975CB1EB32DD0DB9AD032D592585A5799F81918EFB7843AAE ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
10:28:57.0370 0x08e8  amdkmdap - ok
10:28:57.0386 0x08e8  [ C04F35935BF6274F5593B78C7B295760, 29BC36696B3D5C75DEF9C9D96D3C06E5C6D964A00B4D5CD354CB08002E085191 ] amdkmpfd        C:\windows\system32\drivers\amdkmpfd.sys
10:28:57.0401 0x08e8  amdkmpfd - ok
10:28:57.0417 0x08e8  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\windows\System32\drivers\amdppm.sys
10:28:57.0417 0x08e8  AmdPPM - ok
10:28:57.0433 0x08e8  [ 1EDE6ADCA69E2F44EE2628DD4DAA30C5, A49875468FC592C2657534DFF443DA19BA02C3F0DC0F8192CD5A270C43C88B62 ] amdpsp          C:\windows\system32\drivers\amdpsp.sys
10:28:57.0448 0x08e8  amdpsp - ok
10:28:57.0448 0x08e8  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\windows\system32\drivers\amdsata.sys
10:28:57.0464 0x08e8  amdsata - ok
10:28:57.0479 0x08e8  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
10:28:57.0495 0x08e8  amdsbs - ok
10:28:57.0495 0x08e8  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\windows\system32\drivers\amdxata.sys
10:28:57.0511 0x08e8  amdxata - ok
10:28:57.0526 0x08e8  [ 5EA556BC3AECA6ADD398B13D898C52D3, A5EA0A827DCD146E1A1CCF3A4A58CA0CE06AAF3D36F209F932D7B796F4E89A8F ] amd_sata        C:\windows\system32\drivers\amd_sata.sys
10:28:57.0542 0x08e8  amd_sata - ok
10:28:57.0542 0x08e8  [ B5A18CB1C6D7DD5C5393E7A79CE79826, 2A5AB52BCD98B7C7C1FC98D56FD9C9E99A2345841A221AF860AC64C4B9ED199E ] amd_xata        C:\windows\system32\drivers\amd_xata.sys
10:28:57.0558 0x08e8  amd_xata - ok
10:28:57.0589 0x08e8  [ E5F36F2FF6E8BC2E9E51655489EA753D, 83A7BA29D411C039511A9306C0136099572EE8E306E1C87207F3E721568C0136 ] AmUStor         C:\windows\system32\drivers\AmUStor.SYS
10:28:57.0589 0x08e8  AmUStor - ok
10:28:57.0604 0x08e8  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:28:57.0620 0x08e8  AODDriver4.3 - ok
10:28:57.0651 0x08e8  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc      C:\windows\system32\inetsrv\apphostsvc.dll
10:28:57.0667 0x08e8  AppHostSvc - ok
10:28:57.0683 0x08e8  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\windows\system32\drivers\appid.sys
10:28:57.0683 0x08e8  AppID - ok
10:28:57.0698 0x08e8  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\windows\System32\appidsvc.dll
10:28:57.0714 0x08e8  AppIDSvc - ok
10:28:57.0729 0x08e8  [ 8D6F535461F6CFF75A8ADDF83024C904, F2A97EC4A6284F28B685A3CE2D450F61E75EE8692D718A6AA352D5734BBBAD7B ] Appinfo         C:\windows\System32\appinfo.dll
10:28:57.0745 0x08e8  Appinfo - ok
10:28:57.0761 0x08e8  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\windows\system32\AppReadiness.dll
10:28:57.0776 0x08e8  AppReadiness - ok
10:28:57.0834 0x08e8  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\windows\system32\appxdeploymentserver.dll
10:28:57.0868 0x08e8  AppXSvc - ok
10:28:57.0899 0x08e8  [ CF6E96336D3B247AB48F28CC570B83D8, B606BE7A2127E8FD3C7DFFEE844EFC8ABCBD08FE48384692B7B5928970AD54E3 ] APXACC          C:\windows\system32\DRIVERS\appexDrv.sys
10:28:57.0911 0x08e8  APXACC - ok
10:28:57.0937 0x08e8  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\windows\system32\drivers\arcsas.sys
10:28:57.0947 0x08e8  arcsas - ok
10:28:58.0004 0x08e8  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:28:58.0012 0x08e8  aspnet_state - ok
10:28:58.0018 0x08e8  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\windows\system32\drivers\atapi.sys
10:28:58.0026 0x08e8  atapi - ok
10:28:58.0050 0x08e8  [ 886767FD022213F7885416134E9082E5, E248D82210FBEBF62C23EBEC74A976B2D1A4E62D3B7638D95B2574B77BA05DD0 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
10:28:58.0063 0x08e8  AudioEndpointBuilder - ok
10:28:58.0089 0x08e8  [ 79B134ECE836B406B212E28C24011538, 1B875DD23CCAD8A2759DCDBCDCF3DE14231B9DB5EEC8E84FE081E41A52A047A1 ] Audiosrv        C:\windows\System32\Audiosrv.dll
10:28:58.0114 0x08e8  Audiosrv - ok
10:28:58.0135 0x08e8  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\windows\System32\AxInstSV.dll
10:28:58.0145 0x08e8  AxInstSV - ok
10:28:58.0173 0x08e8  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
10:28:58.0183 0x08e8  b06bdrv - ok
10:28:58.0210 0x08e8  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\windows\System32\drivers\BasicDisplay.sys
10:28:58.0218 0x08e8  BasicDisplay - ok
10:28:58.0224 0x08e8  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\windows\System32\drivers\BasicRender.sys
10:28:58.0232 0x08e8  BasicRender - ok
10:28:58.0260 0x08e8  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\windows\System32\drivers\bcmfn2.sys
10:28:58.0268 0x08e8  bcmfn2 - ok
10:28:58.0283 0x08e8  [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC          C:\windows\System32\bdesvc.dll
10:28:58.0299 0x08e8  BDESVC - ok
10:28:58.0314 0x08e8  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\windows\system32\drivers\Beep.sys
10:28:58.0330 0x08e8  Beep - ok
10:28:58.0377 0x08e8  [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE             C:\windows\System32\bfe.dll
10:28:58.0408 0x08e8  BFE - ok
10:28:58.0439 0x08e8  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\windows\System32\qmgr.dll
10:28:58.0471 0x08e8  BITS - ok
10:28:58.0502 0x08e8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:28:58.0518 0x08e8  Bonjour Service - ok
10:28:58.0518 0x08e8  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\windows\system32\DRIVERS\bowser.sys
10:28:58.0533 0x08e8  bowser - ok
10:28:58.0564 0x08e8  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
10:28:58.0580 0x08e8  BrokerInfrastructure - ok
10:28:58.0596 0x08e8  [ D528D6A92D187777691993DD757AF19A, 2C79978310193431E5FC462368424A172858D5351C92D4815C2A7E35B5DDE50C ] Browser         C:\windows\System32\browser.dll
10:28:58.0611 0x08e8  Browser - ok
10:28:58.0611 0x08e8  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\windows\System32\drivers\BthAvrcpTg.sys
10:28:58.0627 0x08e8  BthAvrcpTg - ok
10:28:58.0627 0x08e8  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\windows\System32\drivers\bthhfenum.sys
10:28:58.0643 0x08e8  BthHFEnum - ok
10:28:58.0643 0x08e8  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\windows\System32\drivers\BthHFHid.sys
10:28:58.0658 0x08e8  bthhfhid - ok
10:28:58.0658 0x08e8  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\windows\System32\drivers\bthmodem.sys
10:28:58.0674 0x08e8  BTHMODEM - ok
10:28:58.0674 0x08e8  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\windows\system32\bthserv.dll
10:28:58.0689 0x08e8  bthserv - ok
10:28:58.0689 0x08e8  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
10:28:58.0705 0x08e8  cdfs - ok
10:28:58.0721 0x08e8  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\windows\System32\drivers\cdrom.sys
10:28:58.0736 0x08e8  cdrom - ok
10:28:58.0752 0x08e8  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\windows\System32\certprop.dll
10:28:58.0768 0x08e8  CertPropSvc - ok
10:28:58.0783 0x08e8  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\windows\System32\drivers\circlass.sys
10:28:58.0783 0x08e8  circlass - ok
10:28:58.0814 0x08e8  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\windows\system32\drivers\CLFS.sys
10:28:58.0830 0x08e8  CLFS - ok
10:28:58.0861 0x08e8  [ 5C646CAC91E086F7FF53C7F2E857F263, 67AF6FBF88B7EE530A9BA53833EAFCC78BF8362E82BF81180858F1D17DFC73E6 ] CLVirtualDrive  C:\windows\system32\DRIVERS\CLVirtualDrive.sys
10:28:58.0861 0x08e8  CLVirtualDrive - ok
10:28:58.0877 0x08e8  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\windows\System32\drivers\CmBatt.sys
10:28:58.0893 0x08e8  CmBatt - ok
10:28:58.0927 0x08e8  [ 0DE32A0BB1FE2A773666572F79584520, C417C12476B937265BEDC9A2C3C3F6C50FD19AEC096362337B0921627A2A92EA ] CNG             C:\windows\system32\Drivers\cng.sys
10:28:58.0937 0x08e8  CNG - ok
10:28:58.0952 0x08e8  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\windows\System32\drivers\CompositeBus.sys
10:28:58.0968 0x08e8  CompositeBus - ok
10:28:58.0968 0x08e8  COMSysApp - ok
10:28:58.0984 0x08e8  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\windows\system32\drivers\condrv.sys
10:28:58.0999 0x08e8  condrv - ok
10:28:59.0015 0x08e8  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\windows\system32\cryptsvc.dll
10:28:59.0015 0x08e8  CryptSvc - ok
10:28:59.0030 0x08e8  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\windows\system32\drivers\dam.sys
10:28:59.0030 0x08e8  dam - ok
10:28:59.0086 0x08e8  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\windows\system32\rpcss.dll
10:28:59.0110 0x08e8  DcomLaunch - ok
10:28:59.0137 0x08e8  [ AF3FF97AC2A73E70F8A8D11FB694175B, 3AA25BF9DED08056F52ACF246118C13C8816B5E8AA4D8606DB7DAB4E4E6A9169 ] defragsvc       C:\windows\System32\defragsvc.dll
10:28:59.0154 0x08e8  defragsvc - ok
10:28:59.0187 0x08e8  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\windows\system32\das.dll
10:28:59.0203 0x08e8  DeviceAssociationService - ok
10:28:59.0222 0x08e8  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\windows\system32\umpnpmgr.dll
10:28:59.0233 0x08e8  DeviceInstall - ok
10:28:59.0246 0x08e8  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\windows\system32\Drivers\dfsc.sys
10:28:59.0257 0x08e8  Dfsc - ok
10:28:59.0277 0x08e8  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\windows\system32\DRIVERS\ssudbus.sys
10:28:59.0285 0x08e8  dg_ssudbus - ok
10:28:59.0301 0x08e8  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\windows\system32\dhcpcore.dll
10:28:59.0316 0x08e8  Dhcp - ok
10:28:59.0330 0x08e8  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\windows\system32\drivers\disk.sys
10:28:59.0339 0x08e8  disk - ok
10:28:59.0362 0x08e8  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\windows\System32\drivers\dmvsc.sys
10:28:59.0370 0x08e8  dmvsc - ok
10:28:59.0391 0x08e8  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\windows\System32\dnsrslvr.dll
10:28:59.0403 0x08e8  Dnscache - ok
10:28:59.0422 0x08e8  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\windows\System32\dot3svc.dll
10:28:59.0436 0x08e8  dot3svc - ok
10:28:59.0444 0x08e8  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\windows\system32\dps.dll
10:28:59.0459 0x08e8  DPS - ok
10:28:59.0470 0x08e8  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
10:28:59.0477 0x08e8  drmkaud - ok
10:28:59.0496 0x08e8  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\windows\System32\DeviceSetupManager.dll
10:28:59.0512 0x08e8  DsmSvc - ok
10:28:59.0556 0x08e8  [ C7D252742946DD395670649742FBD73D, 333CC984CF318D36EA8C5867077A1732A214445EB6B7CF7AC2E8F1C8259CD9C7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
10:28:59.0599 0x08e8  DXGKrnl - ok
10:28:59.0629 0x08e8  [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress      C:\windows\system32\DRIVERS\e1i63x64.sys
10:28:59.0646 0x08e8  e1iexpress - ok
10:28:59.0671 0x08e8  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\windows\System32\eapsvc.dll
10:28:59.0686 0x08e8  Eaphost - ok
10:28:59.0776 0x08e8  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\windows\system32\drivers\evbda.sys
10:28:59.0859 0x08e8  ebdrv - ok
10:28:59.0886 0x08e8  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\windows\System32\lsass.exe
10:28:59.0897 0x08e8  EFS - ok
10:28:59.0907 0x08e8  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\windows\system32\drivers\EhStorClass.sys
10:28:59.0917 0x08e8  EhStorClass - ok
10:28:59.0935 0x08e8  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\windows\system32\drivers\EhStorTcgDrv.sys
10:28:59.0945 0x08e8  EhStorTcgDrv - ok
10:28:59.0967 0x08e8  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\windows\System32\drivers\errdev.sys
10:28:59.0974 0x08e8  ErrDev - ok
10:29:00.0004 0x08e8  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\windows\system32\es.dll
10:29:00.0022 0x08e8  EventSystem - ok
10:29:00.0050 0x08e8  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\windows\system32\drivers\exfat.sys
10:29:00.0067 0x08e8  exfat - ok
10:29:00.0077 0x08e8  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\windows\system32\drivers\fastfat.sys
10:29:00.0089 0x08e8  fastfat - ok
10:29:00.0116 0x08e8  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\windows\system32\fxssvc.exe
10:29:00.0144 0x08e8  Fax - ok
10:29:00.0151 0x08e8  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\windows\System32\drivers\fdc.sys
10:29:00.0160 0x08e8  fdc - ok
10:29:00.0174 0x08e8  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\windows\system32\fdPHost.dll
10:29:00.0187 0x08e8  fdPHost - ok
10:29:00.0192 0x08e8  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\windows\system32\fdrespub.dll
10:29:00.0205 0x08e8  FDResPub - ok
10:29:00.0214 0x08e8  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\windows\system32\fhsvc.dll
10:29:00.0224 0x08e8  fhsvc - ok
10:29:00.0230 0x08e8  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
10:29:00.0239 0x08e8  FileInfo - ok
10:29:00.0251 0x08e8  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\windows\system32\drivers\filetrace.sys
10:29:00.0263 0x08e8  Filetrace - ok
10:29:00.0268 0x08e8  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\windows\System32\drivers\flpydisk.sys
10:29:00.0276 0x08e8  flpydisk - ok
10:29:00.0303 0x08e8  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
10:29:00.0318 0x08e8  FltMgr - ok
10:29:00.0371 0x08e8  [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache       C:\windows\system32\FntCache.dll
10:29:00.0405 0x08e8  FontCache - ok
10:29:00.0432 0x08e8  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:29:00.0432 0x08e8  FontCache3.0.0.0 - ok
10:29:00.0463 0x08e8  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
10:29:00.0463 0x08e8  FsDepends - ok
10:29:00.0479 0x08e8  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
10:29:00.0479 0x08e8  Fs_Rec - ok
10:29:00.0495 0x08e8  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
10:29:00.0526 0x08e8  fvevol - ok
10:29:00.0541 0x08e8  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\windows\System32\drivers\fxppm.sys
10:29:00.0541 0x08e8  FxPPM - ok
10:29:00.0541 0x08e8  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
10:29:00.0557 0x08e8  gagp30kx - ok
10:29:00.0604 0x08e8  [ 4A336C92A790A3F7C2D9952C73FCFA16, 2EB400EBAA2B50A97F442D18107316A172A92660F5D712D1C58D39172C9CD80C ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
10:29:00.0620 0x08e8  GamesAppIntegrationService - ok
10:29:00.0635 0x08e8  [ A404AE536DD73FC8118A15BFF0BD4FC0, EA24D7866FEB40DD72713601E14DBDA60497324222196B8E0791DA656DBF5DA7 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:29:00.0651 0x08e8  GamesAppService - ok
10:29:00.0666 0x08e8  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\windows\System32\drivers\vmgencounter.sys
10:29:00.0666 0x08e8  gencounter - ok
10:29:00.0682 0x08e8  [ EF3AE7773394DF49CE74AF78A1C8D23D, CB12FF004C460A89F12AFF2467512B479A07CA10D4280CD4E624A5A9CDAB9C1B ] GPIOClx0101     C:\windows\system32\Drivers\msgpioclx.sys
10:29:00.0698 0x08e8  GPIOClx0101 - ok
10:29:00.0745 0x08e8  [ 383DA813409316D69603C1D849834D24, E1AAD3AB567457B00B8A378D5BA37ED653EE451FF79D071A8815FB8B1EB90DAF ] gpsvc           C:\windows\System32\gpsvc.dll
10:29:00.0776 0x08e8  gpsvc - ok
10:29:00.0807 0x08e8  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:29:00.0807 0x08e8  gupdate - ok
10:29:00.0823 0x08e8  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:29:00.0823 0x08e8  gupdatem - ok
10:29:00.0854 0x08e8  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
10:29:00.0870 0x08e8  HdAudAddService - ok
10:29:00.0870 0x08e8  [ 498288DD5CA42C2D36D125893E968C53, 03B62FA51F9195D77170DCEFF3A93A6898AA96FB610044DDAE83767DA12745C5 ] HDAudBus        C:\windows\System32\drivers\HDAudBus.sys
10:29:00.0885 0x08e8  HDAudBus - ok
10:29:00.0885 0x08e8  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\windows\System32\drivers\HidBatt.sys
10:29:00.0885 0x08e8  HidBatt - ok
10:29:00.0901 0x08e8  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\windows\System32\drivers\hidbth.sys
10:29:00.0901 0x08e8  HidBth - ok
10:29:00.0932 0x08e8  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\windows\System32\drivers\hidi2c.sys
10:29:00.0932 0x08e8  hidi2c - ok
10:29:00.0948 0x08e8  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\windows\System32\drivers\hidir.sys
10:29:00.0963 0x08e8  HidIr - ok
10:29:00.0979 0x08e8  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\windows\system32\hidserv.dll
10:29:00.0995 0x08e8  hidserv - ok
10:29:01.0010 0x08e8  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\windows\System32\drivers\hidusb.sys
10:29:01.0026 0x08e8  HidUsb - ok
10:29:01.0026 0x08e8  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\windows\system32\kmsvc.dll
10:29:01.0041 0x08e8  hkmsvc - ok
10:29:01.0057 0x08e8  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\windows\system32\ListSvc.dll
10:29:01.0073 0x08e8  HomeGroupListener - ok
10:29:01.0104 0x08e8  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\windows\system32\provsvc.dll
10:29:01.0120 0x08e8  HomeGroupProvider - ok
10:29:01.0135 0x08e8  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
10:29:01.0151 0x08e8  HpSAMD - ok
10:29:01.0198 0x08e8  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\windows\system32\drivers\HTTP.sys
10:29:01.0213 0x08e8  HTTP - ok
10:29:01.0229 0x08e8  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
10:29:01.0245 0x08e8  hwpolicy - ok
10:29:01.0245 0x08e8  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\windows\System32\drivers\hyperkbd.sys
10:29:01.0260 0x08e8  hyperkbd - ok
10:29:01.0260 0x08e8  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\windows\system32\DRIVERS\HyperVideo.sys
10:29:01.0276 0x08e8  HyperVideo - ok
10:29:01.0307 0x08e8  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\windows\System32\drivers\i8042prt.sys
10:29:01.0307 0x08e8  i8042prt - ok
10:29:01.0323 0x08e8  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\windows\System32\drivers\iaLPSSi_GPIO.sys
10:29:01.0338 0x08e8  iaLPSSi_GPIO - ok
10:29:01.0338 0x08e8  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\windows\System32\drivers\iaLPSSi_I2C.sys
10:29:01.0354 0x08e8  iaLPSSi_I2C - ok
10:29:01.0370 0x08e8  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\windows\system32\drivers\iaStorAV.sys
10:29:01.0401 0x08e8  iaStorAV - ok
10:29:01.0401 0x08e8  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
10:29:01.0433 0x08e8  iaStorV - ok
10:29:01.0439 0x08e8  IEEtwCollectorService - ok
10:29:01.0486 0x08e8  [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT          C:\windows\System32\ikeext.dll
10:29:01.0517 0x08e8  IKEEXT - ok
10:29:01.0542 0x08e8  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\windows\system32\drivers\intelide.sys
10:29:01.0551 0x08e8  intelide - ok
10:29:01.0583 0x08e8  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\windows\system32\drivers\intelpep.sys
10:29:01.0591 0x08e8  intelpep - ok
10:29:01.0597 0x08e8  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\windows\System32\drivers\intelppm.sys
10:29:01.0607 0x08e8  intelppm - ok
10:29:01.0613 0x08e8  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
10:29:01.0625 0x08e8  IpFilterDriver - ok
10:29:01.0664 0x08e8  [ DFC4050D58565ADBEE793A8D4AEBDAE6, 89B900408F030CD45753A11D6AE6CBAB87E8B0E3F8401402D2D8713C045BF488 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
10:29:01.0690 0x08e8  iphlpsvc - ok
10:29:01.0717 0x08e8  [ FD9C9E9E3F0ED51502C7E8C066BE26B9, 290E74380F1543DD22C9F3821513B3E2FB42E995724238D8779CBBCB4FC386C8 ] IPMIDRV         C:\windows\System32\drivers\IPMIDrv.sys
10:29:01.0726 0x08e8  IPMIDRV - ok
10:29:01.0732 0x08e8  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
10:29:01.0742 0x08e8  IPNAT - ok
10:29:01.0751 0x08e8  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\windows\system32\drivers\irenum.sys
10:29:01.0761 0x08e8  IRENUM - ok
10:29:01.0771 0x08e8  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\windows\system32\drivers\isapnp.sys
10:29:01.0778 0x08e8  isapnp - ok
10:29:01.0795 0x08e8  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\windows\System32\drivers\msiscsi.sys
10:29:01.0808 0x08e8  iScsiPrt - ok
10:29:01.0830 0x08e8  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\windows\System32\drivers\kbdclass.sys
10:29:01.0838 0x08e8  kbdclass - ok
10:29:01.0865 0x08e8  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\windows\System32\drivers\kbdhid.sys
10:29:01.0875 0x08e8  kbdhid - ok
10:29:01.0900 0x08e8  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\windows\system32\DRIVERS\kdnic.sys
10:29:01.0909 0x08e8  kdnic - ok
10:29:01.0919 0x08e8  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\windows\system32\lsass.exe
10:29:01.0929 0x08e8  KeyIso - ok
10:29:01.0935 0x08e8  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
10:29:01.0945 0x08e8  KSecDD - ok
10:29:01.0962 0x08e8  [ 35C19AF2116F67914712D7C4CBE47B8C, 5F976726880A6E51D7ABFA7E3EF7294C6FB7F383DC5710A2C2EC8DD26DAEC204 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
10:29:01.0973 0x08e8  KSecPkg - ok
10:29:01.0986 0x08e8  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
10:29:01.0995 0x08e8  ksthunk - ok
10:29:02.0021 0x08e8  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\windows\system32\msdtckrm.dll
10:29:02.0038 0x08e8  KtmRm - ok
10:29:02.0060 0x08e8  [ 46378ECCB4A29AA81BF296641C2501EF, 5AB79BD824C00EF1338FDB8450692318AB14E0AE4145C30B37136767DFC1E4F9 ] LanmanServer    C:\windows\system32\srvsvc.dll
10:29:02.0075 0x08e8  LanmanServer - ok
10:29:02.0106 0x08e8  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
10:29:02.0120 0x08e8  LanmanWorkstation - ok
10:29:02.0149 0x08e8  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\windows\System32\GeofenceMonitorService.dll
10:29:02.0166 0x08e8  lfsvc - ok
10:29:02.0172 0x08e8  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
10:29:02.0183 0x08e8  lltdio - ok
10:29:02.0213 0x08e8  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\windows\System32\lltdsvc.dll
10:29:02.0228 0x08e8  lltdsvc - ok
10:29:02.0241 0x08e8  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\windows\System32\lmhsvc.dll
10:29:02.0249 0x08e8  lmhosts - ok
10:29:02.0268 0x08e8  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
10:29:02.0278 0x08e8  LSI_SAS - ok
10:29:02.0295 0x08e8  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
10:29:02.0304 0x08e8  LSI_SAS2 - ok
10:29:02.0309 0x08e8  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\windows\system32\drivers\lsi_sas3.sys
10:29:02.0316 0x08e8  LSI_SAS3 - ok
10:29:02.0316 0x08e8  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\windows\system32\drivers\lsi_sss.sys
10:29:02.0332 0x08e8  LSI_SSS - ok
10:29:02.0363 0x08e8  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\windows\System32\lsm.dll
10:29:02.0379 0x08e8  LSM - ok
10:29:02.0394 0x08e8  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\windows\system32\drivers\luafv.sys
10:29:02.0410 0x08e8  luafv - ok
10:29:02.0410 0x08e8  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\windows\system32\drivers\megasas.sys
10:29:02.0426 0x08e8  megasas - ok
10:29:02.0441 0x08e8  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\windows\system32\drivers\megasr.sys
10:29:02.0457 0x08e8  megasr - ok
10:29:02.0472 0x08e8  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\windows\system32\mmcss.dll
10:29:02.0488 0x08e8  MMCSS - ok
10:29:02.0504 0x08e8  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\windows\system32\drivers\modem.sys
10:29:02.0504 0x08e8  Modem - ok
10:29:02.0535 0x08e8  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\windows\System32\drivers\monitor.sys
10:29:02.0535 0x08e8  monitor - ok
10:29:02.0566 0x08e8  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\windows\System32\drivers\mouclass.sys
10:29:02.0582 0x08e8  mouclass - ok
10:29:02.0582 0x08e8  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\windows\System32\drivers\mouhid.sys
10:29:02.0597 0x08e8  mouhid - ok
10:29:02.0597 0x08e8  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
10:29:02.0613 0x08e8  mountmgr - ok
10:29:02.0613 0x08e8  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
10:29:02.0629 0x08e8  mpsdrv - ok
10:29:02.0660 0x08e8  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\windows\system32\mpssvc.dll
10:29:02.0691 0x08e8  MpsSvc - ok
10:29:02.0723 0x08e8  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
10:29:02.0738 0x08e8  MRxDAV - ok
10:29:02.0769 0x08e8  [ 89DE71940A0E7F5BA617AE08321EF5C3, BD056C9E18E902D6F118E59A6AC68415BFA0690A02D2B360F6C111CE3B5EAC67 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
10:29:02.0785 0x08e8  mrxsmb - ok
10:29:02.0816 0x08e8  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
10:29:02.0832 0x08e8  mrxsmb10 - ok
10:29:02.0848 0x08e8  [ EE16457030175F449BAB0ABD279F4B6A, DF627054136079553A24AD12DC7374F1ACEEAD782EFFDC278996AD7BCCE98877 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
10:29:02.0863 0x08e8  mrxsmb20 - ok
10:29:02.0879 0x08e8  [ 4E888019078AC363076A5433E89AA4F8, 3DEBDA290230B3E83F956C902C960E39463B7EFE86439199521356762769FD91 ] MsBridge        C:\windows\system32\DRIVERS\bridge.sys
10:29:02.0879 0x08e8  MsBridge - ok
10:29:02.0894 0x08e8  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\windows\System32\msdtc.exe
10:29:02.0910 0x08e8  MSDTC - ok
10:29:02.0926 0x08e8  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\windows\system32\drivers\Msfs.sys
10:29:02.0941 0x08e8  Msfs - ok
10:29:02.0973 0x08e8  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\windows\System32\drivers\msgpiowin32.sys
10:29:02.0973 0x08e8  msgpiowin32 - ok
10:29:02.0988 0x08e8  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
10:29:03.0004 0x08e8  mshidkmdf - ok
10:29:03.0004 0x08e8  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\windows\System32\drivers\mshidumdf.sys
10:29:03.0019 0x08e8  mshidumdf - ok
10:29:03.0019 0x08e8  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
10:29:03.0035 0x08e8  msisadrv - ok
10:29:03.0051 0x08e8  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
10:29:03.0066 0x08e8  MSiSCSI - ok
10:29:03.0066 0x08e8  msiserver - ok
10:29:03.0082 0x08e8  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
10:29:03.0082 0x08e8  MSKSSRV - ok
10:29:03.0097 0x08e8  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\windows\system32\DRIVERS\mslldp.sys
10:29:03.0113 0x08e8  MsLldp - ok
10:29:03.0129 0x08e8  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
10:29:03.0138 0x08e8  MSPCLOCK - ok
10:29:03.0147 0x08e8  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
10:29:03.0156 0x08e8  MSPQM - ok
10:29:03.0176 0x08e8  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
10:29:03.0194 0x08e8  MsRPC - ok
10:29:03.0202 0x08e8  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\windows\System32\drivers\mssmbios.sys
10:29:03.0210 0x08e8  mssmbios - ok
10:29:03.0221 0x08e8  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
10:29:03.0230 0x08e8  MSTEE - ok
10:29:03.0239 0x08e8  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\windows\System32\drivers\MTConfig.sys
10:29:03.0247 0x08e8  MTConfig - ok
10:29:03.0255 0x08e8  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\windows\system32\Drivers\mup.sys
10:29:03.0264 0x08e8  Mup - ok
10:29:03.0271 0x08e8  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\windows\system32\drivers\mvumis.sys
10:29:03.0280 0x08e8  mvumis - ok
10:29:03.0311 0x08e8  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\windows\system32\qagentRT.dll
10:29:03.0331 0x08e8  napagent - ok
10:29:03.0367 0x08e8  [ 78514B073CC5775800A65BFB82A0D66B, DCD18E277569F23921E899F508860F89ABD417C74A7776152A4463284A989488 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
10:29:03.0383 0x08e8  NativeWifiP - ok
10:29:03.0399 0x08e8  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\windows\System32\ncasvc.dll
10:29:03.0412 0x08e8  NcaSvc - ok
10:29:03.0419 0x08e8  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\windows\System32\ncbservice.dll
10:29:03.0430 0x08e8  NcbService - ok
10:29:03.0462 0x08e8  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\windows\System32\NcdAutoSetup.dll
10:29:03.0472 0x08e8  NcdAutoSetup - ok
10:29:03.0521 0x08e8  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\windows\system32\drivers\ndis.sys
10:29:03.0554 0x08e8  NDIS - ok
10:29:03.0571 0x08e8  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
10:29:03.0581 0x08e8  NdisCap - ok
10:29:03.0594 0x08e8  [ 9F1DA20E943BE7AA4ED5F3E1EBA78B37, CCD99962917BBE256F64AE14CCC9FD12433C72B5DB98E0E57CA8F212A11B3C8F ] NdisImPlatform  C:\windows\system32\DRIVERS\NdisImPlatform.sys
10:29:03.0606 0x08e8  NdisImPlatform - ok
10:29:03.0615 0x08e8  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
10:29:03.0615 0x08e8  NdisTapi - ok
10:29:03.0631 0x08e8  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
10:29:03.0631 0x08e8  Ndisuio - ok
10:29:03.0647 0x08e8  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\windows\System32\drivers\NdisVirtualBus.sys
10:29:03.0647 0x08e8  NdisVirtualBus - ok
10:29:03.0662 0x08e8  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
10:29:03.0678 0x08e8  NdisWan - ok
10:29:03.0678 0x08e8  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\windows\system32\DRIVERS\ndiswan.sys
10:29:03.0694 0x08e8  NdisWanLegacy - ok
10:29:03.0694 0x08e8  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
10:29:03.0725 0x08e8  NDProxy - ok
10:29:03.0725 0x08e8  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\windows\system32\drivers\Ndu.sys
10:29:03.0740 0x08e8  Ndu - ok
10:29:03.0756 0x08e8  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
10:29:03.0756 0x08e8  NetBIOS - ok
10:29:03.0772 0x08e8  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
10:29:03.0800 0x08e8  NetBT - ok
10:29:03.0811 0x08e8  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\windows\system32\lsass.exe
10:29:03.0821 0x08e8  Netlogon - ok
10:29:03.0834 0x08e8  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\windows\System32\netman.dll
10:29:03.0850 0x08e8  Netman - ok
10:29:03.0867 0x08e8  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\windows\System32\netprofmsvc.dll
10:29:03.0888 0x08e8  netprofm - ok
10:29:03.0909 0x08e8  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:29:03.0931 0x08e8  NetTcpPortSharing - ok
10:29:03.0937 0x08e8  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\windows\system32\DRIVERS\netvsc63.sys
10:29:03.0944 0x08e8  netvsc - ok
10:29:03.0976 0x08e8  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\windows\System32\nlasvc.dll
10:29:03.0991 0x08e8  NlaSvc - ok
10:29:03.0991 0x08e8  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\windows\system32\drivers\Npfs.sys
10:29:04.0007 0x08e8  Npfs - ok
10:29:04.0007 0x08e8  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\windows\System32\drivers\npsvctrig.sys
10:29:04.0023 0x08e8  npsvctrig - ok
10:29:04.0023 0x08e8  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\windows\system32\nsisvc.dll
10:29:04.0038 0x08e8  nsi - ok
10:29:04.0054 0x08e8  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
10:29:04.0054 0x08e8  nsiproxy - ok
10:29:04.0132 0x08e8  [ 9980B262DBE439AE6BDC91AA985F19EE, E998E4CAE9CD103ADA9CA3C737C4DAD017D056828BFA42A41C7B4E4E108FB13C ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
10:29:04.0179 0x08e8  Ntfs - ok
10:29:04.0210 0x08e8  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\windows\system32\drivers\Null.sys
10:29:04.0226 0x08e8  Null - ok
10:29:04.0241 0x08e8  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\windows\system32\drivers\nvraid.sys
10:29:04.0257 0x08e8  nvraid - ok
10:29:04.0257 0x08e8  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\windows\system32\drivers\nvstor.sys
10:29:04.0273 0x08e8  nvstor - ok
10:29:04.0273 0x08e8  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
10:29:04.0288 0x08e8  nv_agp - ok
10:29:04.0351 0x08e8  [ 8DD366F3B9F16ED722A6A66D956DA27F, 3A61B3D7B0D60CAA801FFDA086BFDDCF9C820CB11114DC60FDC9B30F828CC04F ] omniserv        C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
10:29:04.0351 0x08e8  omniserv - detected UnsignedFile.Multi.Generic ( 1 )
10:29:06.0718 0x08e8  Detect skipped due to KSN trusted
10:29:06.0718 0x08e8  omniserv - ok
10:29:06.0733 0x08e8  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
10:29:06.0749 0x08e8  p2pimsvc - ok
10:29:06.0764 0x08e8  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\windows\system32\p2psvc.dll
10:29:06.0780 0x08e8  p2psvc - ok
10:29:06.0796 0x08e8  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\windows\System32\drivers\parport.sys
10:29:06.0796 0x08e8  Parport - ok
10:29:06.0811 0x08e8  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\windows\system32\drivers\partmgr.sys
10:29:06.0827 0x08e8  partmgr - ok
10:29:06.0843 0x08e8  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\windows\System32\pcasvc.dll
10:29:06.0858 0x08e8  PcaSvc - ok
10:29:06.0874 0x08e8  [ 275AFE3FA35E8D78BE97695DF49817C6, 447CEBB16285AE073B4251D2DA71399306EF2DCB7F56286ABE2F0BD6C83EB489 ] pci             C:\windows\system32\drivers\pci.sys
10:29:06.0889 0x08e8  pci - ok
10:29:06.0905 0x08e8  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\windows\system32\drivers\pciide.sys
10:29:06.0921 0x08e8  pciide - ok
10:29:06.0921 0x08e8  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
10:29:06.0936 0x08e8  pcmcia - ok
10:29:06.0936 0x08e8  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\windows\system32\drivers\pcw.sys
10:29:06.0952 0x08e8  pcw - ok
10:29:06.0968 0x08e8  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\windows\system32\drivers\pdc.sys
10:29:06.0983 0x08e8  pdc - ok
10:29:06.0999 0x08e8  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
10:29:07.0015 0x08e8  PEAUTH - ok
10:29:07.0077 0x08e8  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\windows\SysWow64\perfhost.exe
10:29:07.0093 0x08e8  PerfHost - ok
10:29:07.0155 0x08e8  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\windows\system32\pla.dll
10:29:07.0186 0x08e8  pla - ok
10:29:07.0202 0x08e8  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
10:29:07.0218 0x08e8  PlugPlay - ok
10:29:07.0218 0x08e8  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
10:29:07.0233 0x08e8  PNRPAutoReg - ok
10:29:07.0249 0x08e8  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
10:29:07.0249 0x08e8  PNRPsvc - ok
10:29:07.0296 0x08e8  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
10:29:07.0311 0x08e8  PolicyAgent - ok
10:29:07.0327 0x08e8  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\windows\system32\umpo.dll
10:29:07.0343 0x08e8  Power - ok
10:29:07.0436 0x08e8  [ 346F352E17EA5793C726D3F6582BA855, 5CD830CDCC73335EDC58D26D1BC8B8830DA885CA6D1E21BB7EE763354B5C35EA ] PrintNotify     C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll
10:29:07.0499 0x08e8  PrintNotify - ok
10:29:07.0530 0x08e8  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\windows\System32\drivers\processr.sys
10:29:07.0530 0x08e8  Processor - ok
10:29:07.0561 0x08e8  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\windows\system32\profsvc.dll
10:29:07.0577 0x08e8  ProfSvc - ok
10:29:07.0593 0x08e8  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\windows\system32\DRIVERS\pacer.sys
10:29:07.0608 0x08e8  Psched - ok
10:29:07.0624 0x08e8  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\windows\system32\qwave.dll
10:29:07.0639 0x08e8  QWAVE - ok
10:29:07.0655 0x08e8  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
10:29:07.0671 0x08e8  QWAVEdrv - ok
10:29:07.0671 0x08e8  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
10:29:07.0686 0x08e8  RasAcd - ok
10:29:07.0686 0x08e8  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\windows\System32\rasauto.dll
10:29:07.0702 0x08e8  RasAuto - ok
10:29:07.0718 0x08e8  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\windows\System32\rasmans.dll
10:29:07.0749 0x08e8  RasMan - ok
10:29:07.0764 0x08e8  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
10:29:07.0764 0x08e8  RasPppoe - ok
10:29:07.0780 0x08e8  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
10:29:07.0796 0x08e8  rdbss - ok
10:29:07.0796 0x08e8  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\windows\System32\drivers\rdpbus.sys
10:29:07.0811 0x08e8  rdpbus - ok
10:29:07.0811 0x08e8  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
10:29:07.0827 0x08e8  RDPDR - ok
10:29:07.0858 0x08e8  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
10:29:07.0874 0x08e8  RdpVideoMiniport - ok
10:29:07.0874 0x08e8  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
10:29:07.0889 0x08e8  rdyboost - ok
10:29:07.0921 0x08e8  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\windows\system32\drivers\ReFS.sys
10:29:07.0936 0x08e8  ReFS - ok
10:29:07.0968 0x08e8  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\windows\System32\mprdim.dll
10:29:07.0983 0x08e8  RemoteAccess - ok
10:29:07.0999 0x08e8  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\windows\system32\regsvc.dll
10:29:08.0014 0x08e8  RemoteRegistry - ok
10:29:08.0093 0x08e8  [ 9E18DF158751CF968E7DF83256D70233, 89385DA5ABD283F289E37D7D9E33358B06216E9B3659B2E70F19FD5BA49C7F90 ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
10:29:08.0108 0x08e8  RichVideo64 - ok
10:29:08.0124 0x08e8  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
10:29:08.0139 0x08e8  RpcEptMapper - ok
10:29:08.0155 0x08e8  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\windows\system32\locator.exe
10:29:08.0155 0x08e8  RpcLocator - ok
10:29:08.0186 0x08e8  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\windows\system32\rpcss.dll
10:29:08.0218 0x08e8  RpcSs - ok
10:29:08.0233 0x08e8  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
10:29:08.0249 0x08e8  rspndr - ok
10:29:08.0280 0x08e8  [ 9CF8593B62102545CB1652A1D8748FDD, 818639795720A7567CCE01EBC24A0119BFDCEA1B7A5ED4A11B5012D763C1B5CC ] RSUSBSTOR       C:\windows\System32\Drivers\RtsUStor.sys
10:29:08.0280 0x08e8  RSUSBSTOR - ok
10:29:08.0327 0x08e8  [ 3AB1AA5155684F40E2F5215A258D2471, 3D6A5F603FA6809651A006EA31F57920A45642B6B9E8EC80E5399D1301F635E4 ] RTL8168         C:\windows\system32\DRIVERS\Rt630x64.sys
10:29:08.0343 0x08e8  RTL8168 - ok
10:29:08.0358 0x08e8  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\windows\System32\drivers\vms3cap.sys
10:29:08.0358 0x08e8  s3cap - ok
10:29:08.0374 0x08e8  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\windows\system32\lsass.exe
10:29:08.0389 0x08e8  SamSs - ok
10:29:08.0405 0x08e8  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
10:29:08.0405 0x08e8  sbp2port - ok
10:29:08.0436 0x08e8  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\windows\System32\SCardSvr.dll
10:29:08.0452 0x08e8  SCardSvr - ok
10:29:08.0468 0x08e8  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\windows\System32\ScDeviceEnum.dll
10:29:08.0483 0x08e8  ScDeviceEnum - ok
10:29:08.0483 0x08e8  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
10:29:08.0499 0x08e8  scfilter - ok
10:29:08.0546 0x08e8  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\windows\system32\schedsvc.dll
10:29:08.0577 0x08e8  Schedule - ok
10:29:08.0614 0x08e8  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\windows\System32\certprop.dll
10:29:08.0627 0x08e8  SCPolicySvc - ok
10:29:08.0665 0x08e8  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\windows\System32\drivers\sdbus.sys
10:29:08.0685 0x08e8  sdbus - ok
10:29:08.0698 0x08e8  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\windows\System32\drivers\sdstor.sys
10:29:08.0707 0x08e8  sdstor - ok
10:29:08.0716 0x08e8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
10:29:08.0732 0x08e8  secdrv - ok
10:29:08.0747 0x08e8  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\windows\system32\seclogon.dll
10:29:08.0747 0x08e8  seclogon - ok
10:29:08.0778 0x08e8  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\windows\System32\sens.dll
10:29:08.0778 0x08e8  SENS - ok
10:29:08.0794 0x08e8  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\windows\system32\sensrsvc.dll
10:29:08.0825 0x08e8  SensrSvc - ok
10:29:08.0841 0x08e8  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\windows\system32\drivers\SerCx.sys
10:29:08.0841 0x08e8  SerCx - ok
10:29:08.0857 0x08e8  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\windows\system32\drivers\SerCx2.sys
10:29:08.0872 0x08e8  SerCx2 - ok
10:29:08.0888 0x08e8  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\windows\System32\drivers\serenum.sys
10:29:08.0888 0x08e8  Serenum - ok
10:29:08.0903 0x08e8  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\windows\System32\drivers\serial.sys
10:29:08.0903 0x08e8  Serial - ok
10:29:08.0935 0x08e8  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\windows\System32\drivers\sermouse.sys
10:29:08.0935 0x08e8  sermouse - ok
10:29:08.0966 0x08e8  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\windows\system32\sessenv.dll
10:29:08.0982 0x08e8  SessionEnv - ok
10:29:08.0997 0x08e8  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\windows\System32\drivers\sfloppy.sys
10:29:08.0997 0x08e8  sfloppy - ok
10:29:09.0029 0x08e8  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\windows\System32\ipnathlp.dll
10:29:09.0044 0x08e8  SharedAccess - ok
10:29:09.0091 0x08e8  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:29:09.0107 0x08e8  ShellHWDetection - ok
10:29:09.0122 0x08e8  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
10:29:09.0122 0x08e8  SiSRaid2 - ok
10:29:09.0122 0x08e8  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
10:29:09.0138 0x08e8  SiSRaid4 - ok
10:29:09.0154 0x08e8  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\windows\System32\smphost.dll
10:29:09.0154 0x08e8  smphost - ok
10:29:09.0185 0x08e8  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
10:29:09.0200 0x08e8  SNMPTRAP - ok
10:29:09.0216 0x08e8  [ 33977549C2CED09936E05BEE7659EAFF, EB95C72ED0EAC59A50E6882B2501049191A796542C42414FAF0028907C669B21 ] spaceport       C:\windows\system32\drivers\spaceport.sys
10:29:09.0232 0x08e8  spaceport - ok
10:29:09.0247 0x08e8  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\windows\system32\drivers\SpbCx.sys
10:29:09.0263 0x08e8  SpbCx - ok
10:29:09.0294 0x08e8  [ FE0CB40F36D3FCDD3A1B312EF72C38D5, 42EA50869752164764DFE8CE7E1C247BE8342A0C15F39158DC808E8A692C460F ] Spooler         C:\windows\System32\spoolsv.exe
10:29:09.0310 0x08e8  Spooler - ok
10:29:09.0466 0x08e8  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\windows\system32\sppsvc.exe
10:29:09.0625 0x08e8  sppsvc - ok
10:29:09.0665 0x08e8  [ 2B78788A1485F9B99A578A299DF42C02, A87183A9B13585C9E850437A45237105D39D7F3212ADB079D6AB430B67A59643 ] srv             C:\windows\system32\DRIVERS\srv.sys
10:29:09.0681 0x08e8  srv - ok
10:29:09.0704 0x08e8  [ FD163F487CBA9C98AFFEB546C80F49A2, 18DAAD173C0517F7BBF5D0C914302D98931E3BA6DAA36DC91D8DB0743EC40563 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
10:29:09.0725 0x08e8  srv2 - ok
10:29:09.0735 0x08e8  [ 716059F37BCCB1ABEDE99EBE82E8E362, 05F27B0FABBBC0E324F06D20ABEF51EDA3316C9F7F85C1AD24639CD6DE1BC8AC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
10:29:09.0747 0x08e8  srvnet - ok
10:29:09.0771 0x08e8  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
10:29:09.0786 0x08e8  SSDPSRV - ok
10:29:09.0792 0x08e8  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\windows\system32\sstpsvc.dll
10:29:09.0806 0x08e8  SstpSvc - ok
10:29:09.0832 0x08e8  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\windows\system32\DRIVERS\ssudmdm.sys
10:29:09.0842 0x08e8  ssudmdm - ok
10:29:09.0881 0x08e8  [ 857693A4DA826BCD422C48114AA72B10, E6614B190004B17FDF9ED9FEFC8965B819D4D65CC6480BB5557317A6DDBC4B09 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
10:29:09.0890 0x08e8  STacSV - detected UnsignedFile.Multi.Generic ( 1 )
10:29:12.0370 0x08e8  Detect skipped due to KSN trusted
10:29:12.0370 0x08e8  STacSV - ok
10:29:12.0448 0x08e8  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\windows\system32\drivers\stexstor.sys
10:29:12.0448 0x08e8  stexstor - ok
10:29:12.0480 0x08e8  [ A73F13903345464F04D463B84890A271, F22A088D94418420CA3943D34CB233B82B36A6A66BB36000A44726244D794AFF ] STHDA           C:\windows\system32\DRIVERS\stwrt64.sys
10:29:12.0495 0x08e8  STHDA - ok
10:29:12.0542 0x08e8  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\windows\System32\wiaservc.dll
10:29:12.0558 0x08e8  stisvc - ok
10:29:12.0573 0x08e8  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\windows\system32\drivers\storahci.sys
10:29:12.0589 0x08e8  storahci - ok
10:29:12.0605 0x08e8  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\windows\system32\DRIVERS\vmstorfl.sys
10:29:12.0605 0x08e8  storflt - ok
10:29:12.0620 0x08e8  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\windows\system32\drivers\stornvme.sys
10:29:12.0620 0x08e8  stornvme - ok
10:29:12.0636 0x08e8  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\windows\system32\storsvc.dll
10:29:12.0651 0x08e8  StorSvc - ok
10:29:12.0651 0x08e8  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\windows\system32\drivers\storvsc.sys
10:29:12.0667 0x08e8  storvsc - ok
10:29:12.0683 0x08e8  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\windows\system32\svsvc.dll
10:29:12.0683 0x08e8  svsvc - ok
10:29:12.0698 0x08e8  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\windows\System32\drivers\swenum.sys
10:29:12.0714 0x08e8  swenum - ok
10:29:12.0745 0x08e8  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\windows\System32\swprv.dll
10:29:12.0761 0x08e8  swprv - ok
10:29:12.0808 0x08e8  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\windows\system32\sysmain.dll
10:29:12.0839 0x08e8  SysMain - ok
10:29:12.0870 0x08e8  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
10:29:12.0886 0x08e8  SystemEventsBroker - ok
10:29:12.0902 0x08e8  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\windows\System32\TabSvc.dll
10:29:12.0902 0x08e8  TabletInputService - ok
10:29:12.0917 0x08e8  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\windows\System32\tapisrv.dll
10:29:12.0933 0x08e8  TapiSrv - ok
10:29:13.0011 0x08e8  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
10:29:13.0073 0x08e8  Tcpip - ok
10:29:13.0120 0x08e8  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
10:29:13.0183 0x08e8  TCPIP6 - ok
10:29:13.0214 0x08e8  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
10:29:13.0214 0x08e8  tcpipreg - ok
10:29:13.0245 0x08e8  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\windows\system32\DRIVERS\tdx.sys
10:29:13.0261 0x08e8  tdx - ok
10:29:13.0261 0x08e8  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\windows\System32\drivers\terminpt.sys
10:29:13.0276 0x08e8  terminpt - ok
10:29:13.0323 0x08e8  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\windows\System32\termsrv.dll
10:29:13.0339 0x08e8  TermService - ok
10:29:13.0370 0x08e8  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\windows\system32\themeservice.dll
10:29:13.0386 0x08e8  Themes - ok
10:29:13.0402 0x08e8  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\windows\system32\mmcss.dll
10:29:13.0402 0x08e8  THREADORDER - ok
10:29:13.0417 0x08e8  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\windows\System32\TimeBrokerServer.dll
10:29:13.0433 0x08e8  TimeBroker - ok
10:29:13.0448 0x08e8  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\windows\system32\drivers\tpm.sys
10:29:13.0448 0x08e8  TPM - ok
10:29:13.0464 0x08e8  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\windows\System32\trkwks.dll
10:29:13.0480 0x08e8  TrkWks - ok
10:29:13.0511 0x08e8  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
10:29:13.0526 0x08e8  TrustedInstaller - ok
10:29:13.0542 0x08e8  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
10:29:13.0542 0x08e8  TsUsbFlt - ok
10:29:13.0542 0x08e8  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\windows\System32\drivers\TsUsbGD.sys
10:29:13.0558 0x08e8  TsUsbGD - ok
10:29:13.0558 0x08e8  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
10:29:13.0573 0x08e8  tunnel - ok
10:29:13.0573 0x08e8  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\windows\system32\drivers\uagp35.sys
10:29:13.0589 0x08e8  uagp35 - ok
10:29:13.0589 0x08e8  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\windows\System32\drivers\uaspstor.sys
10:29:13.0605 0x08e8  UASPStor - ok
10:29:13.0636 0x08e8  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\windows\System32\drivers\ucx01000.sys
10:29:13.0651 0x08e8  UCX01000 - ok
10:29:13.0683 0x08e8  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\windows\system32\DRIVERS\udfs.sys
10:29:13.0698 0x08e8  udfs - ok
10:29:13.0714 0x08e8  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\windows\System32\drivers\UEFI.sys
10:29:13.0730 0x08e8  UEFI - ok
10:29:13.0761 0x08e8  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\windows\system32\UI0Detect.exe
10:29:13.0761 0x08e8  UI0Detect - ok
10:29:13.0776 0x08e8  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
10:29:13.0792 0x08e8  uliagpkx - ok
10:29:13.0792 0x08e8  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\windows\System32\drivers\umbus.sys
10:29:13.0808 0x08e8  umbus - ok
10:29:13.0808 0x08e8  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\windows\System32\drivers\umpass.sys
10:29:13.0823 0x08e8  UmPass - ok
10:29:13.0823 0x08e8  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\windows\System32\umrdp.dll
10:29:13.0839 0x08e8  UmRdpService - ok
10:29:13.0855 0x08e8  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\windows\System32\upnphost.dll
10:29:13.0886 0x08e8  upnphost - ok
10:29:13.0886 0x08e8  [ 433ECDE01A52691FA7ACA51C10C09B70, B896296A3F8EF2AF3AC5F0091B9848156608586F1E10A95D70700BAB51E8062A ] usbccgp         C:\windows\System32\drivers\usbccgp.sys
10:29:13.0901 0x08e8  usbccgp - ok
10:29:13.0901 0x08e8  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\windows\System32\drivers\usbcir.sys
10:29:13.0917 0x08e8  usbcir - ok
10:29:13.0933 0x08e8  [ BBFD17B6B954FC9FA02E62D604052069, 47D2B7228EABA7F37F69A1756B69FFFB19F0C2CC2869C5BF674E4FD9257488A2 ] usbehci         C:\windows\System32\drivers\usbehci.sys
10:29:13.0948 0x08e8  usbehci - ok
10:29:13.0964 0x08e8  [ 5A4AC5D05A7C97C68596416C05D6F2B4, 1CDE5172B763D2D65379B9F3ABACC080AF676DB9354EC98A455E620C4CE3E18A ] usbfilter       C:\windows\system32\DRIVERS\usbfilter.sys
10:29:13.0964 0x08e8  usbfilter - ok
10:29:13.0980 0x08e8  [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub          C:\windows\System32\drivers\usbhub.sys
10:29:13.0995 0x08e8  usbhub - ok
10:29:14.0011 0x08e8  [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3         C:\windows\System32\drivers\UsbHub3.sys
10:29:14.0026 0x08e8  USBHUB3 - ok
10:29:14.0058 0x08e8  [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci         C:\windows\System32\drivers\usbohci.sys
10:29:14.0058 0x08e8  usbohci - ok
10:29:14.0089 0x08e8  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\windows\System32\drivers\usbprint.sys
10:29:14.0089 0x08e8  usbprint - ok
10:29:14.0105 0x08e8  [ EA23453240137F6773174E0D93F61A69, 579AD09FB428C2BB8B4055128620A7AADD1B606C1EA44B87A01D69A84232A5D9 ] USBSTOR         C:\windows\System32\drivers\USBSTOR.SYS
10:29:14.0120 0x08e8  USBSTOR - ok
10:29:14.0136 0x08e8  [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci         C:\windows\System32\drivers\usbuhci.sys
10:29:14.0136 0x08e8  usbuhci - ok
10:29:14.0167 0x08e8  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\windows\System32\drivers\USBXHCI.SYS
10:29:14.0183 0x08e8  USBXHCI - ok
10:29:14.0198 0x08e8  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\windows\system32\lsass.exe
10:29:14.0214 0x08e8  VaultSvc - ok
10:29:14.0245 0x08e8  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
10:29:14.0245 0x08e8  vdrvroot - ok
10:29:14.0292 0x08e8  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\windows\System32\vds.exe
10:29:14.0323 0x08e8  vds - ok
10:29:14.0339 0x08e8  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\windows\system32\drivers\VerifierExt.sys
10:29:14.0355 0x08e8  VerifierExt - ok
10:29:14.0433 0x08e8  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\windows\System32\drivers\vhdmp.sys
10:29:14.0448 0x08e8  vhdmp - ok
10:29:14.0464 0x08e8  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\windows\system32\drivers\viaide.sys
10:29:14.0464 0x08e8  viaide - ok
10:29:14.0480 0x08e8  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\windows\system32\drivers\vmbus.sys
10:29:14.0480 0x08e8  vmbus - ok
10:29:14.0480 0x08e8  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\windows\System32\drivers\VMBusHID.sys
10:29:14.0495 0x08e8  VMBusHID - ok
10:29:14.0526 0x08e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\windows\System32\ICSvc.dll
10:29:14.0542 0x08e8  vmicguestinterface - ok
10:29:14.0558 0x08e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\windows\System32\ICSvc.dll
10:29:14.0573 0x08e8  vmicheartbeat - ok
10:29:14.0589 0x08e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\windows\System32\ICSvc.dll
10:29:14.0605 0x08e8  vmickvpexchange - ok
10:29:14.0620 0x08e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\windows\System32\ICSvc.dll
10:29:14.0636 0x08e8  vmicrdv - ok
10:29:14.0652 0x08e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\windows\System32\ICSvc.dll
10:29:14.0667 0x08e8  vmicshutdown - ok
10:29:14.0683 0x08e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\windows\System32\ICSvc.dll
10:29:14.0698 0x08e8  vmictimesync - ok
10:29:14.0714 0x08e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\windows\System32\ICSvc.dll
10:29:14.0730 0x08e8  vmicvss - ok
10:29:14.0745 0x08e8  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\windows\system32\drivers\volmgr.sys
10:29:14.0745 0x08e8  volmgr - ok
10:29:14.0761 0x08e8  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
10:29:14.0776 0x08e8  volmgrx - ok
10:29:14.0792 0x08e8  [ 4BB9BC49DEE1A319EC58274A7BBED663, 624491089623A5B68C01A6A000E60D450E8E467619ACEBB90C6FDED0CF670F95 ] volsnap         C:\windows\system32\drivers\volsnap.sys
10:29:14.0823 0x08e8  volsnap - ok
10:29:14.0839 0x08e8  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\windows\System32\drivers\vpci.sys
10:29:14.0855 0x08e8  vpci - ok
10:29:14.0886 0x08e8  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
10:29:14.0901 0x08e8  vsmraid - ok
10:29:14.0948 0x08e8  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\windows\system32\vssvc.exe
10:29:14.0995 0x08e8  VSS - ok
10:29:14.0995 0x08e8  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\windows\system32\drivers\vstxraid.sys
10:29:15.0011 0x08e8  VSTXRAID - ok
10:29:15.0026 0x08e8  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
10:29:15.0042 0x08e8  vwifibus - ok
10:29:15.0073 0x08e8  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\windows\system32\w32time.dll
10:29:15.0089 0x08e8  W32Time - ok
10:29:15.0136 0x08e8  [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc        C:\windows\system32\inetsrv\w3logsvc.dll
10:29:15.0136 0x08e8  w3logsvc - ok
10:29:15.0152 0x08e8  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\windows\System32\drivers\wacompen.sys
10:29:15.0167 0x08e8  WacomPen - ok
10:29:15.0183 0x08e8  [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS             C:\windows\system32\inetsrv\iisw3adm.dll
10:29:15.0198 0x08e8  WAS - ok
10:29:15.0245 0x08e8  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\windows\system32\wbengine.exe
10:29:15.0292 0x08e8  wbengine - ok
10:29:15.0308 0x08e8  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
10:29:15.0323 0x08e8  WbioSrvc - ok
10:29:15.0339 0x08e8  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\windows\System32\wcmsvc.dll
10:29:15.0339 0x08e8  Wcmsvc - ok
10:29:15.0355 0x08e8  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\windows\System32\wcncsvc.dll
10:29:15.0370 0x08e8  wcncsvc - ok
10:29:15.0386 0x08e8  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
10:29:15.0386 0x08e8  WcsPlugInService - ok
10:29:15.0417 0x08e8  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\windows\system32\drivers\WdBoot.sys
10:29:15.0433 0x08e8  WdBoot - ok
10:29:15.0464 0x08e8  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
10:29:15.0480 0x08e8  Wdf01000 - ok
10:29:15.0495 0x08e8  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\windows\system32\drivers\WdFilter.sys
10:29:15.0511 0x08e8  WdFilter - ok
10:29:15.0526 0x08e8  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\windows\system32\wdi.dll
10:29:15.0542 0x08e8  WdiServiceHost - ok
10:29:15.0558 0x08e8  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\windows\system32\wdi.dll
10:29:15.0558 0x08e8  WdiSystemHost - ok
10:29:15.0589 0x08e8  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\windows\system32\Drivers\WdNisDrv.sys
10:29:15.0589 0x08e8  WdNisDrv - ok
10:29:15.0620 0x08e8  WdNisSvc - ok
10:29:15.0652 0x08e8  [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient       C:\windows\System32\webclnt.dll
10:29:15.0667 0x08e8  WebClient - ok
10:29:15.0683 0x08e8  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\windows\system32\wecsvc.dll
10:29:15.0698 0x08e8  Wecsvc - ok
10:29:15.0714 0x08e8  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\windows\system32\wephostsvc.dll
10:29:15.0714 0x08e8  WEPHOSTSVC - ok
10:29:15.0730 0x08e8  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\windows\System32\wercplsupport.dll
10:29:15.0745 0x08e8  wercplsupport - ok
10:29:15.0761 0x08e8  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\windows\System32\WerSvc.dll
10:29:15.0761 0x08e8  WerSvc - ok
10:29:15.0776 0x08e8  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\windows\system32\DRIVERS\wfplwfs.sys
10:29:15.0792 0x08e8  WFPLWFS - ok
10:29:15.0808 0x08e8  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\windows\System32\wiarpc.dll
10:29:15.0823 0x08e8  WiaRpc - ok
10:29:15.0839 0x08e8  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
10:29:15.0839 0x08e8  WIMMount - ok
10:29:15.0855 0x08e8  WinDefend - ok
10:29:15.0886 0x08e8  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
10:29:15.0901 0x08e8  WinHttpAutoProxySvc - ok
10:29:15.0948 0x08e8  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
10:29:15.0964 0x08e8  Winmgmt - ok
10:29:16.0026 0x08e8  [ C8D6344BDE2691A196E61C0D3372EAB7, FF8EB79D8A7E298343C22B83276FF68293D08A9DA438BB22600BEFC4CA93A91D ] WinRM           C:\windows\system32\WsmSvc.dll
10:29:16.0089 0x08e8  WinRM - ok
10:29:16.0105 0x08e8  [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb          C:\windows\System32\drivers\WinUsb.sys
10:29:16.0120 0x08e8  WinUsb - ok
10:29:16.0167 0x08e8  [ EF252510DB6C3511E30418BD2AC95A2D, 75B496F5C611129D9D19B382503830FDB0E2E61D4880D2821AE381DF578C5E56 ] WlanSvc         C:\windows\System32\wlansvc.dll
10:29:16.0198 0x08e8  WlanSvc - ok
10:29:16.0261 0x08e8  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\windows\system32\wlidsvc.dll
10:29:16.0292 0x08e8  wlidsvc - ok
10:29:16.0308 0x08e8  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\windows\System32\drivers\wmiacpi.sys
10:29:16.0323 0x08e8  WmiAcpi - ok
10:29:16.0355 0x08e8  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
10:29:16.0355 0x08e8  wmiApSrv - ok
10:29:16.0370 0x08e8  WMPNetworkSvc - ok
10:29:16.0412 0x08e8  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\windows\system32\drivers\Wof.sys
10:29:16.0424 0x08e8  Wof - ok
10:29:16.0472 0x08e8  [ 5071E71CC05346D88C5A08EB8B5A05E3, EA2B14130EDD1846B2E25D310B0D49253CFB43C22D3DC7B3179DF7349CC4AEFB ] workfolderssvc  C:\windows\system32\workfolderssvc.dll
10:29:16.0511 0x08e8  workfolderssvc - ok
10:29:16.0540 0x08e8  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\windows\system32\DRIVERS\wpcfltr.sys
10:29:16.0549 0x08e8  wpcfltr - ok
10:29:16.0563 0x08e8  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
10:29:16.0572 0x08e8  WPCSvc - ok
10:29:16.0592 0x08e8  [ D27491CFCE452C154CECFA155AD0EBC8, 1F3F74C253E3B07DE7EFE27C34DD9AF08617C7B03BB44C2902F69BA9DA3F21F2 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
10:29:16.0603 0x08e8  WPDBusEnum - ok
10:29:16.0623 0x08e8  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\windows\system32\drivers\WpdUpFltr.sys
10:29:16.0631 0x08e8  WpdUpFltr - ok
10:29:16.0643 0x08e8  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
10:29:16.0653 0x08e8  ws2ifsl - ok
10:29:16.0667 0x08e8  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\windows\System32\wscsvc.dll
10:29:16.0678 0x08e8  wscsvc - ok
10:29:16.0683 0x08e8  WSearch - ok
10:29:16.0766 0x08e8  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\windows\System32\WSService.dll
10:29:16.0854 0x08e8  WSService - ok
10:29:16.0958 0x08e8  [ 688DAAE720E39DA86822785195646663, DB6E0F89496BB74EDF8378E6AE06364B19249701F6ACD176A0DCA1951E81A63D ] wuauserv        C:\windows\system32\wuaueng.dll
10:29:17.0039 0x08e8  wuauserv - ok
10:29:17.0064 0x08e8  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
10:29:17.0074 0x08e8  WudfPf - ok
10:29:17.0087 0x08e8  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\windows\System32\drivers\WUDFRd.sys
10:29:17.0099 0x08e8  WUDFRd - ok
10:29:17.0107 0x08e8  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\windows\system32\DRIVERS\WUDFRd.sys
10:29:17.0119 0x08e8  WUDFSensorLP - ok
10:29:17.0138 0x08e8  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
10:29:17.0149 0x08e8  wudfsvc - ok
10:29:17.0157 0x08e8  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\windows\system32\DRIVERS\WUDFRd.sys
10:29:17.0169 0x08e8  WUDFWpdFs - ok
10:29:17.0177 0x08e8  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp      C:\windows\System32\drivers\WUDFRd.sys
10:29:17.0190 0x08e8  WUDFWpdMtp - ok
10:29:17.0220 0x08e8  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\windows\System32\wwansvc.dll
10:29:17.0241 0x08e8  WwanSvc - ok
10:29:17.0249 0x08e8  ================ Scan global ===============================
10:29:17.0276 0x08e8  [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\windows\system32\basesrv.dll
10:29:17.0307 0x08e8  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\windows\system32\winsrv.dll
10:29:17.0323 0x08e8  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\windows\system32\sxssrv.dll
10:29:17.0354 0x08e8  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\windows\system32\services.exe
10:29:17.0354 0x08e8  [ Global ] - ok
10:29:17.0354 0x08e8  ================ Scan MBR ==================================
10:29:17.0370 0x08e8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
10:29:17.0432 0x08e8  \Device\Harddisk0\DR0 - ok
10:29:17.0432 0x08e8  ================ Scan VBR ==================================
10:29:17.0479 0x08e8  [ 725261DE7021D47DC02BFE7077D3D063 ] \Device\Harddisk0\DR0\Partition1
10:29:17.0557 0x08e8  \Device\Harddisk0\DR0\Partition1 - ok
10:29:17.0573 0x08e8  [ 3861A176BE596273D6243346B520F14C ] \Device\Harddisk0\DR0\Partition2
10:29:17.0635 0x08e8  \Device\Harddisk0\DR0\Partition2 - ok
10:29:17.0651 0x08e8  [ 3C3AE86DABD656D63090D98328DF5661 ] \Device\Harddisk0\DR0\Partition3
10:29:17.0651 0x08e8  \Device\Harddisk0\DR0\Partition3 - ok
10:29:17.0651 0x08e8  [ 36BEE7855BE905CBC35602E6D5B9D268 ] \Device\Harddisk0\DR0\Partition4
10:29:17.0729 0x08e8  \Device\Harddisk0\DR0\Partition4 - ok
10:29:17.0783 0x08e8  [ 9DD77214B293D1FAA3463A4C4B8415F0 ] \Device\Harddisk0\DR0\Partition5
10:29:17.0796 0x08e8  \Device\Harddisk0\DR0\Partition5 - ok
10:29:17.0797 0x08e8  ================ Scan generic autorun ======================
10:29:17.0840 0x08e8  [ 96A1D93D16F959C6F5A63E749A9F2EF7, 9EDD4EEC5C625ECF4A1C82318ED6B74404E63A3D43312B53E4F627D76D47658C ] C:\Program Files\IDT\WDM\beats64.exe
10:29:17.0844 0x08e8  BeatsOSDApp - detected UnsignedFile.Multi.Generic ( 1 )
10:29:20.0217 0x08e8  Detect skipped due to KSN trusted
10:29:20.0217 0x08e8  BeatsOSDApp - ok
10:29:20.0249 0x08e8  [ 1F918DDAE59E246B8F48CE5AA400B3AA, 8896809E855AE08B43E41B25A6BDCA8ED1905BBFC59E7B779070EAA0BBC1B319 ] C:\Program Files\IDT\WDM\sttray64.exe
10:29:20.0296 0x08e8  SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
10:29:22.0697 0x08e8  Detect skipped due to KSN trusted
10:29:22.0697 0x08e8  SysTrayApp - ok
10:29:22.0900 0x08e8  [ DE9938F17D9B173B1CA83E218F03CCC0, BC007746535036743640A17E4AB495114F1370A7522BA6391309266C0B7789A2 ] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
10:29:22.0978 0x08e8  SimplePass - ok
10:29:22.0994 0x08e8  [ 9159063E3EF84A832DB5251447BACE9C, EE1DD20A5176816F484DD6945674750F43EC37B13355815FD20459097028EAA5 ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
10:29:23.0010 0x08e8  OPBHOBroker - ok
10:29:23.0025 0x08e8  [ AC382EA1AA21E592C808E46D95E6533D, B2941B6AAB48C245B47E94C74F0A1149A66428586ED3747C74C45BBFDA03741E ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
10:29:23.0041 0x08e8  OPBHOBrokerDesktop - ok
10:29:23.0088 0x08e8  [ D5DDC3EC0BF960389E9A964D7CC8CC30, 02C06CF596B33B1883C371EA9B61B1EC41319EFF853A54864329129699534769 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
10:29:23.0103 0x08e8  StartCCC - ok
10:29:23.0150 0x08e8  [ BDAE453D2EBCCDE40FC17F3094A43E29, B4642A62F78B3034D51ED8A60BD1353D269A62FCF14AF4FFA87DC7E02A6CC7A0 ] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
10:29:23.0166 0x08e8  AppEx Accelerator UI - ok
10:29:23.0353 0x08e8  [ CE1DEC053DA24927E89D9AA196D31281, 39DD431CFCD10AA4E176062E33A0262FEE5806E192B37037C97439B1CEF232C8 ] C:\Program Files\CCleaner\CCleaner64.exe
10:29:23.0525 0x08e8  CCleaner Monitoring - ok
10:29:23.0525 0x08e8  Waiting for KSN requests completion. In queue: 6
10:29:24.0555 0x08e8  Waiting for KSN requests completion. In queue: 6
10:29:25.0566 0x08e8  Waiting for KSN requests completion. In queue: 6
10:29:26.0593 0x08e8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x61100 ( enabled : updated )
10:29:26.0609 0x08e8  Win FW state via NFP2: enabled ( trusted )
10:29:29.0016 0x08e8  ============================================================
10:29:29.0016 0x08e8  Scan finished
10:29:29.0016 0x08e8  ============================================================
10:29:29.0016 0x0420  Detected object count: 0
10:29:29.0016 0x0420  Actual detected object count: 0
         
Mit freundlichem Gruß
Marcus

Alt 08.07.2016, 20:27   #5
M-K-D-B
/// TB-Ausbilder
 
Malware Befall - Standard

Malware Befall



Servus,


du hast zweimal die FRST.txt gepostet. Bitte poste noch die Addition.txt.


Alt 08.07.2016, 21:05   #6
Silfchen
 
Malware Befall - Standard

Malware Befall



Guten abend, entschuldige da ist mir wohl ein Fehler unterlaufen.

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by user (2016-07-08 10:24:37)
Running from C:\Users\user\Desktop
Windows 8.1 (Update) (X64) (2015-12-29 00:40:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-265705268-327926828-2355950754-500 - Administrator - Disabled)
Guest (S-1-5-21-265705268-327926828-2355950754-501 - Limited - Disabled)
user (S-1-5-21-265705268-327926828-2355950754-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.2.5426 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3004 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{4B4EDB7B-4F54-4B86-8A4A-E1C5803CA374}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {110A8BA2-27CF-44B7-82D3-9DF53ADDFF62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
Task: {22400094-3C6B-430C-A115-2A9A73F87A25} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {3FCABFBC-D42D-463B-A89D-F17D11667E32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {7E54405C-D6EE-4A0E-A5FB-AAC907D869A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A4F75DA9-B58D-4491-BE24-994C065ED5F3} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {CDBE0655-A914-4AA8-8B6B-4C2CB2DB56BE} - System32\Tasks\{D46163CE-C917-4D98-87A4-32A610FC17E8} => pcalua.exe -a C:\Users\user\Downloads\InstallWoW.exe -d C:\Users\user\Downloads
Task: {D8C46A4F-2B41-45DA-817B-E53A3ED85C01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-20] (Google Inc.)
Task: {F5382434-9BEB-4976-BF14-5E78048A2811} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Public\Desktop\TripAdvisor.lnk -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=none&locale=all&pf=cndt&s=TripAdvisor_dt&tp=dticon (No File)

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-11-28 20:58 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-06-18 01:05 - 2016-06-15 10:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 01:05 - 2016-06-15 10:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-265705268-327926828-2355950754-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-265705268-327926828-2355950754-1001\...\StartupApproved\Run: => "AppEx Accelerator UI"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{01C2178B-767E-4329-843F-07DEE5FA0C2C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D71EAC52-44BE-43A5-8260-B5BA144F585A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{CB42BE65-064B-4DAB-82ED-9E8D48E39404}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{5C8855A3-C1F9-4CB7-B4D6-4510B49B50CD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{3C334840-1FE1-4F08-9477-BA6AB694AF2B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BE5D59D8-5712-48D6-9023-5C87FD2A86E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA86B1B0-7E64-4C98-985B-8B6375401272}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{736F5BE3-5333-4CF7-96D0-4DF82EA67029}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{48246045-6638-4A3A-AA6C-D8FD1C9A07B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-04-2016 23:36:27 Scheduled Checkpoint
07-05-2016 14:48:47 Scheduled Checkpoint
15-05-2016 01:57:57 Scheduled Checkpoint
09-06-2016 16:39:59 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2016 03:12:04 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz   konnten wegen des folgenden Fehlers nicht abgerufen werden: The operation completed successfully.   0x0.

Error: (07/08/2016 03:12:04 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Context:  Application, SystemIndex Catalogue

Error: (07/08/2016 03:12:04 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (07/08/2016 03:11:07 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz   konnten wegen des folgenden Fehlers nicht abgerufen werden: The operation completed successfully.   0x0.

Error: (07/08/2016 03:11:07 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Context:  Application, SystemIndex Catalogue

Error: (07/08/2016 03:11:07 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (07/08/2016 03:07:42 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-265705268-327926828-2355950754-1001}/">.

Error: (07/08/2016 03:05:15 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz   konnten wegen des folgenden Fehlers nicht abgerufen werden: The operation completed successfully.   0x0.

Error: (07/08/2016 03:05:15 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Context:  Application, SystemIndex Catalogue

Error: (07/08/2016 03:05:15 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.


System errors:
=============
Error: (07/08/2016 03:11:58 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "USARUS" auf Transport "NetBT_Tcpip_{C9C9EA59-0D5C-446D-B32B-4B43A299F5FE}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GamesAppIntegrationService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.

Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo64 Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Bonjour Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Print Spooler" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.

Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/08/2016 03:11:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst " HP SimplePass Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2016-07-08 10:23:33.250
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-08 10:23:33.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-08 10:23:32.579
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-08 10:23:32.407
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-08 10:16:51.230
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-08 10:16:51.043
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-08 10:16:50.276
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-08 10:16:50.088
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-05 00:44:38.783
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-05 00:44:38.495
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD A10-6700 APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 16%
Total physical RAM: 7604.86 MB
Available physical RAM: 6349.97 MB
Total Virtual: 8820.86 MB
Available Virtual: 7498.08 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.5 GB) (Free:857.12 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:15.54 GB) (Free:1.97 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 546B79C5)

Partition: GPT.

==================== End of Addition.txt ============================
         

Alt 08.07.2016, 21:12   #7
M-K-D-B
/// TB-Ausbilder
 
Malware Befall - Standard

Malware Befall



Ich habe mit dem Entwickler von AdwCleaner gesprochen.

Es handelt sich bei dem von dir genannten Fund um einen Fehlalarm.

Dieser wird in Kürze behoben.


Gibt es sonst noch Probleme?

Alt 08.07.2016, 21:27   #8
Silfchen
 
Malware Befall - Standard

Malware Befall



Dann bin ich ja erstmal beruhigt, nein sonst ist alles ok, danke für die schnelle Hilfe !

Alt 08.07.2016, 21:29   #9
M-K-D-B
/// TB-Ausbilder
 
Malware Befall - Standard

Malware Befall



Zitat:
Zitat von Silfchen Beitrag anzeigen
Dann bin ich ja erstmal beruhigt, nein sonst ist alles ok, danke für die schnelle Hilfe !
Mittlerweile sollte das Problem schon behoben sein.





Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Cleanup:
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.





Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.




Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 

Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.




Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.




Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .




Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.




Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 11.07.2016, 18:34   #10
M-K-D-B
/// TB-Ausbilder
 
Malware Befall - Standard

Malware Befall



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Antwort

Themen zu Malware Befall
abend, adwcleaner, appdata, befall, chrome, default, google, google chrome, guten, kleines, local, malware, meinem, problem, ratlos, system, wenig




Ähnliche Themen: Malware Befall


  1. Wann war eure erster Malware befall, bzw. welche Malware war es, und was ging karputt ?
    Diskussionsforum - 20.05.2016 (8)
  2. Malware Befall?
    Log-Analyse und Auswertung - 24.09.2015 (18)
  3. Malware Befall, Öffnung von Tabs mit Werbung
    Log-Analyse und Auswertung - 28.02.2015 (11)
  4. möglicher malware - Befall meines PC
    Plagegeister aller Art und deren Bekämpfung - 20.01.2015 (9)
  5. W7 Malware Befall – Rester löschen
    Log-Analyse und Auswertung - 11.09.2013 (14)
  6. vermuteter Malware Befall
    Log-Analyse und Auswertung - 09.06.2013 (13)
  7. Rootkit/ Malware Befall
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (7)
  8. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  9. Befall mit Malware. Was tuen?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2010 (1)
  10. Malware Befall 'TR/Witkinat.A.30', 'TR/Spy.Insain.HP' usw.
    Log-Analyse und Auswertung - 16.03.2010 (2)
  11. Malware Defense Befall
    Plagegeister aller Art und deren Bekämpfung - 23.01.2010 (10)
  12. malware defense befall
    Plagegeister aller Art und deren Bekämpfung - 21.01.2010 (9)
  13. Was passiert bei einem Malware-befall? Datenklau
    Diskussionsforum - 11.01.2010 (1)
  14. Frühzeitige Symptome auf Trojaner/Malware-befall
    Plagegeister aller Art und deren Bekämpfung - 07.11.2009 (20)
  15. Malware-Befall. TR/RKIT/BDS
    Plagegeister aller Art und deren Bekämpfung - 05.12.2008 (4)
  16. backdoor und malware befall
    Plagegeister aller Art und deren Bekämpfung - 04.12.2008 (65)
  17. Trojaner und Malware-Befall
    Log-Analyse und Auswertung - 01.11.2008 (16)

Zum Thema Malware Befall - Guten Abend, Ich hab ein kleines Problem mein adwcleaner findet in Meinem system ***** [ Folders ] ***** Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ***** [ Files ] ***** File Found - Malware Befall...
Archiv
Du betrachtest: Malware Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.