Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Angeblich nymaim Trojaner eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.02.2015, 23:41   #1
DaWallace
 
Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



Hallo zusammen.

Also ich hatte vor zwei Tagen einen Betrugsversuch beim Online-Banking. Mein Online-Banking wurde jetzt erst mal gesperrt und die Bank ist dem Betrug nachgegangen und schrieb mir, dass ich wohl einen nymaim Trojaner auf meinem PC habe.

Ich habe derzeit kein Viren Programm laufen. Den PC habe ich mal mit Spybot checken lassen, der auch was gefunden und gelöscht hat, aber ich denke das war nicht der Trojaner.

Beim Neustart des Systems bekomme ich Fehlermeldungen von irgendwelchen Harddrives die er nicht finden kann, wie z.B. DRM1 bis DRM5 oder so ähnlich.

Und ein Fenster öffnet sich mit: SQL Server-Clientkonfigurationsprogramm

Doch bevor ich jetzt noch mehr Schaden anrichte, als wohl eh schon besteht, dachte ich, ich frag mal freundlich hier nach Hilfe und Rat.

Gruß Marcel

Edit: Oh. ich war wohl etwas zu schnell mit posten. Ich gehe grade eure Checkliste durch und werde den Post hier aktuallisieren. Sry!

Ich wollte den Beitrag oben bearbeiten, aber scheinbar geht das gar nicht?

Ok hier die Log-Files:

FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-02-2015
Ran by Wallace (administrator) on DRAGON64 on 21-02-2015 22:48:02
Running from C:\Users\Wallace\Desktop
Loaded Profiles: Wallace (Available profiles: Wallace)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(ASUSTeK Computer Inc.) C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\attrib.exe
(Dropbox, Inc.) C:\Users\Wallace\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Ideazon, Inc.) C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systeminfo.exe
(Microsoft Corporation) C:\Windows\SysWOW64\sort.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\at.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\steamerrorreporter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [uninterruptible_power] => C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\HTMLHarness\hb_led\hb_led\biomimetic.exe [380928 2014-10-26] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [887936 2009-12-28] ()
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Zboard] => C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe [182784 2011-02-22] (Ideazon, Inc.)
HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Wallace\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-28] (Electronic Arts)
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [openinglimited] => C:\Users\Wallace\AppData\Roaming\Opening-speed\opening_pause.exe [125440 2015-02-16] ()
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [pace-egg] => C:\Users\Wallace\AppData\Roaming\Pace-worried\paceoccasion.exe [79360 2015-02-16] ()
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [jlaszwpn] => C:\Users\Wallace\AppData\Local\Temp\Kwqee\bhprplozwpn.exe [175616 2015-02-21] () <===== ATTENTION
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [matter-visit] => C:\Users\Wallace\AppData\Roaming\Matter-suffer\matter_slide.exe [206336 2015-02-21] ()
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [string-weekend] => C:\Users\Wallace\AppData\Local\Temp\Stringfirm\stringstuff.exe [77824 2015-02-14] () <===== ATTENTION
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [proof-reflect] => C:\Users\Wallace\AppData\Local\Temp\Proof-shock\proof-switch.exe [156160 2015-02-14] () <===== ATTENTION
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [uninterruptible_power] => C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\HTMLHarness\hb_led\hb_led\femto_base_station.exe [380928 2012-07-12] ()
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [hat-date] => C:\Users\Wallace\AppData\Roaming\Hatinvite\hat_retire.exe [77312 2015-02-15] ()
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [contest-compare] => C:\Users\Wallace\AppData\Roaming\Contest_team\contest_interview.exe [71680 2015-02-21] ()
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\RunOnce: [proof-reflect] => C:\Users\Wallace\AppData\Local\Temp\Proof-shock\proof-switch.exe [156160 2015-02-14] () <===== ATTENTION
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\RunOnce: [contest-compare] => C:\Users\Wallace\AppData\Roaming\Contest_team\contest_interview.exe [71680 2015-02-21] ()
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\RunOnce: [openinglimited] => C:\Users\Wallace\AppData\Roaming\Opening-speed\opening_pause.exe [125440 2015-02-16] ()
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\RunOnce: [matter-visit] => C:\Users\Wallace\AppData\Roaming\Matter-suffer\matter_slide.exe [206336 2015-02-21] ()
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\MountPoints2: J - J:\pushinst.exe
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\MountPoints2: {30bf2fec-3347-11e4-bcb7-806e6f6e6963} - J:\pushinst.exe
Startup: C:\Users\Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
SearchScopes: HKU\S-1-5-21-3810334735-2351705608-1866539249-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "182.239.95.137"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "182.239.95.137"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "182.239.95.137"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "182.239.95.137"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3810334735-2351705608-1866539249-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Wallace\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\user.js
FF SearchPlugin: C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\searchplugins\trovi-search.xml
FF Extension: Stealthy - C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\Extensions\stealthyextension@gmail.com.xpi [2013-12-15]
FF Extension: Adblock Plus - C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-15]

Chrome: 
=======
CHR Profile: C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-02]
CHR Extension: (Docs) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Search) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Google Sheets) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]
CHR Extension: (Gmail) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AsSysCtrlService; C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S2 brayton_cycle; C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\international_electro\a_weighting.exe [203776 2015-01-08] (Company 'gora-sah') [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 leaded_chip_carrier; C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\international_electro\current_sensor.exe [214016 2012-09-27] (Company 'gora-sah') [File not signed]
S2 long_term_evolution; C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\international_electro\vacuum.exe [204288 2013-06-15] (Company 'gora-sah') [File not signed]
S2 optical_network_terminator; C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\international_electro\linear.exe [214016 2014-07-19] (Company 'gora-sah') [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-28] (Electronic Arts)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-02] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
S2 preemphasis; C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\international_electro\toughness.exe [217600 2015-01-22] (Company 'gora-sah') [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 statistical_quality; C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\international_electro\pressure_pot_test.exe [212480 2014-01-08] (Company 'gora-sah') [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 thermal_shutdown; C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\international_electro\infrared_data_association.exe [217600 2012-04-06] (Company 'gora-sah') [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2014-06-21] (Advanced Micro Devices) [File not signed]
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-12-28] (Duplex Secure Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 22:48 - 2015-02-21 22:48 - 00026575 _____ () C:\Users\Wallace\Desktop\FRST.txt
2015-02-21 22:40 - 2015-02-21 22:40 - 00275848 _____ () C:\Windows\Minidump\022115-22308-01.dmp
2015-02-21 22:31 - 2015-02-21 22:31 - 00380416 _____ () C:\Users\Wallace\Desktop\Gmer-19357.exe
2015-02-21 22:25 - 2015-02-21 22:25 - 00048966 _____ () C:\Users\Wallace\Downloads\Addition.txt
2015-02-21 22:24 - 2015-02-21 22:48 - 00000000 ____D () C:\FRST
2015-02-21 22:24 - 2015-02-21 22:25 - 00051743 _____ () C:\Users\Wallace\Downloads\FRST.txt
2015-02-21 22:24 - 2015-02-21 22:24 - 02086912 _____ (Farbar) C:\Users\Wallace\Desktop\FRST64.exe
2015-02-21 22:07 - 2015-02-21 22:07 - 00000656 _____ () C:\Users\Wallace\Downloads\defogger_disable.log
2015-02-21 22:07 - 2015-02-21 22:07 - 00000188 _____ () C:\Users\Wallace\defogger_reenable
2015-02-21 22:06 - 2015-02-21 22:06 - 00050477 _____ () C:\Users\Wallace\Desktop\Defogger.exe
2015-02-21 21:40 - 2015-02-21 21:40 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Contest_team
2015-02-21 00:38 - 2015-02-21 00:38 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Matter-suffer
2015-02-20 11:14 - 2015-02-20 11:14 - 76322741 _____ () C:\Users\Wallace\Downloads\joux_plane141.zip
2015-02-20 10:19 - 2015-02-20 10:19 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-20 10:18 - 2015-02-20 10:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-20 10:18 - 2015-02-20 10:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-20 10:18 - 2015-02-20 10:18 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-20 10:18 - 2015-02-20 10:18 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-20 10:18 - 2015-02-20 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-20 10:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-20 10:17 - 2015-02-20 10:17 - 01203488 _____ () C:\Users\Wallace\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-02-20 10:16 - 2015-02-20 10:16 - 00000000 ____D () C:\Users\Wallace\AppData\Local\Steam
2015-02-18 07:54 - 2015-02-20 11:53 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Gpwzdqjjza
2015-02-16 20:01 - 2015-02-16 20:03 - 00000000 ____D () C:\Users\Wallace\Downloads\Fury.Herz.aus.Stahl
2015-02-16 18:48 - 2015-02-18 07:54 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Knkwzygm
2015-02-16 18:20 - 2015-02-16 18:20 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Pace-worried
2015-02-16 00:30 - 2015-02-16 00:30 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Opening-speed
2015-02-16 00:06 - 2015-02-16 00:06 - 13013970 _____ () C:\Users\Wallace\Downloads\blue_falcon v0.3.rar
2015-02-15 23:17 - 2015-02-15 23:20 - 107431599 _____ () C:\Users\Wallace\Downloads\fmodstudio10512win-installer.exe
2015-02-15 22:54 - 2015-02-15 22:55 - 26519355 _____ () C:\Users\Wallace\Downloads\speed8fixed.7z
2015-02-15 22:27 - 2015-02-15 22:31 - 167158099 _____ () C:\Users\Wallace\Downloads\SeatLeonEuroCup2014_AC_v12.zip
2015-02-15 22:25 - 2015-02-15 22:25 - 45068098 _____ () C:\Users\Wallace\Downloads\ac soundplaceholder.rar
2015-02-15 22:00 - 2015-02-15 22:00 - 75531201 _____ () C:\Users\Wallace\Downloads\broadspeedjaguar_v031.zip
2015-02-15 21:58 - 2015-02-15 22:00 - 19280556 _____ () C:\Users\Wallace\Downloads\AlfaRomeoTZ2_beta0.9.rar
2015-02-15 21:54 - 2015-02-15 21:54 - 24511863 _____ () C:\Users\Wallace\Downloads\speed8.rar
2015-02-15 21:51 - 2015-02-15 21:51 - 36840474 _____ () C:\Users\Wallace\Downloads\renault5_turbo V0.1.rar
2015-02-15 13:06 - 2015-02-15 13:06 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Hatinvite
2015-02-14 17:23 - 2015-02-16 18:48 - 00000000 ___HD () C:\Users\Wallace\AppData\Local\Hvxphis
2015-02-14 15:42 - 2015-02-14 15:44 - 126696140 _____ () C:\Users\Wallace\Downloads\BIMOMUAUDEUN4_MP.rar
2015-02-14 15:35 - 2015-02-14 15:37 - 156267359 _____ () C:\Users\Wallace\Downloads\BIMOMUAUDEUN4BOCD_MP.rar
2015-02-13 20:09 - 2015-02-13 20:12 - 00000000 ____D () C:\Users\Wallace\Downloads\i.roo.201drei.GE.BDR-W
2015-02-13 19:55 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 19:55 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 19:55 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 19:55 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 15:45 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 15:45 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 15:45 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 15:45 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 15:45 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 15:45 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 15:45 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 15:45 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 15:45 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 15:45 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 15:45 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 15:45 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 15:45 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 15:45 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 15:45 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 15:45 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 15:45 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 15:45 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 15:45 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 15:45 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 15:45 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 15:45 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 15:45 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 15:45 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 15:45 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 15:45 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 15:45 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 15:45 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 15:45 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 15:45 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 15:45 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 15:45 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 15:45 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 15:45 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 15:45 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 15:45 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 15:45 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 15:45 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 15:45 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 15:45 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 15:45 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 15:45 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 15:45 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 15:45 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 15:45 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 15:45 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 15:45 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 15:45 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 15:45 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 15:45 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 15:45 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 15:45 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 19:57 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 19:57 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 19:57 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 19:56 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:56 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:56 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:56 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 19:56 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 19:56 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 19:56 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 19:56 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 19:56 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:56 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 19:56 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:56 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 19:56 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 19:56 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 19:56 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:56 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 19:56 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:56 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:56 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:56 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:56 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 19:56 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 19:56 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:56 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 19:56 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 19:56 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 19:56 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 19:56 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 19:55 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:55 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 19:55 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 19:55 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 19:55 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 19:55 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 19:55 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 19:55 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:55 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 19:54 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 18:49 - 2015-02-11 19:42 - 00000000 ____D () C:\Users\Wallace\Downloads\Metro_Last_Light_Redux-FLT
2015-02-11 18:13 - 2015-02-21 22:10 - 00000000 ____D () C:\ProgramData\rnx
2015-02-11 16:07 - 2015-02-15 20:38 - 00055396 _____ (BitTorrent Inc.) C:\Users\Wallace\AppData\Roaming\QmVucXSdon.exe
2015-02-11 15:59 - 2015-02-11 16:10 - 00001003 _____ () C:\Users\Wallace\Desktop\Neues Textdokument.txt
2015-02-04 18:06 - 2015-02-04 18:08 - 00000000 ____D () C:\Users\Wallace\Documents\BFH Beta 2
2015-01-28 16:57 - 2015-01-28 16:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 22:48 - 2013-12-15 13:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-21 22:47 - 2013-12-15 13:15 - 00000000 ____D () C:\ProgramData\Origin
2015-02-21 22:47 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-21 22:47 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-21 22:45 - 2013-12-15 02:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-21 22:43 - 2014-07-06 13:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 22:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 22:42 - 2009-07-14 05:51 - 00083322 _____ () C:\Windows\setupact.log
2015-02-21 22:40 - 2013-12-15 11:36 - 680203791 _____ () C:\Windows\MEMORY.DMP
2015-02-21 22:40 - 2013-12-15 11:36 - 00000000 ____D () C:\Windows\Minidump
2015-02-21 22:33 - 2013-12-15 03:32 - 01765433 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 22:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-21 22:31 - 2014-07-06 13:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 22:22 - 2014-01-07 21:15 - 00000000 ___RD () C:\Users\Wallace\Dropbox
2015-02-21 22:21 - 2014-01-07 21:14 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Dropbox
2015-02-21 22:13 - 2014-09-04 20:00 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Raptr
2015-02-21 22:10 - 2013-12-15 13:15 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-21 22:10 - 2013-12-15 12:23 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\newnext.me
2015-02-21 22:09 - 2013-12-27 15:36 - 00000000 ____D () C:\Users\Wallace\AppData\Local\TSVNCache
2015-02-21 22:07 - 2013-12-15 03:32 - 00000000 ____D () C:\Users\Wallace
2015-02-16 20:03 - 2014-01-22 17:56 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\vlc
2015-02-16 19:50 - 2011-04-12 08:43 - 00710404 _____ () C:\Windows\system32\perfh007.dat
2015-02-16 19:50 - 2011-04-12 08:43 - 00154734 _____ () C:\Windows\system32\perfc007.dat
2015-02-16 19:50 - 2009-07-14 06:13 - 01651334 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 12:59 - 2013-12-15 13:17 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-15 12:59 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-15 12:54 - 2010-11-21 04:47 - 00256542 _____ () C:\Windows\PFRO.log
2015-02-14 19:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-14 17:18 - 2014-02-07 13:21 - 00003922 _____ () C:\Windows\System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm
2015-02-12 15:43 - 2014-01-07 21:14 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 15:36 - 2009-07-14 05:45 - 04970104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 15:33 - 2014-12-11 15:46 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 15:33 - 2014-09-03 19:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 20:04 - 2013-12-15 01:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:00 - 2013-12-15 01:27 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 19:26 - 2014-07-06 13:09 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 19:26 - 2014-07-06 13:09 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 13:00 - 2013-12-15 11:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-07 10:45 - 2013-12-15 02:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 10:45 - 2013-12-15 02:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-07 10:45 - 2013-12-15 02:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 19:44 - 2013-12-15 21:30 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-04 18:08 - 2013-12-27 02:10 - 00000000 ____D () C:\Users\Wallace\AppData\Local\PunkBuster
2015-02-04 18:08 - 2013-12-15 21:30 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-04 17:42 - 2013-12-15 21:30 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-04 17:41 - 2013-12-15 11:10 - 00588174 _____ () C:\Windows\DirectX.log
2015-02-01 11:02 - 2014-09-04 20:00 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-29 15:03 - 2013-12-15 01:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-02-12 20:22 - 2014-02-12 20:22 - 0002499 _____ () C:\Program Files (x86)\unins000.dat
2014-02-12 20:22 - 2014-02-12 20:22 - 0682266 _____ () C:\Program Files (x86)\unins000.exe
2015-02-11 04:36 - 2015-02-11 04:36 - 0039936 _____ () C:\Users\Wallace\AppData\Roaming\12 Bracelets Passed To Spanish Hands.mp3
2014-01-07 18:17 - 2014-01-07 18:17 - 0000132 _____ () C:\Users\Wallace\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-12-28 10:50 - 2014-11-12 09:56 - 0000132 _____ () C:\Users\Wallace\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2015-02-11 16:07 - 2015-02-15 20:38 - 0055396 _____ (BitTorrent Inc.) C:\Users\Wallace\AppData\Roaming\QmVucXSdon.exe
2014-07-11 14:46 - 2014-07-11 14:46 - 0000091 _____ () C:\Users\Wallace\AppData\Roaming\sversion.ini
2014-01-10 20:35 - 2014-04-11 02:10 - 0001456 _____ () C:\Users\Wallace\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-12-29 12:55 - 2013-12-29 12:55 - 0000095 _____ () C:\Users\Wallace\AppData\Local\fusioncache.dat

Files to move or delete:
====================
C:\Users\Wallace\AppData\Local\Temp\Kwqee\bhprplozwpn.exe
C:\Users\Wallace\AppData\Local\Temp\Stringfirm\stringstuff.exe
C:\Users\Wallace\AppData\Local\Temp\Proof-shock\proof-switch.exe


Some content of TEMP:
====================
C:\Users\Wallace\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe4wgt6.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 20:46

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2015
Ran by Wallace at 2015-02-21 22:48:56
Running from C:\Users\Wallace\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AGEIA GAME System Software (HKLM-x32\...\{DEDF2885-0086-4534-9912-F9B97377ED07}) (Version: 2.7.3 - AGEIA Technologies)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 2.00.02 - )
Ancient Weapon Sounds (HKLM-x32\...\{E00A5837-482C-4DCE-B4CC-D16B343374E1}) (Version: 2.1.1 - Screaming Bee)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
Battlefield 2142 Deluxe Edition (HKLM-x32\...\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}) (Version: 1.5.1.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
BF2Hub Client (HKLM-x32\...\bf2hub) (Version:  - BF2Hub Systems)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{63218538-4A69-497F-8455-904261B0E9E4}) (Version: 13.0 - Corel Corporation)
Creatures of Darkness (HKLM-x32\...\{573F9269-A022-4C6F-97BD-CF1316A76369}) (Version: 3.3.1 - Screaming Bee)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DCS World (HKLM\...\DCS World_is1) (Version: 1.2.7.23803 - )
DCS World (HKLM-x32\...\Steam App 223750) (Version:  - Eagle Dynamics)
DE (x32 Version: 13.0 - Corel Corporation) Hidden
Deckadance 2 (HKLM-x32\...\Deckadance 2) (Version: 2.0 - Image-Line)
Deep Space Voices (HKLM-x32\...\{67CEC218-B250-4B4C-B23F-A597EC8DB153}) (Version: 3.3.1 - Screaming Bee)
Dishonored (HKLM-x32\...\Dishonored_is1) (Version:  - )
Dropbox (HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Drumaxx (HKLM-x32\...\Drumaxx) (Version:  - Image-Line)
DX10 (HKLM-x32\...\DX10) (Version:  - Image-Line)
Edison (HKLM-x32\...\Edison) (Version:  - Image-Line)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.03.03 - )
Fantasy Voice Pack (HKLM-x32\...\{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}) (Version: 1.3.2 - Screaming Bee)
Far Cry 4 Gold Edition MULTi2 1.0 (HKLM-x32\...\Far Cry 4 Gold Edition MULTi2 1.0) (Version:  - )
Far Cry 4 Gold Edition Update 1 MULTi2 1.3.0 (HKLM-x32\...\Far Cry 4 Gold Edition Update 1 MULTi2 1.3.0) (Version:  - )
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Firebird v2.0 (HKLM-x32\...\Tone2 Firebird_is1) (Version:  - Tone2)
First Strike BF2142 Mod Launcher 1.6.6.0 (HKLM-x32\...\First Strike BF2142 Mod Launcher) (Version: 1.6.6.0 - First Strike Development Team)
First Strike Mod (HKLM-x32\...\First Strike Mod) (Version:  - )
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FreeTrack v2.2.0.279 (HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\FreeTrack v2.2.0.279) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GRID (HKLM-x32\...\Steam App 12750) (Version:  - Codemasters Studios)
Groove Machine (HKLM-x32\...\Groove Machine) (Version:  - Image-Line)
GT Legends (HKLM-x32\...\GT Legends_is1) (Version:  - SimBin)
GT Power Expansion (HKLM-x32\...\Steam App 44650) (Version:  - SimBin)
GTR Evolution (HKLM-x32\...\Steam App 8660) (Version:  - SimBin)
Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line bvba)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL DrumSynth Live (HKLM-x32\...\IL DrumSynth Live) (Version:  - Image-Line)
IL Gross Beat (HKLM-x32\...\IL Gross Beat) (Version:  - Image-Line)
IL Harmless (HKLM-x32\...\IL Harmless) (Version:  - Image-Line)
IL Harmor (HKLM-x32\...\IL Harmor) (Version:  - Image-Line)
IL Juice Pack (HKLM-x32\...\IL Juice Pack) (Version:  - Image-Line)
IL MiniHost (HKLM-x32\...\IL MiniHost) (Version:  - Image-Line)
IL Ogun (HKLM-x32\...\IL Ogun) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
IL Slicex (HKLM-x32\...\IL Slicex) (Version:  - Image-Line)
IL Vocodex (HKLM-x32\...\IL Vocodex) (Version:  - Image-Line)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{5D9EB565-39CB-4C8E-BF3B-CB8880A61404}) (Version: 12.1.258 - Intel Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LEGO Meine Welt - Fortgeschrittene (HKLM-x32\...\{E57FEDB3-37BD-11D4-9532-005004039EB0}) (Version:  - )
Lock On: Air Combat Simulation (HKLM-x32\...\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}) (Version: 1.00.000 - )
M-Audio Legacy Keyboard Driver 5.0.0 (x64) (HKLM\...\{2CA9F96F-AFFC-4D41-B781-47EBD2378DB8}) (Version: 5.0.0 - M-Audio)
M-Audio Oxygen Driver 1.2.1 (x64) (HKLM\...\{6F0B8408-835B-4A55-A429-EB899AD68467}) (Version: 1.2.1 - M-Audio)
Maximus (HKLM-x32\...\Maximus) (Version:  - Image-Line)
Medal of Honor™ Warfighter (HKLM-x32\...\{1040143F-FEFB-4B90-8E51-E47D40E14C4E}) (Version: 1.0.0.3 - Electronic Arts)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Morphine (HKLM-x32\...\Morphine) (Version:  - Image-Line bvba)
MorphVOX Pro (HKLM-x32\...\{2D7CF073-6583-464A-84D4-F86DE59DCA42}) (Version: 4.4.8 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\MyFreeCodec) (Version:  - )
Need for Speed: Hot Pursuit (HKLM-x32\...\Steam App 47870) (Version:  - Criterion Games)
Nullsoft Install System (HKLM-x32\...\NSIS) (Version: 2.46 - )
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 1.1.5 (HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\OpenOffice.org 1.1.5) (Version: 1.1.5 - Sun Microsystems, Inc. for the OpenOffice.org-Community)
Operation Peacekeeper - Core (HKLM-x32\...\Operation Peacekeeper - Core) (Version: 0.3 - OPK Mod Team)
Operation Peacekeeper - Levels (HKLM-x32\...\Operation Peacekeeper - Levels) (Version: 0.3 - OPK Mod Team)
OPK-Mod - Core (HKLM-x32\...\OPK-Mod - Core) (Version: 0.4 - OPK Mod Team)
OPK-Mod - Levels (HKLM-x32\...\Operation Peacekeeper) (Version: 0.4 - OPK Mod Team)
Origin (HKLM-x32\...\Origin) (Version: 9.0.2.2065 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{030F4BB3-F3C3-4A74-905C-44672D1ECB76}) (Version: 0.47.284 - Overwolf)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PlanetSide 2 (HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\soe-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
RACE 07 - Formula RaceRoom Add-On (HKLM-x32\...\Steam App 44630) (Version:  - )
RACE 07 (HKLM-x32\...\Steam App 8600) (Version:  - SimBin)
RACE 07: Andy Priaulx Crowne Plaza Raceway (HKLM-x32\...\Steam App 8650) (Version:  - SimBin)
RaceRoom Racing Experience  (HKLM-x32\...\Steam App 211500) (Version:  - SimBin Studios AB)
RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
reFX Slayer Demo 2.6.0 (HKLM-x32\...\reFX Slayer Demo 2.6.0_is1) (Version:  - )
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
Sakura (HKLM-x32\...\Sakura) (Version:  - Image-Line)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SimSynth (HKLM-x32\...\SimSynth) (Version:  - Image-Line)
Sniper Elite V2 Version v1.0 (HKLM-x32\...\{E8CE0E34-8308-4146-BDB9-B5A9FB5536F1}_is1) (Version: v1.0 - Rebellion, Inc.)
Sound Forge Pro 10.0 (HKLM-x32\...\{3F9170C9-A7C2-408F-A4D8-EC77250040BF}) (Version: 10.0.368 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STCC II (HKLM-x32\...\Steam App 44620) (Version:  - SimBin)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sytrus (HKLM-x32\...\Sytrus) (Version:  - Image-Line)
TDU2 Unpacked (HKLM-x32\...\TDU2 Unpacker GUI) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version:  - Atari)
The WTCC 2010 Pack (HKLM-x32\...\Steam App 44670) (Version:  - SimBin)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.9.6 - Electronic Arts)
TortoiseSVN 1.8.2.24708 (64 bit) (HKLM\...\{D0DC3918-460D-4229-811E-41F22D0CD7E9}) (Version: 1.8.24708 - TortoiseSVN)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line bvba)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.01.03 - )
Unity Web Player (HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
War Thunder Launcher 1.0.1.444 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Wasp (HKLM-x32\...\Wasp) (Version:  - Image-Line)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Z Engine (HKLM-x32\...\{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}) (Version: 2.5.0.30_NA - Ideazon)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3810334735-2351705608-1866539249-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3810334735-2351705608-1866539249-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3810334735-2351705608-1866539249-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3810334735-2351705608-1866539249-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3810334735-2351705608-1866539249-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3810334735-2351705608-1866539249-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3810334735-2351705608-1866539249-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3810334735-2351705608-1866539249-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3810334735-2351705608-1866539249-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3810334735-2351705608-1866539249-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-02-2015 19:51:24 Geplanter Prüfpunkt
18-02-2015 07:05:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-09-05 13:50 - 00002573 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       activate.adobe.com
127.0.0.1       practivate.adobe.com
127.0.0.1       adobeereg.com
127.0.0.1       hxxp://www.adobeereg.com
127.0.0.1       activate.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       192.150.18.108
127.0.0.1       activate.adobe.com:443
127.0.0.1       3dns-3.adobe.com
127.0.0.1       3dns-2.adobe.com
127.0.0.1       adobeereg.com
127.0.0.1       www.adobeereg.com
127.0.0.1       activate.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       192.150.18.108
127.0.0.1       adobeereg.com
127.0.0.1       www.adobeereg.com
127.0.0.1       activate.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       192.150.18.108
127.0.0.1       adobe-dns.adobe.com
127.0.0.1       adobe-dns-2.adobe.com

There are 15 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {147D6D4C-AD38-47EA-9112-170087DF92F4} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\ProgramData\ASUS\AASP\1.02.00\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
Task: {1D1CCF39-ECF0-4186-A255-D86AD2448948} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11] (Macrovision Corporation)
Task: {1E129DBB-A2EB-4CC9-A0E4-BF1D64ACEAE1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {2022DB2F-FFB8-4BF9-B864-BD8046E47BC0} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {274BF49F-D26B-4B81-BB05-0CEF3031AAC3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2D593611-20C4-43EE-A568-B98CAA86E48F} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2012-01-03] (ASUSTek Computer Inc.)
Task: {33384DA3-978F-4C19-ABAC-E529BBF7A8CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {4913FD79-08D9-4DC9-9000-743B8FA8C8B6} - System32\Tasks\{C8DCA755-6678-4EC3-B347-B1CA735230AF} => pcalua.exe -a O:\Downloads\Games\FreeTrack\FreeTrack_V2.2.exe -d O:\Downloads\Games\FreeTrack
Task: {4B37A0AE-E0E4-452F-AEB1-561060E7EB86} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4C891BDC-A6D5-4931-9078-D8BA1CFB5080} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe [2009-12-28] ()
Task: {504FB8EE-393C-44C6-ACA9-2C3E24D7F4C6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {5616B537-C26E-4E72-BF19-10BAFDD0CFA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {6EEE4A8A-637F-4513-A267-DEEC4899027B} - System32\Tasks\{A68829E3-EC93-4320-9261-01B9CBA7445B} => pcalua.exe -a P:\setup.exe -d P:\
Task: {76E1E278-A64F-4444-8BCC-A23393B8BDA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {7C78E29A-3A97-4A16-BEEE-F52D915A9E50} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {84E349EC-D5B1-46AD-930B-A1355EA8DD59} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11] (Macrovision Corporation)
Task: {94A6A6CA-DCD5-4539-AC3E-FC9992E73A14} - System32\Tasks\ASUS-Online-Aktualisierungsprogramm => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {AC316486-7A8E-402D-B12E-327F9CB57EFB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {B111B94F-6841-4A82-96F4-96D27B06CCB0} - System32\Tasks\{A1EED0A6-1E91-43BB-8BB2-471802A5E0D6} => pcalua.exe -a P:\Autorun.exe -d P:\
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2013-08-27 23:00 - 2013-08-27 23:00 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2013-08-27 22:59 - 2013-08-27 22:59 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-12-15 21:30 - 2015-02-04 17:42 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-12-15 07:27 - 2011-12-06 02:58 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-12-15 07:27 - 2011-12-06 02:58 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-02-20 10:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-20 10:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-20 10:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-20 10:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-20 10:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-12-15 07:42 - 2009-04-29 14:24 - 00253952 _____ () C:\Program Files (x86)\ASUS\Turbo Key\pngio.dll
2013-12-15 07:42 - 2009-04-29 14:24 - 00208896 _____ () C:\Program Files (x86)\ASUS\Turbo Key\AiNap.dll
2013-12-15 07:42 - 2009-04-29 14:24 - 00008704 _____ () C:\Program Files (x86)\ASUS\Turbo Key\vvc.dll
2015-02-15 12:56 - 2015-02-15 12:56 - 00112318 _____ () C:\Users\Wallace\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
2011-02-16 13:38 - 2011-02-16 13:38 - 00015872 _____ () C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Wallace\Cookies:j5I2fMvYcQRW4Gy0Kw59ncNW
AlternateDataStreams: C:\Users\Wallace\Lokale Einstellungen:NQkYBGtyzuXGtTSA5ZzrS
AlternateDataStreams: C:\Users\Wallace\AppData\Local:NQkYBGtyzuXGtTSA5ZzrS
AlternateDataStreams: C:\Users\Wallace\AppData\Local\Anwendungsdaten:NQkYBGtyzuXGtTSA5ZzrS
AlternateDataStreams: C:\Users\Wallace\AppData\Local\Temporary Internet Files:v72rVpuAyJAEO4mb8sPPQra0

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Wallace\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3810334735-2351705608-1866539249-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3810334735-2351705608-1866539249-1006 - Limited - Enabled)
Gast (S-1-5-21-3810334735-2351705608-1866539249-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3810334735-2351705608-1866539249-1002 - Limited - Enabled)
Wallace (S-1-5-21-3810334735-2351705608-1866539249-1000 - Administrator - Enabled) => C:\Users\Wallace

==================== Faulty Device Manager Devices =============

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2015 10:45:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: infrared_data_association.exe, Version: 0.12.4.868, Zeitstempel: 0x54e4147b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7efde000
ID des fehlerhaften Prozesses: 0xdb8
Startzeit der fehlerhaften Anwendung: 0xinfrared_data_association.exe0
Pfad der fehlerhaften Anwendung: infrared_data_association.exe1
Pfad des fehlerhaften Moduls: infrared_data_association.exe2
Berichtskennung: infrared_data_association.exe3

Error: (02/21/2015 10:45:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2015 10:32:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: ole32.DLL, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003aa87
ID des fehlerhaften Prozesses: 0x9dc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3

Error: (02/21/2015 10:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2015 09:40:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 11:30:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm insurgency.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1cf0

Startzeit: 01d04d5cae176ef3

Endzeit: 244

Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe

Berichts-ID:

Error: (02/20/2015 11:29:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm insurgency.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ed0

Startzeit: 01d04d59c7c14028

Endzeit: 272

Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe

Berichts-ID:

Error: (02/20/2015 10:39:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 11:05:52 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm ArcaVir Tray Module wurde wegen dieses Fehlers geschlossen.

Programm: ArcaVir Tray Module
Datei: 

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0

Error: (02/20/2015 11:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: {0000E466-20F3-974}, Version: 8.5.1.0, Zeitstempel: 0x54e6159b
Name des fehlerhaften Moduls: {0000E466-20F3-974}, Version: 8.5.1.0, Zeitstempel: 0x54e6159b
Ausnahmecode: 0xc0000096
Fehleroffset: 0x00003d3d
ID des fehlerhaften Prozesses: 0x20b8
Startzeit der fehlerhaften Anwendung: 0x{0000E466-20F3-974}0
Pfad der fehlerhaften Anwendung: {0000E466-20F3-974}1
Pfad des fehlerhaften Moduls: {0000E466-20F3-974}2
Berichtskennung: {0000E466-20F3-974}3


System errors:
=============
Error: (02/21/2015 10:45:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "saw_filter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/21/2015 10:45:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "non_return_to_zero" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/21/2015 10:45:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "computer_aided_design" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/21/2015 10:45:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "anode" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/21/2015 10:45:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "down_converter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/21/2015 10:43:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst inductor_based_switcher erreicht.

Error: (02/21/2015 10:42:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (02/21/2015 10:40:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AsIO
AsUpIO
discache
spldr
Wanarpv6

Error: (02/21/2015 10:40:43 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a039d89d2485bc, 0xb3b7465eefa2c08e, 0xfffff880009f45c0, 0x0000000000000002)C:\Windows\MEMORY.DMP022115-22308-01

Error: (02/21/2015 10:40:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎21.‎02.‎2015 um 22:39:21 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (02/21/2015 10:45:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: infrared_data_association.exe0.12.4.86854e4147bunknown0.0.0.000000000c00000057efde000db801d04e1fa4a3edecC:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\international_electro\infrared_data_association.exeunknownf88e5457-ba12-11e4-8402-d838145415c9

Error: (02/21/2015 10:45:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2015 10:32:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ole32.DLL6.1.7601.175144ce7b96fc00000050003aa879dc01d04e1ac7a211eaC:\Windows\syswow64\svchost.exeC:\Windows\syswow64\ole32.DLL288746f9-ba11-11e4-9183-bcee7b73f9a8

Error: (02/21/2015 10:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2015 09:40:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 11:30:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: insurgency.exe0.0.0.01cf001d04d5cae176ef3244C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe

Error: (02/20/2015 11:29:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: insurgency.exe0.0.0.01ed001d04d59c7c14028272C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe

Error: (02/20/2015 10:39:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 11:05:52 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: ArcaVir Tray Module000000000

Error: (02/20/2015 11:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: {0000E466-20F3-974}8.5.1.054e6159b{0000E466-20F3-974}8.5.1.054e6159bc000009600003d3d20b801d04cf4ce7eca3eC:\Users\Wallace\AppData\Local\Temp\{0000E466-20F3-974}C:\Users\Wallace\AppData\Local\Temp\{0000E466-20F3-974}0cc201ac-b8e8-11e4-b6bd-bcee7b73f9a8


CodeIntegrity Errors:
===================================
  Date: 2015-02-21 22:42:01.593
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-21 22:42:01.531
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-21 22:08:54.063
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-21 22:08:53.985
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-21 21:36:21.496
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-21 21:36:21.387
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-20 22:35:53.933
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-20 22:35:53.808
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-20 10:10:59.568
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-20 10:10:59.459
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD FX(tm)-4130 Quad-Core Processor 
Percentage of memory in use: 24%
Total physical RAM: 8190.12 MB
Available physical RAM: 6145.95 MB
Total Pagefile: 16378.42 MB
Available Pagefile: 13833.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:685.44 GB) (Free:35.39 GB) NTFS
Drive d: (Musik) (Fixed) (Total:48.91 GB) (Free:0.52 GB) NTFS
Drive e: (PRODUCER) (Fixed) (Total:97.66 GB) (Free:24.03 GB) NTFS
Drive f: (PROG) (Fixed) (Total:146.49 GB) (Free:62.71 GB) NTFS
Drive g: (DATA) (Fixed) (Total:172.69 GB) (Free:14.06 GB) NTFS
Drive h: (FACTORY_IMAGE) (Fixed) (Total:13.1 GB) (Free:12.02 GB) NTFS
Drive o: (My Book) (Fixed) (Total:1862.98 GB) (Free:1245.04 GB) NTFS
Drive q: (My Book) (Fixed) (Total:465.64 GB) (Free:94.12 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=685.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: EBF8BF2C)
Partition 1: (Not Active) - (Size=416.8 GB) - (Type=OF Extended)
Partition 2: (Not Active) - (Size=48.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: 8D399BC0)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End Of Log ============================
         

Alt 21.02.2015, 23:43   #2
DaWallace
 
Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



GMER
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-21 23:33:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3750528AS rev.HP34 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Wallace\AppData\Local\Temp\uxrcapod.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                          fffff960001a4900 7 bytes [00, 99, F3, FF, 41, AC, F0]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                                                                      fffff960001a4908 3 bytes [00, 07, 02]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                               0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                 0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                               0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                               000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                  00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                           00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                  000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                           0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                 000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                      0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                               000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                 0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                    000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                 00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                               00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                           00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                           00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                            0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                              0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                            0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                            000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                               00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                        00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                               000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                        0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                              000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                   0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                            000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                              0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                 000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                              00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                            00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                        00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                        00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                            0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                              0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                            0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                            000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                               00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                        00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                               000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                        0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                              000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                   0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                            000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                              0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                 000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                              00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                            00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                        00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                        00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                            0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                              0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                            0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                            000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                               00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                        00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                               000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                        0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                              000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                   0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                            000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                              0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                 000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                              00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                            00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                        00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                        00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                            0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                              0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                            0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                            000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                               00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                        00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                               000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                        0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                              000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                   0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                            000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                              0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                 000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                              00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                            00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                        00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                        00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                            0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                              0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                            0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                            000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                               00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                        00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                               000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                        0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                              000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                   0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                            000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                              0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                 000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                              00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                            00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                        00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                        00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                            0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                              0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                            0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                            000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                               00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                        00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                               000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                        0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                              000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                   0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                            000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                              0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                 000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                              00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                            00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                        00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                        00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                                                                         00000000738417fa 2 bytes CALL 771a11a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                                                                     0000000073841860 2 bytes CALL 771a11a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                                                                   0000000073841942 2 bytes JMP 770f7089 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                                                                  000000007384194d 2 bytes JMP 770fcba6 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                           0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                             0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                           0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                           000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                              00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                       00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                              000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                       0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                             000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                  0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                           000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                             0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                             00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                           00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                       00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                       00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                            0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                              0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                            0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                            000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                               00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                        00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                               000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                        0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                              000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                   0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                            000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                              0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                 000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                              00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                            00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                        00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                        00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                             0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                               0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                             0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                             000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                         00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                         0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                               000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                    0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                             000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                               0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                  000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                               00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                             00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                         00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3172] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                         00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                            0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                              0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                            0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                            000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                               00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                        00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                               000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                        0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                              000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                   0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                            000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                              0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                 000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                              00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                            00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                        00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                        00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                            0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                              0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                            0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                            000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                               00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                        00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                               000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                        0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                              000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                   0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                            000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                              0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                 000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                              00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                            00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                        00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                        00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                            0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                              0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                            0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                            000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                               00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                        00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                               000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                        0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                              000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                   0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                            000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                              0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                 000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                              00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                            00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                        00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                        00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                               0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                 0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                               0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                               000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\KERNEL32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                  00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                           00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                  000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                           0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                 000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                      0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                               000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                 0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                    000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                 00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                               00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                           00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                           00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                             0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                               0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                             0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                             000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                         00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                         0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                               000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                    0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
         
__________________


Alt 21.02.2015, 23:43   #3
DaWallace
 
Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



GMER Teil2
Code:
ATTFilter
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                             000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                               0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                  000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                               00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                             00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                         00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\attrib.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                         00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                            0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                              0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                            0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                            000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                               00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                        00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                               000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                        0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                              000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                   0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                            000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                              0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                 000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                              00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                            00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                        00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\dllhost.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                        00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                         0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                           0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                         0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                         000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                            00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                     00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                            000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                     0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                           000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                         000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                           0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                              000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                           00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                         00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                     00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                     00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                            0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                              0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                            0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                            000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                               00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                        00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                               000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                        0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                              000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                   0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                            000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                              0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                 000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                              00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                            00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                        00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\notepad.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                        00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                                                 000000007789f8ea 1 byte [C3]
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\USER32.dll!GetSysColor                                                                                                       00000000760f6c3c 4 bytes JMP 000000016305da75
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\USER32.dll!GetSysColorBrush                                                                                                  00000000761035a4 4 bytes JMP 000000016305cbdd
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                          0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                            0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                          0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                          000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\KERNEL32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                             00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                      00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                             000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                      0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                            000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                 0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                          000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                            0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                               000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                            00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                          00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                      00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                      00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                           0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                             0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                           0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                           000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                              00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                       00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                              000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                       0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                             000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                  0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                           000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                             0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                             00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                           00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                       00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\typeperf.exe[6100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                       00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                         0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                           0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                         0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                         000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                            00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                     00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                            000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                     0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                           000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                         000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                           0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                              000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                           00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                         00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                     00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\systeminfo.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                     00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                               0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                 0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                               0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                               000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                  00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                           00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                  000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                           0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                 000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                      0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                               000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                 0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                    000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                 00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                               00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                           00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\sort.exe[5672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                           00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                      0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                        0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                      0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                      000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                         00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                  00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                         000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                  0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                        000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                             0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                      000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                        0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                           000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                        00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                      00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                  00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                  00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                           0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                             0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                           0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                           000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                              00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                       00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                              000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                       0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                             000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                  0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                           000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                             0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                             00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                           00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                       00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\logagent.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                       00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                 0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                   0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                 0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                 000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                    00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                             00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                    000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                             0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                   000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                        0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                 000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                   0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                      000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                   00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                 00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                             00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\at.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                             00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                          0000000076681401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                            0000000076681419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                          0000000076681431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                          000000007668144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                      * 9
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                             00000000766814dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                      00000000766814f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                             000000007668150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                      0000000076681525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                            000000007668153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                 0000000076681555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                          000000007668156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                            0000000076681585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                               000000007668159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                            00000000766815b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                          00000000766815cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                      00000000766816b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe[7952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                      00000000766816bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread   C:\Windows\Explorer.EXE [1240:3800]                                                                                                                                                                      000000000708a020
Thread   C:\Windows\Explorer.EXE [1240:3840]                                                                                                                                                                      0000000007086d40
Thread   C:\Windows\Explorer.EXE [1240:3828]                                                                                                                                                                      000000000707b370
Thread   C:\Windows\SysWOW64\attrib.exe [3428:4676]                                                                                                                                                               000000007ef97c32
Thread   C:\Windows\SysWOW64\attrib.exe [3428:4640]                                                                                                                                                               000000007ef97be4
Thread   C:\Windows\SysWOW64\attrib.exe [3428:4648]                                                                                                                                                               000000007ef991d3
Thread   C:\Windows\SysWOW64\attrib.exe [3428:1052]                                                                                                                                                               000000007ef9dc0c
Thread   C:\Windows\SysWOW64\dllhost.exe [4544:3788]                                                                                                                                                              000000007ef90000
Thread   C:\Windows\SysWOW64\dllhost.exe [4544:2736]                                                                                                                                                              000000007ef91ca5
Thread   C:\Windows\SysWOW64\dllhost.exe [4544:3816]                                                                                                                                                              000000007ef96aad
Thread   C:\Windows\SysWOW64\dllhost.exe [4544:3476]                                                                                                                                                              000000007ef95a32
Thread   C:\Windows\SysWOW64\notepad.exe [5716:5736]                                                                                                                                                              000000007ef97c32
Thread   C:\Windows\SysWOW64\notepad.exe [5716:5740]                                                                                                                                                              000000007ef97be4
Thread   C:\Windows\SysWOW64\notepad.exe [5716:5776]                                                                                                                                                              000000007ef991d3
Thread   C:\Windows\SysWOW64\notepad.exe [5716:5900]                                                                                                                                                              000000007ef9dc0c
Thread   C:\Windows\SysWOW64\typeperf.exe [6100:2176]                                                                                                                                                             000000007ef97c32
Thread   C:\Windows\SysWOW64\typeperf.exe [6100:5976]                                                                                                                                                             000000007ef97be4
Thread   C:\Windows\SysWOW64\typeperf.exe [6100:5404]                                                                                                                                                             000000007ef991d3
Thread   C:\Windows\SysWOW64\typeperf.exe [6100:6136]                                                                                                                                                             000000007ef9dc0c
Thread   C:\Windows\SysWOW64\sort.exe [5672:5432]                                                                                                                                                                 000000007ef97c32
Thread   C:\Windows\SysWOW64\sort.exe [5672:5436]                                                                                                                                                                 000000007ef97be4
Thread   C:\Windows\SysWOW64\sort.exe [5672:6132]                                                                                                                                                                 000000007ef991d3
Thread   C:\Windows\SysWOW64\sort.exe [5672:4680]                                                                                                                                                                 000000007ef9dc0c
Thread   C:\Windows\SysWOW64\logagent.exe [5352:4672]                                                                                                                                                             000000007ef97c32
Thread   C:\Windows\SysWOW64\logagent.exe [5352:5332]                                                                                                                                                             000000007ef97be4
Thread   C:\Windows\SysWOW64\logagent.exe [5352:5748]                                                                                                                                                             000000007ef991d3
Thread   C:\Windows\SysWOW64\logagent.exe [5352:5960]                                                                                                                                                             000000007ef9dc0c
Thread   C:\Windows\SysWOW64\at.exe [5252:240]                                                                                                                                                                    000000007ef97c95
Thread   C:\Windows\SysWOW64\at.exe [5252:5724]                                                                                                                                                                   000000007ef97c47
Thread   C:\Windows\SysWOW64\at.exe [5252:5788]                                                                                                                                                                   000000007ef99236
Thread   C:\Windows\SysWOW64\at.exe [5252:6036]                                                                                                                                                                   000000007ef9e96a
Thread   C:\Windows\system32\SearchFilterHost.exe [7116:8724]                                                                                                                                                     0000000000910000
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsAcpi.dll (*** suspicious ***) @ C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe [1552] (ASUS ACPI Interface/ASUS)(2009-03-05 13:28:36)  0000000010000000
Library  C:\Users\Wallace\AppData\Roaming\newnext.me\nengine.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [4100] (NewNext Helper Engine/NewNextDotMe)(2013-12-15 11:23:28)                         00000000724c0000
Library  C:\Users\Wallace\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll (*** suspicious ***) @ C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe [6064](2015-02-15 11:56:07)            0000000010000000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                      C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                      0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                      0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                   0x86 0x80 0x4A 0x36 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                             0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                          0x96 0x7D 0x95 0xD7 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                     0xFC 0xB3 0x51 0xE6 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                          C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                          0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                          0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                       0x86 0x80 0x4A 0x36 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                                            
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                 0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                              0x96 0x7D 0x95 0xD7 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                         0xFC 0xB3 0x51 0xE6 ...
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ExcludeProfileDirs                                                                                                                            AppData\Local;AppData\LocalLow;$Recycle.Bin
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@BuildNumber                                                                                                                                   7601
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@FirstLogon                                                                                                                                    0
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ParseAutoexec                                                                                                                                 1

---- EOF - GMER 2.1 ----
         
Eines der vielen Fehlerfenster nach dem Start des Systems:



Danke schonmal
__________________

Alt 22.02.2015, 17:18   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.02.2015, 20:22   #5
DaWallace
 
Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



Vielen Dank für die Hilfe.

Hab alles ausgeführt. Hier die Log-Files:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.22.05
  rootkit: v2015.02.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Wallace :: DRAGON64 [administrator]

22.02.2015 19:58:10
mbar-log-2015-02-22 (19-58-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 347528
Time elapsed: 11 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Code:
ATTFilter
20:13:56.0818 0x1304  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:14:00.0604 0x1304  ============================================================
20:14:00.0605 0x1304  Current date / time: 2015/02/22 20:14:00.0604
20:14:00.0605 0x1304  SystemInfo:
20:14:00.0605 0x1304  
20:14:00.0605 0x1304  OS Version: 6.1.7601 ServicePack: 1.0
20:14:00.0605 0x1304  Product type: Workstation
20:14:00.0605 0x1304  ComputerName: DRAGON64
20:14:00.0605 0x1304  UserName: Wallace
20:14:00.0605 0x1304  Windows directory: C:\Windows
20:14:00.0605 0x1304  System windows directory: C:\Windows
20:14:00.0605 0x1304  Running under WOW64
20:14:00.0605 0x1304  Processor architecture: Intel x64
20:14:00.0605 0x1304  Number of processors: 4
20:14:00.0605 0x1304  Page size: 0x1000
20:14:00.0605 0x1304  Boot type: Normal boot
20:14:00.0605 0x1304  ============================================================
20:14:04.0089 0x1304  KLMD registered as C:\Windows\system32\drivers\05542928.sys
20:14:04.0530 0x1304  System UUID: {16D1EC3B-9554-5EDC-4910-9ECB978DB774}
20:14:04.0907 0x1304  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:14:04.0926 0x1304  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:14:04.0929 0x1304  Drive \Device\Harddisk2\DR2 - Size: 0x1D1BF100000 ( 1862.99 Gb ), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:14:04.0930 0x1304  Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:14:10.0191 0x1304  ============================================================
20:14:10.0191 0x1304  \Device\Harddisk0\DR0:
20:14:10.0210 0x1304  MBR partitions:
20:14:10.0210 0x1304  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:14:10.0210 0x1304  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55AE0800
20:14:10.0210 0x1304  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x55B13000, BlocksNum 0x1A32800
20:14:10.0211 0x1304  \Device\Harddisk1\DR1:
20:14:10.0216 0x1304  MBR partitions:
20:14:10.0222 0x1304  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x61D6AB1, BlocksNum 0xC35314E
20:14:10.0236 0x1304  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12529C3E, BlocksNum 0x124FAAB4
20:14:10.0253 0x1304  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x24A24731, BlocksNum 0x15960510
20:14:10.0253 0x1304  \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x61D2B72
20:14:10.0253 0x1304  \Device\Harddisk2\DR2:
20:14:10.0253 0x1304  MBR partitions:
20:14:10.0253 0x1304  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
20:14:10.0253 0x1304  \Device\Harddisk3\DR3:
20:14:10.0271 0x1304  MBR partitions:
20:14:10.0271 0x1304  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A380D41
20:14:10.0271 0x1304  ============================================================
20:14:10.0297 0x1304  C: <-> \Device\Harddisk0\DR0\Partition2
20:14:10.0335 0x1304  D: <-> \Device\Harddisk1\DR1\Partition4
20:14:10.0366 0x1304  E: <-> \Device\Harddisk1\DR1\Partition1
20:14:10.0401 0x1304  F: <-> \Device\Harddisk1\DR1\Partition2
20:14:10.0421 0x1304  G: <-> \Device\Harddisk1\DR1\Partition3
20:14:10.0455 0x1304  H: <-> \Device\Harddisk0\DR0\Partition3
20:14:10.0868 0x1304  O: <-> \Device\Harddisk2\DR2\Partition1
20:14:10.0869 0x1304  Q: <-> \Device\Harddisk3\DR3\Partition1
20:14:10.0869 0x1304  ============================================================
20:14:10.0869 0x1304  Initialize success
20:14:10.0869 0x1304  ============================================================
20:15:36.0559 0x1768  ============================================================
20:15:36.0559 0x1768  Scan started
20:15:36.0559 0x1768  Mode: Manual; SigCheck; TDLFS; 
20:15:36.0559 0x1768  ============================================================
20:15:36.0559 0x1768  KSN ping started
20:15:50.0246 0x1768  KSN ping finished: true
20:15:51.0576 0x1768  ================ Scan system memory ========================
20:15:51.0576 0x1768  System memory - ok
20:15:51.0576 0x1768  ================ Scan services =============================
20:15:51.0704 0x1768  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:15:51.0763 0x1768  1394ohci - ok
20:15:51.0794 0x1768  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:15:51.0816 0x1768  ACPI - ok
20:15:51.0833 0x1768  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:15:51.0863 0x1768  AcpiPmi - ok
20:15:51.0917 0x1768  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:15:51.0928 0x1768  AdobeARMservice - ok
20:15:52.0011 0x1768  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:15:52.0028 0x1768  AdobeFlashPlayerUpdateSvc - ok
20:15:52.0052 0x1768  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:15:52.0074 0x1768  adp94xx - ok
20:15:52.0097 0x1768  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:15:52.0113 0x1768  adpahci - ok
20:15:52.0131 0x1768  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:15:52.0144 0x1768  adpu320 - ok
20:15:52.0171 0x1768  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:15:52.0214 0x1768  AeLookupSvc - ok
20:15:52.0253 0x1768  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:15:52.0291 0x1768  AFD - ok
20:15:52.0310 0x1768  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:15:52.0320 0x1768  agp440 - ok
20:15:52.0337 0x1768  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:15:52.0351 0x1768  ALG - ok
20:15:52.0369 0x1768  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:15:52.0378 0x1768  aliide - ok
20:15:52.0402 0x1768  [ B3E801135E0C81733542C14D9AA8120A, 69A19C73BBB942DDEBD079EF924ED1AEFC3516867569618D2FBBD1CD831204C2 ] Alpham1         C:\Windows\system32\DRIVERS\Alpham164.sys
20:15:52.0427 0x1768  Alpham1 - ok
20:15:52.0441 0x1768  [ 6493983FEDBC49D9112703ECE9B251FE, E5D0EEBA8C8D9C02CC4109C86ABC6375E5CF79F6549917C011238FD2DD78BF71 ] Alpham2         C:\Windows\system32\DRIVERS\Alpham264.sys
20:15:52.0457 0x1768  Alpham2 - ok
20:15:52.0533 0x1768  [ F17B1902DFCED1C24DB57492A7896FF8, 966AB1A072A8AF98D7EDD2A388D919B50FC41A06E1C51B04B2C2F54F1BA7F0D5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:15:52.0559 0x1768  AMD External Events Utility - ok
20:15:52.0635 0x1768  AMD FUEL Service - ok
20:15:52.0649 0x1768  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:15:52.0659 0x1768  amdide - ok
20:15:52.0685 0x1768  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:15:52.0704 0x1768  AmdK8 - ok
20:15:53.0182 0x1768  [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:15:53.0737 0x1768  amdkmdag - ok
20:15:53.0808 0x1768  [ AF6B384E03D15471EDCEDDDEBAA363B2, 2D8CFA26D69A8FF0FAC6EBA2E5A62977B21ECBA0C65458072FEC4A886B3EDD73 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:15:53.0845 0x1768  amdkmdap - ok
20:15:53.0854 0x1768  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:15:53.0865 0x1768  AmdPPM - ok
20:15:53.0895 0x1768  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:15:53.0907 0x1768  amdsata - ok
20:15:53.0928 0x1768  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:15:53.0941 0x1768  amdsbs - ok
20:15:53.0953 0x1768  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:15:53.0964 0x1768  amdxata - ok
20:15:53.0966 0x1768  AODDriver4.2.0 - ok
20:15:53.0995 0x1768  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:15:54.0009 0x1768  AODDriver4.3 - ok
20:15:54.0030 0x1768  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
20:15:54.0124 0x1768  AppID - ok
20:15:54.0152 0x1768  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:15:54.0194 0x1768  AppIDSvc - ok
20:15:54.0215 0x1768  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:15:54.0246 0x1768  Appinfo - ok
20:15:54.0266 0x1768  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:15:54.0277 0x1768  arc - ok
20:15:54.0284 0x1768  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:15:54.0294 0x1768  arcsas - ok
20:15:54.0340 0x1768  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE, DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
20:15:54.0348 0x1768  AsIO - ok
20:15:54.0366 0x1768  [ 22842362DF890F5492F85AA60916A697, EC01380B1C9BF4CFBA018FC314563F0785280172A2A9B51D50F088E7101951EF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
20:15:54.0410 0x1768  asmthub3 - ok
20:15:54.0433 0x1768  [ 08E2D77766CC05E75A0707207D9FC684, 6CF3B12B2B3375B715A3EBC66EF148CEA2248D448A3A37875B7B1BC7CDA40FDD ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
20:15:54.0465 0x1768  asmtxhci - ok
20:15:54.0522 0x1768  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:15:54.0544 0x1768  aspnet_state - ok
20:15:54.0598 0x1768  [ 954FFBFF05B0B60EB63B52AF561436C4, 40228A2B688E827815B5A567584FCF99BF661696DB8CC8BB455393B3CEE35094 ] AsSysCtrlService C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe
20:15:54.0607 0x1768  AsSysCtrlService - ok
20:15:54.0612 0x1768  [ 26D66E32E78D3059715B3A17BC679CD9, 5039CB81CE0829C5F3DED16A4005FEB10141C6C9B473CC319E81BAF6D1DA33E3 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
20:15:54.0621 0x1768  AsUpIO - ok
20:15:54.0635 0x1768  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:15:54.0674 0x1768  AsyncMac - ok
20:15:54.0694 0x1768  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:15:54.0704 0x1768  atapi - ok
20:15:54.0737 0x1768  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:15:54.0742 0x1768  AtiHDAudioService - detected UnsignedFile.Multi.Generic ( 1 )
20:15:57.0185 0x1768  Detect skipped due to KSN trusted
20:15:57.0185 0x1768  AtiHDAudioService - ok
20:15:57.0781 0x1768  [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:15:58.0315 0x1768  atikmdag - ok
20:15:58.0367 0x1768  [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
20:15:58.0375 0x1768  AtiPcie - ok
20:15:58.0455 0x1768  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:15:58.0516 0x1768  AudioEndpointBuilder - ok
20:15:58.0560 0x1768  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:15:58.0622 0x1768  AudioSrv - ok
20:15:58.0671 0x1768  [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject        C:\Windows\system32\drivers\avmeject.sys
20:15:58.0691 0x1768  avmeject - ok
20:15:58.0723 0x1768  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:15:58.0800 0x1768  AxInstSV - ok
20:15:58.0865 0x1768  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:15:58.0932 0x1768  b06bdrv - ok
20:15:58.0975 0x1768  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:15:59.0019 0x1768  b57nd60a - ok
20:15:59.0041 0x1768  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:15:59.0071 0x1768  BDESVC - ok
20:15:59.0088 0x1768  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:15:59.0136 0x1768  Beep - ok
20:15:59.0169 0x1768  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:15:59.0220 0x1768  BFE - ok
20:15:59.0282 0x1768  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:15:59.0364 0x1768  BITS - ok
20:15:59.0383 0x1768  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:15:59.0420 0x1768  blbdrive - ok
20:15:59.0445 0x1768  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:15:59.0474 0x1768  bowser - ok
20:15:59.0488 0x1768  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:15:59.0527 0x1768  BrFiltLo - ok
20:15:59.0547 0x1768  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:15:59.0580 0x1768  BrFiltUp - ok
20:15:59.0625 0x1768  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:15:59.0672 0x1768  Browser - ok
20:15:59.0698 0x1768  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:15:59.0765 0x1768  Brserid - ok
20:15:59.0801 0x1768  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:15:59.0828 0x1768  BrSerWdm - ok
20:15:59.0849 0x1768  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:15:59.0880 0x1768  BrUsbMdm - ok
20:15:59.0889 0x1768  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:15:59.0920 0x1768  BrUsbSer - ok
20:15:59.0931 0x1768  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:15:59.0966 0x1768  BTHMODEM - ok
20:16:00.0000 0x1768  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:16:00.0047 0x1768  bthserv - ok
20:16:00.0087 0x1768  [ DC22832C7A65054129DEFE8BC0C6E2B6, 913C8FE83A1FFDC6A1EA54B910D98D9A4C8EF049D0B1D0D0AFB5BF1514AABE59 ] camfilt2        C:\Windows\system32\DRIVERS\camfilt2.sys
20:16:00.0136 0x1768  camfilt2 - ok
20:16:00.0162 0x1768  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:16:00.0216 0x1768  cdfs - ok
20:16:00.0240 0x1768  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:16:00.0286 0x1768  cdrom - ok
20:16:00.0306 0x1768  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:16:00.0366 0x1768  CertPropSvc - ok
20:16:00.0386 0x1768  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:16:00.0417 0x1768  circlass - ok
20:16:00.0451 0x1768  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:16:00.0479 0x1768  CLFS - ok
20:16:00.0527 0x1768  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:16:00.0553 0x1768  clr_optimization_v2.0.50727_32 - ok
20:16:00.0600 0x1768  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:16:00.0618 0x1768  clr_optimization_v2.0.50727_64 - ok
20:16:00.0669 0x1768  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:16:00.0706 0x1768  clr_optimization_v4.0.30319_32 - ok
20:16:00.0719 0x1768  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:16:00.0734 0x1768  clr_optimization_v4.0.30319_64 - ok
20:16:00.0758 0x1768  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:16:00.0777 0x1768  CmBatt - ok
20:16:00.0818 0x1768  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:16:00.0837 0x1768  cmdide - ok
20:16:00.0894 0x1768  [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG             C:\Windows\system32\Drivers\cng.sys
20:16:00.0921 0x1768  CNG - ok
20:16:00.0947 0x1768  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:16:00.0960 0x1768  Compbatt - ok
20:16:00.0974 0x1768  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:16:01.0011 0x1768  CompositeBus - ok
20:16:01.0016 0x1768  COMSysApp - ok
20:16:01.0030 0x1768  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:16:01.0045 0x1768  crcdisk - ok
20:16:01.0089 0x1768  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:16:01.0117 0x1768  CryptSvc - ok
20:16:01.0188 0x1768  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:16:01.0239 0x1768  DcomLaunch - ok
20:16:01.0290 0x1768  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:16:01.0331 0x1768  defragsvc - ok
20:16:01.0340 0x1768  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:16:01.0406 0x1768  DfsC - ok
20:16:01.0450 0x1768  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:16:01.0468 0x1768  dg_ssudbus - ok
20:16:01.0491 0x1768  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:16:01.0567 0x1768  Dhcp - ok
20:16:01.0590 0x1768  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:16:01.0654 0x1768  discache - ok
20:16:01.0660 0x1768  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:16:01.0670 0x1768  Disk - ok
20:16:01.0715 0x1768  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:16:01.0755 0x1768  Dnscache - ok
20:16:01.0781 0x1768  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:16:01.0858 0x1768  dot3svc - ok
20:16:01.0882 0x1768  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:16:01.0943 0x1768  DPS - ok
20:16:01.0974 0x1768  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:16:02.0029 0x1768  drmkaud - ok
20:16:02.0080 0x1768  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:16:02.0128 0x1768  DXGKrnl - ok
20:16:02.0155 0x1768  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:16:02.0209 0x1768  EapHost - ok
20:16:02.0324 0x1768  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:16:02.0507 0x1768  ebdrv - ok
20:16:02.0548 0x1768  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS             C:\Windows\System32\lsass.exe
20:16:02.0590 0x1768  EFS - ok
20:16:02.0669 0x1768  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:16:02.0731 0x1768  ehRecvr - ok
20:16:02.0757 0x1768  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:16:02.0797 0x1768  ehSched - ok
20:16:02.0834 0x1768  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:16:02.0883 0x1768  elxstor - ok
20:16:02.0900 0x1768  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:16:02.0932 0x1768  ErrDev - ok
20:16:02.0982 0x1768  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:16:03.0071 0x1768  EventSystem - ok
20:16:03.0102 0x1768  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:16:03.0150 0x1768  exfat - ok
20:16:03.0179 0x1768  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:16:03.0251 0x1768  fastfat - ok
20:16:03.0288 0x1768  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:16:03.0333 0x1768  Fax - ok
20:16:03.0361 0x1768  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
20:16:03.0394 0x1768  fdc - ok
20:16:03.0420 0x1768  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:16:03.0478 0x1768  fdPHost - ok
20:16:03.0497 0x1768  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:16:03.0535 0x1768  FDResPub - ok
20:16:03.0546 0x1768  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:16:03.0559 0x1768  FileInfo - ok
20:16:03.0573 0x1768  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:16:03.0627 0x1768  Filetrace - ok
20:16:03.0646 0x1768  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:16:03.0687 0x1768  flpydisk - ok
20:16:03.0705 0x1768  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:16:03.0745 0x1768  FltMgr - ok
20:16:03.0807 0x1768  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:16:03.0899 0x1768  FontCache - ok
20:16:03.0964 0x1768  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:16:03.0987 0x1768  FontCache3.0.0.0 - ok
20:16:04.0005 0x1768  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:16:04.0017 0x1768  FsDepends - ok
20:16:04.0055 0x1768  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:16:04.0068 0x1768  Fs_Rec - ok
20:16:04.0088 0x1768  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:16:04.0112 0x1768  fvevol - ok
20:16:04.0166 0x1768  [ 444534CBA693DD23C1CC589681E01656, DF8ED7FFA66E0A88EBB58A491A177D8CEB35B08B0911D7A1F4B8865755DC27CE ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
20:16:04.0220 0x1768  FWLANUSB - ok
20:16:04.0244 0x1768  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:16:04.0281 0x1768  gagp30kx - ok
20:16:04.0320 0x1768  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:16:04.0391 0x1768  gpsvc - ok
20:16:04.0468 0x1768  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:16:04.0481 0x1768  gupdate - ok
20:16:04.0521 0x1768  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:16:04.0537 0x1768  gupdatem - ok
20:16:04.0559 0x1768  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:16:04.0619 0x1768  hcw85cir - ok
20:16:04.0671 0x1768  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:16:04.0733 0x1768  HdAudAddService - ok
20:16:04.0756 0x1768  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:16:04.0790 0x1768  HDAudBus - ok
20:16:04.0807 0x1768  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:16:04.0819 0x1768  HidBatt - ok
20:16:04.0844 0x1768  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:16:04.0897 0x1768  HidBth - ok
20:16:04.0922 0x1768  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:16:04.0967 0x1768  HidIr - ok
20:16:04.0990 0x1768  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:16:05.0030 0x1768  hidserv - ok
20:16:05.0050 0x1768  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:16:05.0076 0x1768  HidUsb - ok
20:16:05.0113 0x1768  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:16:05.0175 0x1768  hkmsvc - ok
20:16:05.0200 0x1768  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:16:05.0238 0x1768  HomeGroupListener - ok
20:16:05.0271 0x1768  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:16:05.0308 0x1768  HomeGroupProvider - ok
20:16:05.0324 0x1768  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:16:05.0355 0x1768  HpSAMD - ok
20:16:05.0403 0x1768  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:16:05.0476 0x1768  HTTP - ok
20:16:05.0519 0x1768  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:16:05.0545 0x1768  hwpolicy - ok
20:16:05.0573 0x1768  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:16:05.0599 0x1768  i8042prt - ok
20:16:05.0640 0x1768  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:16:05.0667 0x1768  iaStorV - ok
20:16:05.0730 0x1768  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:16:05.0753 0x1768  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:16:08.0179 0x1768  Detect skipped due to KSN trusted
20:16:08.0179 0x1768  IDriverT - ok
20:16:08.0254 0x1768  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:16:08.0289 0x1768  idsvc - ok
20:16:08.0329 0x1768  IEEtwCollectorService - ok
20:16:08.0341 0x1768  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:16:08.0375 0x1768  iirsp - ok
20:16:08.0426 0x1768  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:16:08.0467 0x1768  IKEEXT - ok
20:16:08.0486 0x1768  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:16:08.0495 0x1768  intelide - ok
20:16:08.0513 0x1768  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
20:16:08.0535 0x1768  intelppm - ok
20:16:08.0571 0x1768  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:16:08.0609 0x1768  IPBusEnum - ok
20:16:08.0640 0x1768  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:16:08.0691 0x1768  IpFilterDriver - ok
20:16:08.0731 0x1768  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:16:08.0775 0x1768  iphlpsvc - ok
20:16:08.0804 0x1768  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:16:08.0829 0x1768  IPMIDRV - ok
20:16:08.0850 0x1768  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:16:08.0887 0x1768  IPNAT - ok
20:16:08.0911 0x1768  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:16:08.0929 0x1768  IRENUM - ok
20:16:08.0940 0x1768  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:16:08.0952 0x1768  isapnp - ok
20:16:08.0982 0x1768  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:16:08.0999 0x1768  iScsiPrt - ok
20:16:09.0021 0x1768  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:16:09.0032 0x1768  kbdclass - ok
20:16:09.0040 0x1768  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:16:09.0067 0x1768  kbdhid - ok
20:16:09.0081 0x1768  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso          C:\Windows\system32\lsass.exe
20:16:09.0093 0x1768  KeyIso - ok
20:16:09.0114 0x1768  [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:16:09.0125 0x1768  KSecDD - ok
20:16:09.0153 0x1768  [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:16:09.0167 0x1768  KSecPkg - ok
20:16:09.0181 0x1768  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:16:09.0214 0x1768  ksthunk - ok
20:16:09.0247 0x1768  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:16:09.0292 0x1768  KtmRm - ok
20:16:09.0324 0x1768  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:16:09.0377 0x1768  LanmanServer - ok
20:16:09.0409 0x1768  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:16:09.0455 0x1768  LanmanWorkstation - ok
20:16:09.0473 0x1768  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:16:09.0507 0x1768  lltdio - ok
20:16:09.0532 0x1768  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:16:09.0588 0x1768  lltdsvc - ok
20:16:09.0604 0x1768  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:16:09.0654 0x1768  lmhosts - ok
20:16:09.0678 0x1768  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:16:09.0691 0x1768  LSI_FC - ok
20:16:09.0698 0x1768  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:16:09.0714 0x1768  LSI_SAS - ok
20:16:09.0722 0x1768  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:16:09.0734 0x1768  LSI_SAS2 - ok
20:16:09.0743 0x1768  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:16:09.0754 0x1768  LSI_SCSI - ok
20:16:09.0762 0x1768  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:16:09.0812 0x1768  luafv - ok
20:16:09.0844 0x1768  [ F0DCD0FD9D79668E34A660F49C8C00BC, 1A57E0E6528AD21F983577E3945B3B72A3A3614E6245313330A4351D9FD3F207 ] MADFULEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys
20:16:09.0854 0x1768  MADFULEGACYKEYBOARD - ok
20:16:09.0870 0x1768  [ FAEDBEE189A877E302B023BD24FAEBF8, C6E77B90D5D53E539A3AE35D42DD17E90AC1F90B3698C4600BC537E58EA867E4 ] MAUSBLEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys
20:16:09.0883 0x1768  MAUSBLEGACYKEYBOARD - ok
20:16:09.0921 0x1768  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:16:09.0939 0x1768  Mcx2Svc - ok
20:16:09.0957 0x1768  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:16:09.0969 0x1768  megasas - ok
20:16:09.0995 0x1768  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:16:10.0012 0x1768  MegaSR - ok
20:16:10.0031 0x1768  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:16:10.0080 0x1768  MMCSS - ok
20:16:10.0095 0x1768  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:16:10.0126 0x1768  Modem - ok
20:16:10.0146 0x1768  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:16:10.0170 0x1768  monitor - ok
20:16:10.0195 0x1768  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:16:10.0206 0x1768  mouclass - ok
20:16:10.0212 0x0bbc  Object required for P2P: [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject
20:16:10.0222 0x1768  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:16:10.0243 0x1768  mouhid - ok
20:16:10.0252 0x1768  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:16:10.0265 0x1768  mountmgr - ok
20:16:10.0295 0x1768  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:16:10.0305 0x1768  MozillaMaintenance - ok
20:16:10.0320 0x1768  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:16:10.0334 0x1768  mpio - ok
20:16:10.0350 0x1768  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:16:10.0398 0x1768  mpsdrv - ok
20:16:10.0439 0x1768  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:16:10.0495 0x1768  MpsSvc - ok
20:16:10.0522 0x1768  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:16:10.0557 0x1768  MRxDAV - ok
20:16:10.0574 0x1768  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:16:10.0610 0x1768  mrxsmb - ok
20:16:10.0645 0x1768  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:16:10.0663 0x1768  mrxsmb10 - ok
20:16:10.0671 0x1768  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:16:10.0692 0x1768  mrxsmb20 - ok
20:16:10.0712 0x1768  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:16:10.0722 0x1768  msahci - ok
20:16:10.0730 0x1768  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:16:10.0744 0x1768  msdsm - ok
20:16:10.0772 0x1768  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:16:10.0789 0x1768  MSDTC - ok
20:16:10.0801 0x1768  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:16:10.0833 0x1768  Msfs - ok
20:16:10.0848 0x1768  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:16:10.0881 0x1768  mshidkmdf - ok
20:16:10.0885 0x1768  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:16:10.0896 0x1768  msisadrv - ok
20:16:10.0917 0x1768  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:16:10.0976 0x1768  MSiSCSI - ok
20:16:10.0981 0x1768  msiserver - ok
20:16:10.0999 0x1768  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:16:11.0030 0x1768  MSKSSRV - ok
20:16:11.0049 0x1768  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:16:11.0082 0x1768  MSPCLOCK - ok
20:16:11.0095 0x1768  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:16:11.0140 0x1768  MSPQM - ok
20:16:11.0168 0x1768  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:16:11.0188 0x1768  MsRPC - ok
20:16:11.0205 0x1768  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:16:11.0216 0x1768  mssmbios - ok
20:16:11.0235 0x1768  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:16:11.0265 0x1768  MSTEE - ok
20:16:11.0283 0x1768  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:16:11.0302 0x1768  MTConfig - ok
20:16:11.0319 0x1768  [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:16:11.0327 0x1768  MTsensor - ok
20:16:11.0333 0x1768  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:16:11.0346 0x1768  Mup - ok
20:16:11.0372 0x1768  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:16:11.0417 0x1768  napagent - ok
20:16:11.0454 0x1768  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:16:11.0496 0x1768  NativeWifiP - ok
20:16:11.0553 0x1768  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:16:11.0588 0x1768  NDIS - ok
20:16:11.0598 0x1768  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:16:11.0635 0x1768  NdisCap - ok
20:16:11.0647 0x1768  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:16:11.0678 0x1768  NdisTapi - ok
20:16:11.0699 0x1768  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:16:11.0732 0x1768  Ndisuio - ok
20:16:11.0759 0x1768  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:16:11.0806 0x1768  NdisWan - ok
20:16:11.0822 0x1768  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:16:11.0856 0x1768  NDProxy - ok
20:16:11.0862 0x1768  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:16:11.0908 0x1768  NetBIOS - ok
20:16:11.0918 0x1768  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:16:11.0957 0x1768  NetBT - ok
20:16:11.0978 0x1768  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon        C:\Windows\system32\lsass.exe
20:16:11.0989 0x1768  Netlogon - ok
20:16:12.0009 0x1768  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:16:12.0054 0x1768  Netman - ok
20:16:12.0087 0x1768  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:16:12.0102 0x1768  NetMsmqActivator - ok
20:16:12.0111 0x1768  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:16:12.0124 0x1768  NetPipeActivator - ok
20:16:12.0160 0x1768  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:16:12.0217 0x1768  netprofm - ok
20:16:12.0229 0x1768  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:16:12.0244 0x1768  NetTcpActivator - ok
20:16:12.0253 0x1768  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:16:12.0269 0x1768  NetTcpPortSharing - ok
20:16:12.0297 0x1768  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:16:12.0307 0x1768  nfrd960 - ok
20:16:12.0335 0x1768  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:16:12.0381 0x1768  NlaSvc - ok
20:16:12.0390 0x1768  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:16:12.0424 0x1768  Npfs - ok
20:16:12.0443 0x1768  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:16:12.0492 0x1768  nsi - ok
20:16:12.0500 0x1768  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:16:12.0535 0x1768  nsiproxy - ok
20:16:12.0608 0x1768  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:16:12.0663 0x1768  Ntfs - ok
20:16:12.0682 0x1768  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:16:12.0727 0x1768  Null - ok
20:16:12.0753 0x1768  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:16:12.0767 0x1768  nvraid - ok
20:16:12.0787 0x1768  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:16:12.0800 0x1768  nvstor - ok
20:16:12.0829 0x1768  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:16:12.0843 0x1768  nv_agp - ok
20:16:12.0878 0x1768  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:16:12.0890 0x1768  ohci1394 - ok
20:16:12.0921 0x1768  [ FA5D730CE3F3A3BD21C1040E212230D4, 74C4C5DD79D60D7A5821F514614861FC7EE0C7160F7F8A96683087DEDE67C2C6 ] OM0530          C:\Windows\system32\Drivers\ov530vx.sys
20:16:12.0937 0x1768  OM0530 - ok
20:16:13.0043 0x1768  [ 4F2ED8FB21F127DC1FA98D4CA2279E75, 96DB5DF9C55757EB2F761309036F87D8C55BAB2851FBB716A02A9248712CB13A ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
20:16:13.0121 0x1768  Origin Client Service - ok
20:16:13.0163 0x1768  [ 2B7D360154E5324F9BA181AF0DBFB2AA, DD53FEDAEC6CB8243142561A946B7A372C320A2C69F8896D33DB504B78707D35 ] OverwolfUpdaterService C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
20:16:13.0175 0x1768  OverwolfUpdaterService - ok
20:16:13.0241 0x1768  [ E357862CA46F2C3E98E5E8007A317363, 0A3ADF2F6A8800EA1A76BBA58D5CB1B22A70DF895EF5D4C7169456B0C44061ED ] OxygenAudioDevMon C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
20:16:13.0289 0x1768  OxygenAudioDevMon - ok
20:16:13.0317 0x1768  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:16:13.0356 0x1768  p2pimsvc - ok
20:16:13.0383 0x1768  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:16:13.0406 0x1768  p2psvc - ok
20:16:13.0426 0x1768  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:16:13.0455 0x1768  Parport - ok
20:16:13.0477 0x1768  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:16:13.0487 0x1768  partmgr - ok
20:16:13.0511 0x1768  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:16:13.0549 0x1768  PcaSvc - ok
20:16:13.0563 0x1768  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:16:13.0578 0x1768  pci - ok
20:16:13.0594 0x1768  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:16:13.0603 0x1768  pciide - ok
20:16:13.0632 0x1768  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:16:13.0647 0x1768  pcmcia - ok
20:16:13.0653 0x1768  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:16:13.0665 0x1768  pcw - ok
20:16:13.0704 0x1768  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:16:13.0769 0x1768  PEAUTH - ok
20:16:13.0817 0x1768  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:16:13.0842 0x1768  PerfHost - ok
20:16:13.0911 0x1768  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:16:13.0991 0x1768  pla - ok
20:16:14.0028 0x1768  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:16:14.0073 0x1768  PlugPlay - ok
20:16:14.0116 0x1768  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
20:16:14.0127 0x1768  PnkBstrA - ok
20:16:14.0142 0x1768  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:16:14.0169 0x1768  PNRPAutoReg - ok
20:16:14.0191 0x1768  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:16:14.0208 0x1768  PNRPsvc - ok
20:16:14.0237 0x1768  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:16:14.0283 0x1768  PolicyAgent - ok
20:16:14.0311 0x1768  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:16:14.0358 0x1768  Power - ok
20:16:14.0390 0x1768  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:16:14.0422 0x1768  PptpMiniport - ok
20:16:14.0442 0x1768  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
20:16:14.0472 0x1768  Processor - ok
20:16:14.0499 0x1768  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:16:14.0531 0x1768  ProfSvc - ok
20:16:14.0550 0x1768  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:16:14.0562 0x1768  ProtectedStorage - ok
20:16:14.0576 0x1768  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:16:14.0609 0x1768  Psched - ok
20:16:14.0630 0x1768  [ BC08F7F3C53CBEE68670ED1314E290FD, EC683DDE60AFED297D28BC7570BB6DA27A94F52417AD6DE1FBE265255F4051DD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
20:16:14.0641 0x1768  PxHlpa64 - ok
20:16:14.0695 0x1768  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:16:14.0762 0x1768  ql2300 - ok
20:16:14.0780 0x1768  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:16:14.0793 0x1768  ql40xx - ok
20:16:14.0807 0x1768  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:16:14.0829 0x1768  QWAVE - ok
20:16:14.0843 0x1768  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:16:14.0873 0x1768  QWAVEdrv - ok
20:16:14.0896 0x1768  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:16:14.0926 0x1768  RasAcd - ok
20:16:14.0943 0x1768  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:16:14.0976 0x1768  RasAgileVpn - ok
20:16:14.0990 0x1768  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:16:15.0026 0x1768  RasAuto - ok
20:16:15.0035 0x1768  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:16:15.0070 0x1768  Rasl2tp - ok
20:16:15.0105 0x1768  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:16:15.0157 0x1768  RasMan - ok
20:16:15.0166 0x1768  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:16:15.0213 0x1768  RasPppoe - ok
20:16:15.0220 0x1768  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:16:15.0255 0x1768  RasSstp - ok
20:16:15.0279 0x1768  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:16:15.0320 0x1768  rdbss - ok
20:16:15.0335 0x1768  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:16:15.0367 0x1768  rdpbus - ok
20:16:15.0389 0x1768  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:16:15.0419 0x1768  RDPCDD - ok
20:16:15.0430 0x1768  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:16:15.0474 0x1768  RDPENCDD - ok
20:16:15.0482 0x1768  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:16:15.0515 0x1768  RDPREFMP - ok
20:16:15.0551 0x1768  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:16:15.0588 0x1768  RdpVideoMiniport - ok
20:16:15.0607 0x1768  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:16:15.0639 0x1768  RDPWD - ok
20:16:15.0668 0x1768  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:16:15.0684 0x1768  rdyboost - ok
20:16:15.0705 0x1768  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:16:15.0749 0x1768  RemoteAccess - ok
20:16:15.0782 0x1768  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:16:15.0822 0x1768  RemoteRegistry - ok
20:16:15.0830 0x1768  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:16:15.0866 0x1768  RpcEptMapper - ok
20:16:15.0883 0x1768  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:16:15.0897 0x1768  RpcLocator - ok
20:16:15.0930 0x1768  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:16:15.0975 0x1768  RpcSs - ok
20:16:15.0987 0x1768  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:16:16.0035 0x1768  rspndr - ok
20:16:16.0078 0x1768  [ 8181B5E7BFC040E0B26349C73E719335, EBB244A7E8E2CDC51041B2C2A78DCB77324F9E3746942C84902FCD928ADED897 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:16:16.0106 0x1768  RTL8167 - ok
20:16:16.0123 0x1768  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs           C:\Windows\system32\lsass.exe
20:16:16.0135 0x1768  SamSs - ok
20:16:16.0150 0x1768  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:16:16.0164 0x1768  sbp2port - ok
20:16:16.0177 0x1768  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:16:16.0228 0x1768  SCardSvr - ok
20:16:16.0249 0x1768  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:16:16.0282 0x1768  scfilter - ok
20:16:16.0324 0x1768  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:16:16.0395 0x1768  Schedule - ok
20:16:16.0437 0x1768  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:16:16.0470 0x1768  SCPolicySvc - ok
20:16:16.0495 0x1768  [ 8B56BDCE6A303DDE63D63440D1CF9AD1, 66A4356C29D00A1B8A95975C073AE4E6D2A90CBF3B143FE9B83B96BEC0805D46 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
20:16:16.0507 0x1768  ScreamBAudioSvc - ok
20:16:16.0531 0x1768  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:16:16.0568 0x1768  SDRSVC - ok
20:16:16.0720 0x1768  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:16:16.0773 0x1768  SDScannerService - ok
20:16:16.0876 0x1768  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:16:16.0935 0x1768  SDUpdateService - ok
20:16:16.0962 0x1768  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:16:16.0983 0x1768  SDWSCService - ok
20:16:17.0001 0x1768  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:16:17.0035 0x1768  secdrv - ok
20:16:17.0044 0x1768  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:16:17.0093 0x1768  seclogon - ok
20:16:17.0114 0x1768  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:16:17.0151 0x1768  SENS - ok
20:16:17.0165 0x1768  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:16:17.0184 0x1768  SensrSvc - ok
20:16:17.0196 0x1768  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:16:17.0207 0x1768  Serenum - ok
20:16:17.0222 0x1768  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:16:17.0236 0x1768  Serial - ok
20:16:17.0253 0x1768  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:16:17.0265 0x1768  sermouse - ok
20:16:17.0294 0x1768  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:16:17.0340 0x1768  SessionEnv - ok
20:16:17.0361 0x1768  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:16:17.0389 0x1768  sffdisk - ok
20:16:17.0407 0x1768  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:16:17.0420 0x1768  sffp_mmc - ok
20:16:17.0434 0x1768  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:16:17.0451 0x1768  sffp_sd - ok
20:16:17.0468 0x1768  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:16:17.0481 0x1768  sfloppy - ok
20:16:17.0542 0x1768  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:16:17.0600 0x1768  SharedAccess - ok
20:16:17.0638 0x1768  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:16:17.0692 0x1768  ShellHWDetection - ok
20:16:17.0714 0x1768  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:16:17.0724 0x1768  SiSRaid2 - ok
20:16:17.0739 0x1768  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:16:17.0751 0x1768  SiSRaid4 - ok
20:16:17.0773 0x1768  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:16:17.0823 0x1768  Smb - ok
20:16:17.0846 0x1768  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:16:17.0859 0x1768  SNMPTRAP - ok
20:16:17.0869 0x1768  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:16:17.0879 0x1768  spldr - ok
20:16:17.0921 0x1768  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:16:17.0960 0x1768  Spooler - ok
20:16:18.0077 0x1768  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:16:18.0202 0x1768  sppsvc - ok
20:16:18.0231 0x1768  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:16:18.0266 0x1768  sppuinotify - ok
20:16:18.0315 0x1768  [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd            C:\Windows\System32\Drivers\sptd.sys
20:16:18.0355 0x1768  sptd - ok
20:16:18.0392 0x1768  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:16:18.0443 0x1768  srv - ok
20:16:18.0464 0x1768  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:16:18.0488 0x1768  srv2 - ok
20:16:18.0508 0x1768  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:16:18.0523 0x1768  srvnet - ok
20:16:18.0536 0x1768  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:16:18.0591 0x1768  SSDPSRV - ok
20:16:18.0609 0x1768  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:16:18.0648 0x1768  SstpSvc - ok
20:16:18.0694 0x1768  [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:16:18.0708 0x1768  ssudmdm - ok
20:16:18.0745 0x1768  [ F7093A27C4AF6D9EEA0ACAC1C4FF6828, 40E1A8FB08D3063711E87C15B24009B397CAD279905AA72FADBB4A8B611474CD ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
20:16:18.0759 0x1768  ssudserd - ok
20:16:18.0838 0x1768  [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:16:18.0864 0x1768  Steam Client Service - ok
20:16:18.0897 0x1768  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:16:18.0910 0x1768  stexstor - ok
20:16:18.0941 0x1768  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:16:18.0991 0x1768  stisvc - ok
20:16:19.0009 0x1768  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:16:19.0020 0x1768  swenum - ok
20:16:19.0087 0x1768  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:16:19.0123 0x1768  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:16:21.0537 0x1768  Detect skipped due to KSN trusted
20:16:21.0537 0x1768  SwitchBoard - ok
20:16:21.0582 0x1768  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:16:21.0635 0x1768  swprv - ok
20:16:21.0694 0x1768  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:16:21.0781 0x1768  SysMain - ok
20:16:21.0791 0x1768  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:16:21.0821 0x1768  TabletInputService - ok
20:16:21.0852 0x1768  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:16:21.0910 0x1768  TapiSrv - ok
20:16:21.0936 0x1768  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:16:21.0986 0x1768  TBS - ok
20:16:22.0072 0x1768  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:16:22.0156 0x1768  Tcpip - ok
20:16:22.0223 0x1768  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:16:22.0290 0x1768  TCPIP6 - ok
20:16:22.0318 0x1768  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:16:22.0329 0x1768  tcpipreg - ok
20:16:22.0359 0x1768  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:16:22.0393 0x1768  TDPIPE - ok
20:16:22.0425 0x1768  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:16:22.0437 0x1768  TDTCP - ok
20:16:22.0467 0x1768  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:16:22.0490 0x1768  tdx - ok
20:16:22.0509 0x1768  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:16:22.0518 0x1768  TermDD - ok
20:16:22.0555 0x1768  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:16:22.0592 0x1768  TermService - ok
20:16:22.0610 0x1768  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:16:22.0629 0x1768  Themes - ok
20:16:22.0650 0x1768  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:16:22.0686 0x1768  THREADORDER - ok
20:16:22.0701 0x1768  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:16:22.0737 0x1768  TrkWks - ok
20:16:22.0785 0x1768  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:16:22.0822 0x1768  TrustedInstaller - ok
20:16:22.0858 0x1768  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:16:22.0871 0x1768  tssecsrv - ok
20:16:22.0893 0x1768  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:16:22.0929 0x1768  TsUsbFlt - ok
20:16:22.0950 0x1768  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:16:22.0976 0x1768  TsUsbGD - ok
20:16:23.0083 0x1768  [ 258C050D197D923668B36C8D3F6A2353, 9A8CDC8FDCF24986FE963566591E2B535653837A8A63EE462126D336E6F94E97 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
20:16:23.0148 0x1768  TuneUp.UtilitiesSvc - ok
20:16:23.0177 0x1768  [ 45427C4B8CAC6B241478F149B935CD80, 7F772D6D00D1ADD394F5907804661C75780EE9F8DF21EF0719D3E4ABA00092B7 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
20:16:23.0188 0x1768  TuneUpUtilitiesDrv - ok
20:16:23.0212 0x1768  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:16:23.0248 0x1768  tunnel - ok
20:16:23.0267 0x1768  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:16:23.0277 0x1768  uagp35 - ok
20:16:23.0317 0x1768  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:16:23.0361 0x1768  udfs - ok
20:16:23.0378 0x1768  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:16:23.0402 0x1768  UI0Detect - ok
20:16:23.0428 0x1768  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:16:23.0440 0x1768  uliagpkx - ok
20:16:23.0467 0x1768  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:16:23.0490 0x1768  umbus - ok
20:16:23.0501 0x1768  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:16:23.0527 0x1768  UmPass - ok
20:16:23.0555 0x1768  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:16:23.0599 0x1768  upnphost - ok
20:16:23.0624 0x1768  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:16:23.0645 0x1768  usbaudio - ok
20:16:23.0666 0x1768  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:16:23.0700 0x1768  usbccgp - ok
20:16:23.0728 0x1768  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:16:23.0749 0x1768  usbcir - ok
20:16:23.0771 0x1768  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:16:23.0783 0x1768  usbehci - ok
20:16:23.0799 0x1768  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:16:23.0838 0x1768  usbhub - ok
20:16:23.0858 0x1768  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:16:23.0877 0x1768  usbohci - ok
20:16:23.0901 0x1768  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:16:23.0937 0x1768  usbprint - ok
20:16:23.0964 0x1768  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:16:24.0001 0x1768  USBSTOR - ok
20:16:24.0027 0x1768  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:16:24.0046 0x1768  usbuhci - ok
20:16:24.0089 0x1768  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:16:24.0104 0x1768  usbvideo - ok
20:16:24.0128 0x1768  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:16:24.0165 0x1768  UxSms - ok
20:16:24.0196 0x1768  [ 97BCD40E27C46B398524DF9B4DC88A6F, D1466C414B6044B65D63138B3C42B54B3B6E54AD40613E171F980D0E0D9627B5 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
20:16:24.0207 0x1768  UxTuneUp - ok
20:16:24.0222 0x1768  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc        C:\Windows\system32\lsass.exe
20:16:24.0236 0x1768  VaultSvc - ok
20:16:24.0245 0x1768  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:16:24.0258 0x1768  vdrvroot - ok
20:16:24.0282 0x1768  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:16:24.0347 0x1768  vds - ok
20:16:24.0373 0x1768  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:16:24.0387 0x1768  vga - ok
20:16:24.0411 0x1768  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:16:24.0454 0x1768  VgaSave - ok
20:16:24.0474 0x1768  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:16:24.0490 0x1768  vhdmp - ok
20:16:24.0582 0x1768  [ EECF5B7210D773F3501CEDA848D53D31, C98034418DA5351A82B3FFAFBD277BAE4AE8AF25DD491BF628CEA0C708A5A9B2 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
20:16:24.0673 0x1768  VIAHdAudAddService - ok
20:16:24.0708 0x1768  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:16:24.0718 0x1768  viaide - ok
20:16:24.0732 0x1768  [ 43412F74D9516EF87988F2397A9B8E78, 82253E49D2762D67D202A8D3A215EF5F937ADFCF711AD238B6FDACAE0CC80A49 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
20:16:24.0741 0x1768  VIAKaraokeService - ok
20:16:24.0750 0x1768  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:16:24.0761 0x1768  volmgr - ok
20:16:24.0775 0x1768  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:16:24.0795 0x1768  volmgrx - ok
20:16:24.0806 0x1768  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:16:24.0824 0x1768  volsnap - ok
20:16:24.0838 0x1768  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:16:24.0853 0x1768  vsmraid - ok
20:16:24.0907 0x1768  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:16:25.0015 0x1768  VSS - ok
20:16:25.0040 0x1768  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:16:25.0067 0x1768  vwifibus - ok
20:16:25.0096 0x1768  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:16:25.0145 0x1768  W32Time - ok
20:16:25.0170 0x1768  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:16:25.0206 0x1768  WacomPen - ok
20:16:25.0222 0x1768  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:16:25.0256 0x1768  WANARP - ok
20:16:25.0264 0x1768  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:16:25.0298 0x1768  Wanarpv6 - ok
20:16:25.0352 0x1768  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:16:25.0430 0x1768  wbengine - ok
20:16:25.0455 0x1768  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:16:25.0479 0x1768  WbioSrvc - ok
20:16:25.0505 0x1768  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:16:25.0533 0x1768  wcncsvc - ok
20:16:25.0550 0x1768  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:16:25.0574 0x1768  WcsPlugInService - ok
20:16:25.0588 0x1768  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
20:16:25.0599 0x1768  Wd - ok
20:16:25.0620 0x1768  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
20:16:25.0645 0x1768  WDC_SAM - ok
20:16:25.0696 0x1768  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:16:25.0731 0x1768  Wdf01000 - ok
20:16:25.0743 0x1768  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:16:25.0823 0x1768  WdiServiceHost - ok
20:16:25.0833 0x1768  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:16:25.0851 0x1768  WdiSystemHost - ok
20:16:25.0878 0x1768  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:16:25.0911 0x1768  WebClient - ok
20:16:25.0943 0x1768  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:16:25.0998 0x1768  Wecsvc - ok
20:16:26.0008 0x1768  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:16:26.0043 0x1768  wercplsupport - ok
20:16:26.0064 0x1768  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:16:26.0100 0x1768  WerSvc - ok
20:16:26.0111 0x1768  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:16:26.0142 0x1768  WfpLwf - ok
20:16:26.0165 0x1768  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:16:26.0175 0x1768  WIMMount - ok
20:16:26.0210 0x1768  WinDefend - ok
20:16:26.0220 0x1768  WinHttpAutoProxySvc - ok
20:16:26.0273 0x1768  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:16:26.0312 0x1768  Winmgmt - ok
20:16:26.0396 0x1768  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
20:16:26.0502 0x1768  WinRM - ok
20:16:26.0540 0x1768  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:16:26.0556 0x1768  WinUsb - ok
20:16:26.0593 0x1768  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:16:26.0636 0x1768  Wlansvc - ok
20:16:26.0782 0x1768  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:16:26.0846 0x1768  wlidsvc - ok
20:16:26.0862 0x1768  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:16:26.0877 0x1768  WmiAcpi - ok
20:16:26.0897 0x1768  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:16:26.0915 0x1768  wmiApSrv - ok
20:16:26.0923 0x1768  WMPNetworkSvc - ok
20:16:26.0939 0x1768  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:16:26.0958 0x1768  WPCSvc - ok
20:16:26.0976 0x1768  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:16:26.0995 0x1768  WPDBusEnum - ok
20:16:27.0007 0x1768  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:16:27.0041 0x1768  ws2ifsl - ok
20:16:27.0059 0x1768  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:16:27.0079 0x1768  wscsvc - ok
20:16:27.0085 0x1768  WSearch - ok
20:16:27.0191 0x1768  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:16:27.0272 0x1768  wuauserv - ok
20:16:27.0300 0x1768  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:16:27.0324 0x1768  WudfPf - ok
20:16:27.0349 0x1768  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:16:27.0370 0x1768  WUDFRd - ok
20:16:27.0386 0x1768  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:16:27.0403 0x1768  wudfsvc - ok
20:16:27.0433 0x1768  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:16:27.0468 0x1768  WwanSvc - ok
20:16:27.0474 0x1768  ================ Scan global ===============================
20:16:27.0517 0x1768  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:16:27.0553 0x1768  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:16:27.0569 0x1768  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:16:27.0595 0x1768  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:16:27.0614 0x1768  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:16:27.0625 0x1768  [ Global ] - ok
20:16:27.0626 0x1768  ================ Scan MBR ==================================
20:16:27.0639 0x1768  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:16:27.0871 0x1768  \Device\Harddisk0\DR0 - ok
20:16:27.0890 0x1768  [ 205060F860AA1EC25B607A1B5B40A40C ] \Device\Harddisk1\DR1
20:16:27.0974 0x1768  \Device\Harddisk1\DR1 - ok
20:16:27.0978 0x1768  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
20:16:28.0516 0x1768  \Device\Harddisk2\DR2 - ok
20:16:28.0520 0x1768  [ 988D3C46CBD13EC7F482B833C55264C8 ] \Device\Harddisk3\DR3
20:16:28.0946 0x1768  \Device\Harddisk3\DR3 - ok
20:16:28.0946 0x1768  ================ Scan VBR ==================================
20:16:28.0969 0x1768  [ C07BC3BE82CA91B4832947491A4E6E31 ] \Device\Harddisk0\DR0\Partition1
20:16:28.0971 0x1768  \Device\Harddisk0\DR0\Partition1 - ok
20:16:28.0978 0x1768  [ EDB793810F8BAECAE2F9D3C0C5311652 ] \Device\Harddisk0\DR0\Partition2
20:16:29.0013 0x1768  \Device\Harddisk0\DR0\Partition2 - ok
20:16:29.0017 0x1768  [ ED28D0D8202823080428C72EEA85B213 ] \Device\Harddisk0\DR0\Partition3
20:16:29.0018 0x1768  \Device\Harddisk0\DR0\Partition3 - ok
20:16:29.0038 0x1768  [ 7604813F6EDB7C5C5A77592F1C163FE0 ] \Device\Harddisk1\DR1\Partition1
20:16:29.0039 0x1768  \Device\Harddisk1\DR1\Partition1 - ok
20:16:29.0051 0x1768  [ 887DD3C8B480381118BB555328DFF85E ] \Device\Harddisk1\DR1\Partition2
20:16:29.0052 0x1768  \Device\Harddisk1\DR1\Partition2 - ok
20:16:29.0068 0x1768  [ 81023E46A17A1940216BCDC3921122DC ] \Device\Harddisk1\DR1\Partition3
20:16:29.0070 0x1768  \Device\Harddisk1\DR1\Partition3 - ok
20:16:29.0073 0x1768  [ 60B4F8F9D84337FFBADD364A2E6A3988 ] \Device\Harddisk1\DR1\Partition4
20:16:29.0076 0x1768  \Device\Harddisk1\DR1\Partition4 - ok
20:16:29.0079 0x1768  [ 97793C6EBE782489632BE676E2C9BE30 ] \Device\Harddisk2\DR2\Partition1
20:16:29.0136 0x1768  \Device\Harddisk2\DR2\Partition1 - ok
20:16:29.0140 0x1768  [ EFB00E60BB2055492290E549E5A4574A ] \Device\Harddisk3\DR3\Partition1
20:16:29.0159 0x1768  \Device\Harddisk3\DR3\Partition1 - ok
20:16:29.0160 0x1768  ================ Scan generic autorun ======================
20:16:29.0221 0x1768  [ 320681DF28D82CDCA7E3EED0846625DB, 7F709ADFB0FE36BEC857A928E9CB29BB5B6C0BAD98824D0302C7BB7185100CB9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
20:16:29.0242 0x1768  AdobeAAMUpdater-1.0 - ok
20:16:29.0467 0x1768  [ 3D6737ADDB9B1DF81605C442ED6D2D90, 5B8D68945E1A97FD1AF40333448FE335743F48F46A70E303ADF406CC0CC253FB ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
20:16:29.0629 0x1768  HDAudDeck - detected UnsignedFile.Multi.Generic ( 1 )
20:16:30.0040 0x0bbc  Object send P2P result: true
20:16:32.0048 0x1768  Detect skipped due to KSN trusted
20:16:32.0048 0x1768  HDAudDeck - ok
20:16:32.0111 0x1768  [ 94D247679E0862C7FA8C5AD712E03948, B6579E5675DDEE338D5248B6A1769CFCEC72DF127A5A367980F388FE782C4748 ] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe
20:16:32.0145 0x1768  Cpu Level Up help - ok
20:16:32.0217 0x1768  [ 80F72159E0EB98A9B32FF61132C2E60D, 7F9AD5AE0C23EC5AB7DD63020897646A57CD275D325D399C35001C3DAC0B147F ] C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
20:16:32.0281 0x1768  Turbo Key - detected UnsignedFile.Multi.Generic ( 1 )
20:16:34.0333 0x1424  Object required for P2P: [ 320681DF28D82CDCA7E3EED0846625DB ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
20:16:34.0699 0x1768  Detect skipped due to KSN trusted
20:16:34.0699 0x1768  Turbo Key - ok
20:16:34.0738 0x1768  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:16:34.0758 0x1768  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:16:34.0758 0x1768  Detect skipped due to KSN trusted
20:16:34.0758 0x1768  SwitchBoard - ok
20:16:34.0809 0x1768  [ 8FE651ACBA3344E645CFEB6286FFF6B8, ECE4DFFEB7EB0B19B6790FD0F619A5C4B23CA0BA9CC3F25924925F8EA07264B6 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
20:16:34.0860 0x1768  AdobeCS6ServiceManager - ok
20:16:34.0890 0x1768  [ C5239F47944FA3036A256DE9BDB94EB6, 3464B8B5036FA954553850A590D765D30E805818049FBF2E6C444B5FB0147BD4 ] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
20:16:34.0912 0x1768  Zboard - detected UnsignedFile.Multi.Generic ( 1 )
20:16:37.0328 0x1768  Detect skipped due to KSN trusted
20:16:37.0328 0x1768  Zboard - ok
20:16:37.0406 0x1768  [ DB3682851D0218AEC5911CD0D1D7AABE, E3186E075F788131C7E6746D035DED5E3056E20784D635D5CAEC00EF3D27CC72 ] C:\Program Files (x86)\BF2Hub Client\bf2hub.exe
20:16:37.0469 0x1768  BF2Hub Client - detected UnsignedFile.Multi.Generic ( 1 )
20:16:39.0955 0x1768  BF2Hub Client ( UnsignedFile.Multi.Generic ) - warning
20:16:39.0955 0x1768  Force sending object to P2P due to detect: C:\Program Files (x86)\BF2Hub Client\bf2hub.exe
20:16:53.0873 0x1424  Object send P2P result: true
20:16:56.0712 0x1768  Object send P2P result: true
20:17:10.0166 0x1768  [ F8A3337DE768B126B061F1B7CD38A436, F93EE8D8D7CA28658587F82C38AE6C13D51A03CFE8DE6AC3BA35DC6A1DB986CE ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
20:17:10.0182 0x1768  KiesTrayAgent - ok
20:17:10.0216 0x1768  [ ACFE2A5FBB735E6463B51D19A84B5C1E, ECCA84BD6E56C2370BBCF1EFE88F92649DF040C53D73711C5BBEF19962214119 ] C:\Program Files (x86)\Raptr\raptrstub.exe
20:17:10.0228 0x1768  Raptr - ok
20:17:10.0311 0x1768  [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:17:10.0344 0x1768  StartCCC - ok
20:17:10.0500 0x1768  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
20:17:10.0656 0x1768  SDTray - ok
20:17:10.0748 0x1768  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:17:10.0835 0x1768  Sidebar - ok
20:17:10.0859 0x1768  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:17:10.0878 0x1768  mctadmin - ok
20:17:10.0932 0x1768  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:17:10.0973 0x1768  Sidebar - ok
20:17:10.0981 0x1768  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:17:10.0999 0x1768  mctadmin - ok
20:17:11.0053 0x1768  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\SysWOW64\rundll32.exe
20:17:11.0078 0x1768  NextLive - ok
20:17:11.0191 0x1768  [ 3255867AE34EDD5346C750677EE63354, 3FC8E1EFF33EE83717C285D0CD388886135C5BF977B69CF6ADCFD4196139D483 ] C:\Program Files (x86)\Steam\Steam.exe
20:17:11.0265 0x1768  Steam - ok
20:17:11.0398 0x1768  [ 1BFCA8EBFBDC43B5C7C3BCF92A47DD77, EA4A4B5E4BFB31451A472A3E5F23CA163EB53B7D08C892454D6905B034ABBBF6 ] C:\Program Files (x86)\Origin\Origin.exe
20:17:11.0542 0x1768  EADM - ok
20:17:11.0620 0x1768  [ 2F85D5E63A1ECE08085D32C1B615BBFD, 7263F4E0CC7D375CBAA44406F90F427E6EC9382184B3CD62A90C0DD6B7D88372 ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
20:17:11.0664 0x1768  KiesPreload - ok
20:17:11.0701 0x1768  [ 06ACC931AD00231ECAD476F56AE73368, BFB82E25F4D6021E43BF8627A7BF0DFA7027AB38B4F3B6AD1DEB8461D4F87AD5 ] C:\Users\Wallace\AppData\Roaming\Pace-worried\paceoccasion.exe
20:17:11.0701 0x1768  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Roaming\Pace-worried\paceoccasion.exe. md5: 06ACC931AD00231ECAD476F56AE73368, sha256: BFB82E25F4D6021E43BF8627A7BF0DFA7027AB38B4F3B6AD1DEB8461D4F87AD5
20:17:11.0701 0x1768  pace-egg - detected LockedFile.Multi.Generic ( 1 )
20:17:14.0110 0x1768  Detect turned to UDS exact due to KSN untrusted
20:17:14.0110 0x1768  pace-egg ( UDS:DangerousObject.Multi.Generic ) - infected
20:17:14.0110 0x1768  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Roaming\Pace-worried\paceoccasion.exe
20:17:32.0320 0x1768  Object send P2P result: true
20:17:34.0723 0x1768  [ C9F15C15E1B5B06062CD9BAA1133D77C, 49F466489532FF55F2BF7AA8E28A6277BE04211B0BED2BF7F3DB15D9485BAB6F ] C:\Users\Wallace\AppData\Local\Temp\String-entrance\string-justify.exe
20:17:34.0723 0x1768  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Local\Temp\String-entrance\string-justify.exe. md5: C9F15C15E1B5B06062CD9BAA1133D77C, sha256: 49F466489532FF55F2BF7AA8E28A6277BE04211B0BED2BF7F3DB15D9485BAB6F
20:17:34.0745 0x1768  string-weekend - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
20:17:37.0161 0x1768  string-weekend ( Trojan-Spy.Win32.ZBot.gen ) - infected
20:17:37.0161 0x1768  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Local\Temp\String-entrance\string-justify.exe
20:17:57.0162 0x1768  Object send P2P result: false
20:17:59.0525 0x1768  [ F4FAEFA73454CD942314ECF40953D93B, 3645ACF85998631E4E75FF7D9DAF7A813684DB77DFD7996A6A1768231B7250E9 ] C:\Users\Wallace\AppData\Roaming\Hatinvite\hat_retire.exe
20:17:59.0526 0x1768  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Roaming\Hatinvite\hat_retire.exe. md5: F4FAEFA73454CD942314ECF40953D93B, sha256: 3645ACF85998631E4E75FF7D9DAF7A813684DB77DFD7996A6A1768231B7250E9
20:17:59.0526 0x1768  hat-date - detected LockedFile.Multi.Generic ( 1 )
20:18:01.0944 0x1768  Object required for P2P: [ F4FAEFA73454CD942314ECF40953D93B ] C:\Users\Wallace\AppData\Roaming\Hatinvite\hat_retire.exe
20:18:21.0945 0x1768  Object send P2P result: false
20:18:21.0945 0x1768  Detect turned to UDS exact due to KSN untrusted
20:18:21.0945 0x1768  hat-date ( UDS:DangerousObject.Multi.Generic ) - infected
20:18:21.0945 0x1768  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Roaming\Hatinvite\hat_retire.exe
20:18:41.0946 0x1768  Object send P2P result: false
20:18:44.0314 0x1768  [ 6E1E462001758C45B740158E831B19C1, 3936F8F783E3E3CA933831E17D6C0066830B55D7F26E1D78799982FF53022158 ] C:\Users\Wallace\AppData\Roaming\Contest_team\contest_interview.exe
20:18:44.0314 0x1768  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Roaming\Contest_team\contest_interview.exe. md5: 6E1E462001758C45B740158E831B19C1, sha256: 3936F8F783E3E3CA933831E17D6C0066830B55D7F26E1D78799982FF53022158
20:18:44.0315 0x1768  contest-compare - detected LockedFile.Multi.Generic ( 1 )
20:18:46.0735 0x1768  Detect turned to UDS exact due to KSN untrusted
20:18:46.0735 0x1768  contest-compare ( UDS:DangerousObject.Multi.Generic ) - infected
20:18:46.0735 0x1768  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Roaming\Contest_team\contest_interview.exe
20:19:02.0669 0x1768  Object send P2P result: true
20:19:05.0057 0x1768  [ 682A590D24524DC5EC2C96F59407A9D3, CB36F86D80FF0EA329183FD6393ECBFAB4081B6146821B8A1B5D29F46451E9B6 ] C:\Users\Wallace\AppData\Local\Temp\Proof-shock\proof-switch.exe
20:19:05.0058 0x1768  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Local\Temp\Proof-shock\proof-switch.exe. md5: 682A590D24524DC5EC2C96F59407A9D3, sha256: CB36F86D80FF0EA329183FD6393ECBFAB4081B6146821B8A1B5D29F46451E9B6
20:19:05.0062 0x1768  proof-reflect - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
20:19:07.0479 0x1768  proof-reflect ( Trojan-Spy.Win32.ZBot.gen ) - infected
20:19:07.0479 0x1768  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Local\Temp\Proof-shock\proof-switch.exe
20:19:22.0632 0x1768  Object send P2P result: true
20:19:25.0025 0x1768  [ E0942E3DD4A6078D0A678A9093018CFC, 0C9BD42A55E5A6EA7F1F911944D64B6E9CE43E6675508C69663A99F5B39E1A48 ] C:\Users\Wallace\AppData\Roaming\Opening-speed\opening_pause.exe
20:19:25.0025 0x1768  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Roaming\Opening-speed\opening_pause.exe. md5: E0942E3DD4A6078D0A678A9093018CFC, sha256: 0C9BD42A55E5A6EA7F1F911944D64B6E9CE43E6675508C69663A99F5B39E1A48
20:19:25.0025 0x1768  openinglimited - detected LockedFile.Multi.Generic ( 1 )
20:19:27.0446 0x1768  openinglimited ( LockedFile.Multi.Generic ) - warning
20:19:29.0837 0x1768  [ 648847084828A4E2EB16342306F04A03, 99028B19114A3081BA0E34F1ED3CB8A5F9FC87DA3186EFA445F2C2783A248063 ] C:\Users\Wallace\AppData\Roaming\Matter-suffer\matter_slide.exe
20:19:29.0838 0x1768  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Roaming\Matter-suffer\matter_slide.exe. md5: 648847084828A4E2EB16342306F04A03, sha256: 99028B19114A3081BA0E34F1ED3CB8A5F9FC87DA3186EFA445F2C2783A248063
20:19:29.0838 0x1768  matter-visit - detected LockedFile.Multi.Generic ( 1 )
20:19:32.0270 0x1768  Detect turned to UDS exact due to KSN untrusted
20:19:32.0270 0x1768  matter-visit ( UDS:DangerousObject.Multi.Generic ) - infected
20:19:32.0270 0x1768  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Roaming\Matter-suffer\matter_slide.exe
20:19:52.0273 0x1768  Object send P2P result: false
20:20:06.0658 0x1768  Win FW state via NFP2: enabled
20:20:08.0997 0x1768  ============================================================
20:20:08.0997 0x1768  Scan finished
20:20:08.0997 0x1768  ============================================================
20:20:09.0009 0x0d80  Detected object count: 8
20:20:09.0009 0x0d80  Actual detected object count: 8
20:20:57.0623 0x0d80  BF2Hub Client ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:57.0624 0x0d80  BF2Hub Client ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:20:57.0625 0x0d80  pace-egg ( UDS:DangerousObject.Multi.Generic ) - skipped by user
20:20:57.0625 0x0d80  pace-egg ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
20:20:57.0626 0x0d80  string-weekend ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
20:20:57.0627 0x0d80  string-weekend ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 
20:20:57.0628 0x0d80  hat-date ( UDS:DangerousObject.Multi.Generic ) - skipped by user
20:20:57.0628 0x0d80  hat-date ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
20:20:57.0629 0x0d80  contest-compare ( UDS:DangerousObject.Multi.Generic ) - skipped by user
20:20:57.0629 0x0d80  contest-compare ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
20:20:57.0630 0x0d80  proof-reflect ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
20:20:57.0630 0x0d80  proof-reflect ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 
20:20:57.0631 0x0d80  openinglimited ( LockedFile.Multi.Generic ) - skipped by user
20:20:57.0631 0x0d80  openinglimited ( LockedFile.Multi.Generic ) - User select action: Skip 
20:20:57.0632 0x0d80  matter-visit ( UDS:DangerousObject.Multi.Generic ) - skipped by user
20:20:57.0633 0x0d80  matter-visit ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
         


Alt 23.02.2015, 12:22   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



Zitat:
20:20:57.0625 0x0d80 pace-egg ( UDSangerousObject.Multi.Generic ) - skipped by user
20:20:57.0625 0x0d80 pace-egg ( UDSangerousObject.Multi.Generic ) - User select action: Skip
20:20:57.0626 0x0d80 string-weekend ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
20:20:57.0627 0x0d80 string-weekend ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip
20:20:57.0628 0x0d80 hat-date ( UDSangerousObject.Multi.Generic ) - skipped by user
20:20:57.0628 0x0d80 hat-date ( UDSangerousObject.Multi.Generic ) - User select action: Skip
20:20:57.0629 0x0d80 contest-compare ( UDSangerousObject.Multi.Generic ) - skipped by user
20:20:57.0629 0x0d80 contest-compare ( UDSangerousObject.Multi.Generic ) - User select action: Skip
20:20:57.0630 0x0d80 proof-reflect ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
20:20:57.0630 0x0d80 proof-reflect ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip
20:20:57.0631 0x0d80 openinglimited ( LockedFile.Multi.Generic ) - skipped by user
20:20:57.0631 0x0d80 openinglimited ( LockedFile.Multi.Generic ) - User select action: Skip
20:20:57.0632 0x0d80 matter-visit ( UDSangerousObject.Multi.Generic ) - skipped by user
20:20:57.0633 0x0d80 matter-visit ( UDSangerousObject.Multi.Generic ) - User select action: Skip

Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Gehe sicher das Cure ( default ) angehackt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.



Dann nochmal einen Scan mit TDSSKiller machen.
__________________
--> Angeblich nymaim Trojaner eingefangen

Alt 23.02.2015, 20:04   #7
DaWallace
 
Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



Ok, hab es ausgeführt.

Hier nach dem Scan und Continue der Log:

Code:
ATTFilter
19:57:06.0358 0x16ac  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:57:19.0379 0x16ac  ============================================================
19:57:19.0380 0x16ac  Current date / time: 2015/02/23 19:57:19.0379
19:57:19.0380 0x16ac  SystemInfo:
19:57:19.0380 0x16ac  
19:57:19.0380 0x16ac  OS Version: 6.1.7601 ServicePack: 1.0
19:57:19.0380 0x16ac  Product type: Workstation
19:57:19.0380 0x16ac  ComputerName: DRAGON64
19:57:19.0380 0x16ac  UserName: Wallace
19:57:19.0380 0x16ac  Windows directory: C:\Windows
19:57:19.0380 0x16ac  System windows directory: C:\Windows
19:57:19.0380 0x16ac  Running under WOW64
19:57:19.0380 0x16ac  Processor architecture: Intel x64
19:57:19.0380 0x16ac  Number of processors: 4
19:57:19.0380 0x16ac  Page size: 0x1000
19:57:19.0380 0x16ac  Boot type: Normal boot
19:57:19.0380 0x16ac  ============================================================
19:57:19.0525 0x16ac  System UUID: {16D1EC3B-9554-5EDC-4910-9ECB978DB774}
19:57:19.0762 0x16ac  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:57:19.0767 0x16ac  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:57:19.0770 0x16ac  Drive \Device\Harddisk2\DR2 - Size: 0x1D1BF100000 ( 1862.99 Gb ), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:57:19.0771 0x16ac  Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:57:19.0791 0x16ac  ============================================================
19:57:19.0791 0x16ac  \Device\Harddisk0\DR0:
19:57:19.0791 0x16ac  MBR partitions:
19:57:19.0791 0x16ac  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:57:19.0791 0x16ac  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55AE0800
19:57:19.0791 0x16ac  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x55B13000, BlocksNum 0x1A32800
19:57:19.0791 0x16ac  \Device\Harddisk1\DR1:
19:57:19.0800 0x16ac  MBR partitions:
19:57:19.0807 0x16ac  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x61D6AB1, BlocksNum 0xC35314E
19:57:19.0820 0x16ac  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12529C3E, BlocksNum 0x124FAAB4
19:57:19.0837 0x16ac  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x24A24731, BlocksNum 0x15960510
19:57:19.0837 0x16ac  \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x61D2B72
19:57:19.0837 0x16ac  \Device\Harddisk2\DR2:
19:57:19.0837 0x16ac  MBR partitions:
19:57:19.0837 0x16ac  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
19:57:19.0837 0x16ac  \Device\Harddisk3\DR3:
19:57:19.0837 0x16ac  MBR partitions:
19:57:19.0837 0x16ac  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A380D41
19:57:19.0837 0x16ac  ============================================================
19:57:19.0856 0x16ac  C: <-> \Device\Harddisk0\DR0\Partition2
19:57:19.0895 0x16ac  D: <-> \Device\Harddisk1\DR1\Partition4
19:57:19.0925 0x16ac  E: <-> \Device\Harddisk1\DR1\Partition1
19:57:19.0960 0x16ac  F: <-> \Device\Harddisk1\DR1\Partition2
19:57:19.0981 0x16ac  G: <-> \Device\Harddisk1\DR1\Partition3
19:57:20.0015 0x16ac  H: <-> \Device\Harddisk0\DR0\Partition3
19:57:20.0016 0x16ac  O: <-> \Device\Harddisk2\DR2\Partition1
19:57:20.0016 0x16ac  Q: <-> \Device\Harddisk3\DR3\Partition1
19:57:20.0016 0x16ac  ============================================================
19:57:20.0016 0x16ac  Initialize success
19:57:20.0016 0x16ac  ============================================================
19:57:36.0246 0x0ddc  ============================================================
19:57:36.0246 0x0ddc  Scan started
19:57:36.0246 0x0ddc  Mode: Manual; SigCheck; TDLFS; 
19:57:36.0246 0x0ddc  ============================================================
19:57:36.0246 0x0ddc  KSN ping started
19:57:49.0602 0x0ddc  KSN ping finished: true
19:57:50.0714 0x0ddc  ================ Scan system memory ========================
19:57:50.0714 0x0ddc  System memory - ok
19:57:50.0715 0x0ddc  ================ Scan services =============================
19:57:50.0815 0x0ddc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:57:50.0867 0x0ddc  1394ohci - ok
19:57:50.0959 0x0ddc  [ EB2290ED2AFEA6D9C9773B818F2C1EA3, 7CC151FD71E0F32C106A6699B54E9C18CC43859A98B5A891646DD7FAEF9FFC54 ] 46463773        C:\Windows\system32\drivers\08076999.sys
19:57:50.0998 0x0ddc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:57:51.0019 0x0ddc  ACPI - ok
19:57:51.0035 0x0ddc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:57:51.0046 0x0ddc  AcpiPmi - ok
19:57:51.0075 0x0ddc  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:57:51.0084 0x0ddc  AdobeARMservice - ok
19:57:51.0161 0x0ddc  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:57:51.0173 0x0ddc  AdobeFlashPlayerUpdateSvc - ok
19:57:51.0210 0x0ddc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:57:51.0228 0x0ddc  adp94xx - ok
19:57:51.0256 0x0ddc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:57:51.0271 0x0ddc  adpahci - ok
19:57:51.0283 0x0ddc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:57:51.0294 0x0ddc  adpu320 - ok
19:57:51.0323 0x0ddc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:57:51.0363 0x0ddc  AeLookupSvc - ok
19:57:51.0404 0x0ddc  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
19:57:51.0423 0x0ddc  AFD - ok
19:57:51.0445 0x0ddc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:57:51.0454 0x0ddc  agp440 - ok
19:57:51.0516 0x0ddc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:57:51.0565 0x0ddc  ALG - ok
19:57:51.0621 0x0ddc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:57:51.0634 0x0ddc  aliide - ok
19:57:51.0662 0x0ddc  [ B3E801135E0C81733542C14D9AA8120A, 69A19C73BBB942DDEBD079EF924ED1AEFC3516867569618D2FBBD1CD831204C2 ] Alpham1         C:\Windows\system32\DRIVERS\Alpham164.sys
19:57:51.0671 0x0ddc  Alpham1 - ok
19:57:51.0685 0x0ddc  [ 6493983FEDBC49D9112703ECE9B251FE, E5D0EEBA8C8D9C02CC4109C86ABC6375E5CF79F6549917C011238FD2DD78BF71 ] Alpham2         C:\Windows\system32\DRIVERS\Alpham264.sys
19:57:51.0700 0x0ddc  Alpham2 - ok
19:57:51.0756 0x0ddc  [ F17B1902DFCED1C24DB57492A7896FF8, 966AB1A072A8AF98D7EDD2A388D919B50FC41A06E1C51B04B2C2F54F1BA7F0D5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:57:51.0777 0x0ddc  AMD External Events Utility - ok
19:57:51.0845 0x0ddc  AMD FUEL Service - ok
19:57:51.0859 0x0ddc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:57:51.0867 0x0ddc  amdide - ok
19:57:51.0886 0x0ddc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:57:51.0914 0x0ddc  AmdK8 - ok
19:57:52.0504 0x0ddc  [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:57:52.0873 0x0ddc  amdkmdag - ok
19:57:52.0950 0x0ddc  [ AF6B384E03D15471EDCEDDDEBAA363B2, 2D8CFA26D69A8FF0FAC6EBA2E5A62977B21ECBA0C65458072FEC4A886B3EDD73 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:57:52.0987 0x0ddc  amdkmdap - ok
19:57:52.0992 0x0ddc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:57:53.0004 0x0ddc  AmdPPM - ok
19:57:53.0030 0x0ddc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:57:53.0040 0x0ddc  amdsata - ok
19:57:53.0055 0x0ddc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:57:53.0066 0x0ddc  amdsbs - ok
19:57:53.0080 0x0ddc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:57:53.0088 0x0ddc  amdxata - ok
19:57:53.0091 0x0ddc  AODDriver4.2.0 - ok
19:57:53.0121 0x0ddc  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:57:53.0135 0x0ddc  AODDriver4.3 - ok
19:57:53.0165 0x0ddc  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
19:57:53.0192 0x0ddc  AppID - ok
19:57:53.0212 0x0ddc  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:57:53.0252 0x0ddc  AppIDSvc - ok
19:57:53.0275 0x0ddc  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
19:57:53.0294 0x0ddc  Appinfo - ok
19:57:53.0310 0x0ddc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
19:57:53.0319 0x0ddc  arc - ok
19:57:53.0324 0x0ddc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:57:53.0336 0x0ddc  arcsas - ok
19:57:53.0375 0x0ddc  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE, DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
19:57:53.0394 0x0ddc  AsIO - ok
19:57:53.0420 0x0ddc  [ 22842362DF890F5492F85AA60916A697, EC01380B1C9BF4CFBA018FC314563F0785280172A2A9B51D50F088E7101951EF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
19:57:53.0445 0x0ddc  asmthub3 - ok
19:57:53.0475 0x0ddc  [ 08E2D77766CC05E75A0707207D9FC684, 6CF3B12B2B3375B715A3EBC66EF148CEA2248D448A3A37875B7B1BC7CDA40FDD ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
19:57:53.0500 0x0ddc  asmtxhci - ok
19:57:53.0548 0x0ddc  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:57:53.0575 0x0ddc  aspnet_state - ok
19:57:53.0627 0x0ddc  [ 954FFBFF05B0B60EB63B52AF561436C4, 40228A2B688E827815B5A567584FCF99BF661696DB8CC8BB455393B3CEE35094 ] AsSysCtrlService C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe
19:57:53.0646 0x0ddc  AsSysCtrlService - ok
19:57:53.0653 0x0ddc  [ 26D66E32E78D3059715B3A17BC679CD9, 5039CB81CE0829C5F3DED16A4005FEB10141C6C9B473CC319E81BAF6D1DA33E3 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
19:57:53.0666 0x0ddc  AsUpIO - ok
19:57:53.0679 0x0ddc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:53.0711 0x0ddc  AsyncMac - ok
19:57:53.0730 0x0ddc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:57:53.0737 0x0ddc  atapi - ok
19:57:53.0763 0x0ddc  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:57:53.0768 0x0ddc  AtiHDAudioService - detected UnsignedFile.Multi.Generic ( 1 )
19:57:56.0183 0x0ddc  Detect skipped due to KSN trusted
19:57:56.0183 0x0ddc  AtiHDAudioService - ok
19:57:56.0671 0x0ddc  [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:57:57.0043 0x0ddc  atikmdag - ok
19:57:57.0104 0x0ddc  [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
19:57:57.0111 0x0ddc  AtiPcie - ok
19:57:57.0138 0x0ddc  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:57:57.0169 0x0ddc  AudioEndpointBuilder - ok
19:57:57.0187 0x0ddc  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:57:57.0209 0x0ddc  AudioSrv - ok
19:57:57.0257 0x0ddc  [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject        C:\Windows\system32\drivers\avmeject.sys
19:57:57.0264 0x0ddc  avmeject - ok
19:57:57.0288 0x0ddc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:57:57.0313 0x0ddc  AxInstSV - ok
19:57:57.0358 0x0ddc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:57:57.0376 0x0ddc  b06bdrv - ok
19:57:57.0392 0x0ddc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:57:57.0416 0x0ddc  b57nd60a - ok
19:57:57.0422 0x0ddc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:57:57.0449 0x0ddc  BDESVC - ok
19:57:57.0474 0x0ddc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:57:57.0500 0x0ddc  Beep - ok
19:57:57.0528 0x0ddc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:57:57.0551 0x0ddc  BFE - ok
19:57:57.0600 0x0ddc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
19:57:57.0644 0x0ddc  BITS - ok
19:57:57.0654 0x0ddc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:57:57.0663 0x0ddc  blbdrive - ok
19:57:57.0678 0x0ddc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:57:57.0688 0x0ddc  bowser - ok
19:57:57.0699 0x0ddc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:57:57.0711 0x0ddc  BrFiltLo - ok
19:57:57.0720 0x0ddc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:57:57.0743 0x0ddc  BrFiltUp - ok
19:57:57.0765 0x0ddc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:57:57.0777 0x0ddc  Browser - ok
19:57:57.0787 0x0ddc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:57:57.0802 0x0ddc  Brserid - ok
19:57:57.0817 0x0ddc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:57:57.0829 0x0ddc  BrSerWdm - ok
19:57:57.0844 0x0ddc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:57:57.0865 0x0ddc  BrUsbMdm - ok
19:57:57.0901 0x0ddc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:57:57.0909 0x0ddc  BrUsbSer - ok
19:57:57.0959 0x0ddc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:57:57.0990 0x0ddc  BTHMODEM - ok
19:57:58.0006 0x0ddc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:57:58.0045 0x0ddc  bthserv - ok
19:57:58.0073 0x0ddc  [ DC22832C7A65054129DEFE8BC0C6E2B6, 913C8FE83A1FFDC6A1EA54B910D98D9A4C8EF049D0B1D0D0AFB5BF1514AABE59 ] camfilt2        C:\Windows\system32\DRIVERS\camfilt2.sys
19:57:58.0084 0x0ddc  camfilt2 - ok
19:57:58.0106 0x0ddc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:57:58.0144 0x0ddc  cdfs - ok
19:57:58.0159 0x0ddc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:57:58.0171 0x0ddc  cdrom - ok
19:57:58.0182 0x0ddc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:57:58.0209 0x0ddc  CertPropSvc - ok
19:57:58.0222 0x0ddc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:57:58.0243 0x0ddc  circlass - ok
19:57:58.0270 0x0ddc  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:57:58.0285 0x0ddc  CLFS - ok
19:57:58.0330 0x0ddc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:57:58.0340 0x0ddc  clr_optimization_v2.0.50727_32 - ok
19:57:58.0369 0x0ddc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:57:58.0378 0x0ddc  clr_optimization_v2.0.50727_64 - ok
19:57:58.0434 0x0ddc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:57:58.0467 0x0ddc  clr_optimization_v4.0.30319_32 - ok
19:57:58.0480 0x0ddc  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:57:58.0493 0x0ddc  clr_optimization_v4.0.30319_64 - ok
19:57:58.0509 0x0ddc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:57:58.0519 0x0ddc  CmBatt - ok
19:57:58.0546 0x0ddc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:57:58.0554 0x0ddc  cmdide - ok
19:57:58.0587 0x0ddc  [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:57:58.0610 0x0ddc  CNG - ok
19:57:58.0626 0x0ddc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:57:58.0633 0x0ddc  Compbatt - ok
19:57:58.0644 0x0ddc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:57:58.0655 0x0ddc  CompositeBus - ok
19:57:58.0658 0x0ddc  COMSysApp - ok
19:57:58.0675 0x0ddc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:57:58.0683 0x0ddc  crcdisk - ok
19:57:58.0709 0x0ddc  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:57:58.0721 0x0ddc  CryptSvc - ok
19:57:58.0748 0x0ddc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:57:58.0786 0x0ddc  DcomLaunch - ok
19:57:58.0808 0x0ddc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:57:58.0840 0x0ddc  defragsvc - ok
19:57:58.0846 0x0ddc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:57:58.0890 0x0ddc  DfsC - ok
19:57:58.0919 0x0ddc  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
19:57:58.0928 0x0ddc  dg_ssudbus - ok
19:57:58.0943 0x0ddc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:57:58.0968 0x0ddc  Dhcp - ok
19:57:58.0985 0x0ddc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:57:59.0025 0x0ddc  discache - ok
19:57:59.0031 0x0ddc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
19:57:59.0040 0x0ddc  Disk - ok
19:57:59.0068 0x0ddc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:57:59.0080 0x0ddc  Dnscache - ok
19:57:59.0117 0x0ddc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:57:59.0148 0x0ddc  dot3svc - ok
19:57:59.0203 0x0ddc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:57:59.0251 0x0ddc  DPS - ok
19:57:59.0294 0x0ddc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:57:59.0364 0x0ddc  drmkaud - ok
19:57:59.0438 0x0ddc  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:57:59.0468 0x0ddc  DXGKrnl - ok
19:57:59.0483 0x0ddc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:57:59.0527 0x0ddc  EapHost - ok
19:57:59.0650 0x0ddc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:57:59.0739 0x0ddc  ebdrv - ok
19:57:59.0766 0x0ddc  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS             C:\Windows\System32\lsass.exe
19:57:59.0786 0x0ddc  EFS - ok
19:57:59.0852 0x0ddc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:57:59.0890 0x0ddc  ehRecvr - ok
19:57:59.0911 0x0ddc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:57:59.0923 0x0ddc  ehSched - ok
19:57:59.0944 0x0ddc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:57:59.0962 0x0ddc  elxstor - ok
19:57:59.0976 0x0ddc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:57:59.0994 0x0ddc  ErrDev - ok
19:58:00.0023 0x0ddc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:58:00.0076 0x0ddc  EventSystem - ok
19:58:00.0095 0x0ddc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:58:00.0125 0x0ddc  exfat - ok
19:58:00.0149 0x0ddc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:58:00.0189 0x0ddc  fastfat - ok
19:58:00.0207 0x0ddc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:58:00.0231 0x0ddc  Fax - ok
19:58:00.0249 0x0ddc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
19:58:00.0258 0x0ddc  fdc - ok
19:58:00.0272 0x0ddc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:58:00.0306 0x0ddc  fdPHost - ok
19:58:00.0327 0x0ddc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:58:00.0357 0x0ddc  FDResPub - ok
19:58:00.0366 0x0ddc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:58:00.0374 0x0ddc  FileInfo - ok
19:58:00.0386 0x0ddc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:58:00.0413 0x0ddc  Filetrace - ok
19:58:00.0426 0x0ddc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:58:00.0447 0x0ddc  flpydisk - ok
19:58:00.0456 0x0ddc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:58:00.0470 0x0ddc  FltMgr - ok
19:58:00.0523 0x0ddc  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
19:58:00.0557 0x0ddc  FontCache - ok
19:58:00.0592 0x0ddc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:58:00.0600 0x0ddc  FontCache3.0.0.0 - ok
19:58:00.0617 0x0ddc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:58:00.0626 0x0ddc  FsDepends - ok
19:58:00.0651 0x0ddc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:58:00.0659 0x0ddc  Fs_Rec - ok
19:58:00.0675 0x0ddc  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:58:00.0690 0x0ddc  fvevol - ok
19:58:00.0739 0x0ddc  [ 444534CBA693DD23C1CC589681E01656, DF8ED7FFA66E0A88EBB58A491A177D8CEB35B08B0911D7A1F4B8865755DC27CE ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
19:58:00.0764 0x0ddc  FWLANUSB - ok
19:58:00.0782 0x0ddc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:58:00.0791 0x0ddc  gagp30kx - ok
19:58:00.0832 0x0ddc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:58:00.0875 0x0ddc  gpsvc - ok
19:58:00.0942 0x0ddc  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:58:00.0964 0x0ddc  gupdate - ok
19:58:00.0978 0x0ddc  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:58:00.0994 0x0ddc  gupdatem - ok
19:58:01.0005 0x0ddc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:58:01.0015 0x0ddc  hcw85cir - ok
19:58:01.0049 0x0ddc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:58:01.0093 0x0ddc  HdAudAddService - ok
19:58:01.0111 0x0ddc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:58:01.0126 0x0ddc  HDAudBus - ok
19:58:01.0144 0x0ddc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:58:01.0166 0x0ddc  HidBatt - ok
19:58:01.0182 0x0ddc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:58:01.0207 0x0ddc  HidBth - ok
19:58:01.0225 0x0ddc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:58:01.0238 0x0ddc  HidIr - ok
19:58:01.0258 0x0ddc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
19:58:01.0295 0x0ddc  hidserv - ok
19:58:01.0313 0x0ddc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:58:01.0322 0x0ddc  HidUsb - ok
19:58:01.0336 0x0ddc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:58:01.0379 0x0ddc  hkmsvc - ok
19:58:01.0397 0x0ddc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:58:01.0410 0x0ddc  HomeGroupListener - ok
19:58:01.0427 0x0ddc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:58:01.0440 0x0ddc  HomeGroupProvider - ok
19:58:01.0453 0x0ddc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:58:01.0462 0x0ddc  HpSAMD - ok
19:58:01.0489 0x0ddc  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:58:01.0530 0x0ddc  HTTP - ok
19:58:01.0540 0x0ddc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:58:01.0548 0x0ddc  hwpolicy - ok
19:58:01.0566 0x0ddc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:58:01.0577 0x0ddc  i8042prt - ok
19:58:01.0611 0x0ddc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:58:01.0627 0x0ddc  iaStorV - ok
19:58:01.0679 0x0ddc  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:58:01.0700 0x0ddc  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
19:58:04.0126 0x0ddc  Detect skipped due to KSN trusted
19:58:04.0126 0x0ddc  IDriverT - ok
19:58:04.0221 0x0ddc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:58:04.0252 0x0ddc  idsvc - ok
19:58:04.0256 0x0ddc  IEEtwCollectorService - ok
19:58:04.0275 0x0ddc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:58:04.0284 0x0ddc  iirsp - ok
19:58:04.0326 0x0ddc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:58:04.0353 0x0ddc  IKEEXT - ok
19:58:04.0390 0x0ddc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:58:04.0398 0x0ddc  intelide - ok
19:58:04.0434 0x0ddc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
19:58:04.0482 0x0ddc  intelppm - ok
19:58:04.0528 0x0ddc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:58:04.0578 0x0ddc  IPBusEnum - ok
19:58:04.0635 0x0ddc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:58:04.0678 0x0ddc  IpFilterDriver - ok
19:58:04.0710 0x0ddc  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:58:04.0730 0x0ddc  iphlpsvc - ok
19:58:04.0758 0x0ddc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:58:04.0782 0x0ddc  IPMIDRV - ok
19:58:04.0804 0x0ddc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:58:04.0832 0x0ddc  IPNAT - ok
19:58:04.0849 0x0ddc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:58:04.0861 0x0ddc  IRENUM - ok
19:58:04.0869 0x0ddc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:58:04.0877 0x0ddc  isapnp - ok
19:58:04.0903 0x0ddc  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:58:04.0916 0x0ddc  iScsiPrt - ok
19:58:04.0934 0x0ddc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:58:04.0943 0x0ddc  kbdclass - ok
19:58:04.0954 0x0ddc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:58:04.0963 0x0ddc  kbdhid - ok
19:58:04.0970 0x0ddc  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso          C:\Windows\system32\lsass.exe
19:58:04.0979 0x0ddc  KeyIso - ok
19:58:04.0994 0x0ddc  [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:58:05.0003 0x0ddc  KSecDD - ok
19:58:05.0016 0x0ddc  [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:58:05.0026 0x0ddc  KSecPkg - ok
19:58:05.0036 0x0ddc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:58:05.0068 0x0ddc  ksthunk - ok
19:58:05.0106 0x0ddc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:58:05.0161 0x0ddc  KtmRm - ok
19:58:05.0185 0x0ddc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:58:05.0216 0x0ddc  LanmanServer - ok
19:58:05.0239 0x0ddc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:58:05.0280 0x0ddc  LanmanWorkstation - ok
19:58:05.0295 0x0ddc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:58:05.0335 0x0ddc  lltdio - ok
19:58:05.0362 0x0ddc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:58:05.0406 0x0ddc  lltdsvc - ok
19:58:05.0417 0x0ddc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:58:05.0453 0x0ddc  lmhosts - ok
19:58:05.0473 0x0ddc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:58:05.0482 0x0ddc  LSI_FC - ok
19:58:05.0487 0x0ddc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:58:05.0497 0x0ddc  LSI_SAS - ok
19:58:05.0511 0x0ddc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:58:05.0519 0x0ddc  LSI_SAS2 - ok
19:58:05.0525 0x0ddc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:58:05.0535 0x0ddc  LSI_SCSI - ok
19:58:05.0540 0x0ddc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:58:05.0651 0x0ddc  luafv - ok
19:58:05.0675 0x0ddc  [ F0DCD0FD9D79668E34A660F49C8C00BC, 1A57E0E6528AD21F983577E3945B3B72A3A3614E6245313330A4351D9FD3F207 ] MADFULEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys
19:58:05.0682 0x0ddc  MADFULEGACYKEYBOARD - ok
19:58:05.0700 0x0ddc  [ FAEDBEE189A877E302B023BD24FAEBF8, C6E77B90D5D53E539A3AE35D42DD17E90AC1F90B3698C4600BC537E58EA867E4 ] MAUSBLEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys
19:58:05.0710 0x0ddc  MAUSBLEGACYKEYBOARD - ok
19:58:05.0735 0x0ddc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:58:05.0746 0x0ddc  Mcx2Svc - ok
19:58:05.0762 0x0ddc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:58:05.0771 0x0ddc  megasas - ok
19:58:05.0792 0x0ddc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:58:05.0806 0x0ddc  MegaSR - ok
19:58:05.0820 0x0ddc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:58:05.0856 0x0ddc  MMCSS - ok
19:58:05.0868 0x0ddc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:58:05.0894 0x0ddc  Modem - ok
19:58:05.0910 0x0ddc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:58:05.0921 0x0ddc  monitor - ok
19:58:05.0933 0x0ddc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:58:05.0942 0x0ddc  mouclass - ok
19:58:05.0953 0x0ddc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:58:05.0962 0x0ddc  mouhid - ok
19:58:05.0967 0x0ddc  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:58:05.0976 0x0ddc  mountmgr - ok
19:58:06.0001 0x0ddc  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:58:06.0011 0x0ddc  MozillaMaintenance - ok
19:58:06.0025 0x0ddc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:58:06.0036 0x0ddc  mpio - ok
19:58:06.0045 0x0ddc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:58:06.0087 0x0ddc  mpsdrv - ok
19:58:06.0127 0x0ddc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:58:06.0179 0x0ddc  MpsSvc - ok
19:58:06.0203 0x0ddc  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:58:06.0213 0x0ddc  MRxDAV - ok
19:58:06.0229 0x0ddc  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:58:06.0240 0x0ddc  mrxsmb - ok
19:58:06.0266 0x0ddc  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:58:06.0280 0x0ddc  mrxsmb10 - ok
19:58:06.0286 0x0ddc  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:58:06.0305 0x0ddc  mrxsmb20 - ok
19:58:06.0317 0x0ddc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:58:06.0325 0x0ddc  msahci - ok
19:58:06.0331 0x0ddc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:58:06.0342 0x0ddc  msdsm - ok
19:58:06.0361 0x0ddc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:58:06.0374 0x0ddc  MSDTC - ok
19:58:06.0380 0x0ddc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:58:06.0406 0x0ddc  Msfs - ok
19:58:06.0427 0x0ddc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:58:06.0452 0x0ddc  mshidkmdf - ok
19:58:06.0455 0x0ddc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:58:06.0463 0x0ddc  msisadrv - ok
19:58:06.0489 0x0ddc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:58:06.0524 0x0ddc  MSiSCSI - ok
19:58:06.0527 0x0ddc  msiserver - ok
19:58:06.0555 0x0ddc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:58:06.0580 0x0ddc  MSKSSRV - ok
19:58:06.0597 0x0ddc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:58:06.0622 0x0ddc  MSPCLOCK - ok
19:58:06.0668 0x0ddc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:58:06.0730 0x0ddc  MSPQM - ok
19:58:06.0757 0x0ddc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:58:06.0772 0x0ddc  MsRPC - ok
19:58:06.0785 0x0ddc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:58:06.0793 0x0ddc  mssmbios - ok
19:58:06.0807 0x0ddc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:58:06.0833 0x0ddc  MSTEE - ok
19:58:06.0847 0x0ddc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:58:06.0865 0x0ddc  MTConfig - ok
19:58:06.0883 0x0ddc  [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
19:58:06.0889 0x0ddc  MTsensor - ok
19:58:06.0899 0x0ddc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:58:06.0907 0x0ddc  Mup - ok
19:58:06.0927 0x0ddc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:58:06.0962 0x0ddc  napagent - ok
19:58:07.0000 0x0ddc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:58:07.0032 0x0ddc  NativeWifiP - ok
19:58:07.0082 0x0ddc  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:58:07.0109 0x0ddc  NDIS - ok
19:58:07.0115 0x0ddc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:58:07.0141 0x0ddc  NdisCap - ok
19:58:07.0153 0x0ddc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:07.0179 0x0ddc  NdisTapi - ok
19:58:07.0195 0x0ddc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:58:07.0220 0x0ddc  Ndisuio - ok
19:58:07.0227 0x0ddc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:07.0265 0x0ddc  NdisWan - ok
19:58:07.0278 0x0ddc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:58:07.0314 0x0ddc  NDProxy - ok
19:58:07.0319 0x0ddc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:58:07.0351 0x0ddc  NetBIOS - ok
19:58:07.0360 0x0ddc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:58:07.0390 0x0ddc  NetBT - ok
19:58:07.0409 0x0ddc  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon        C:\Windows\system32\lsass.exe
19:58:07.0417 0x0ddc  Netlogon - ok
19:58:07.0439 0x0ddc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:58:07.0473 0x0ddc  Netman - ok
19:58:07.0509 0x0ddc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:07.0521 0x0ddc  NetMsmqActivator - ok
19:58:07.0529 0x0ddc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:07.0542 0x0ddc  NetPipeActivator - ok
19:58:07.0607 0x0ddc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:58:07.0652 0x0ddc  netprofm - ok
19:58:07.0658 0x0ddc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:07.0670 0x0ddc  NetTcpActivator - ok
19:58:07.0676 0x0ddc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:07.0688 0x0ddc  NetTcpPortSharing - ok
19:58:07.0702 0x0ddc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:58:07.0711 0x0ddc  nfrd960 - ok
19:58:07.0732 0x0ddc  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:58:07.0756 0x0ddc  NlaSvc - ok
19:58:07.0760 0x0ddc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:58:07.0786 0x0ddc  Npfs - ok
19:58:07.0798 0x0ddc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:58:07.0840 0x0ddc  nsi - ok
19:58:07.0843 0x0ddc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:58:07.0870 0x0ddc  nsiproxy - ok
19:58:07.0937 0x0ddc  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:58:07.0979 0x0ddc  Ntfs - ok
19:58:07.0988 0x0ddc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:58:08.0014 0x0ddc  Null - ok
19:58:08.0033 0x0ddc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:58:08.0044 0x0ddc  nvraid - ok
19:58:08.0067 0x0ddc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:58:08.0078 0x0ddc  nvstor - ok
19:58:08.0102 0x0ddc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:58:08.0112 0x0ddc  nv_agp - ok
19:58:08.0125 0x0ddc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:58:08.0135 0x0ddc  ohci1394 - ok
19:58:08.0160 0x0ddc  [ FA5D730CE3F3A3BD21C1040E212230D4, 74C4C5DD79D60D7A5821F514614861FC7EE0C7160F7F8A96683087DEDE67C2C6 ] OM0530          C:\Windows\system32\Drivers\ov530vx.sys
19:58:08.0170 0x0ddc  OM0530 - ok
19:58:08.0280 0x0ddc  [ 4F2ED8FB21F127DC1FA98D4CA2279E75, 96DB5DF9C55757EB2F761309036F87D8C55BAB2851FBB716A02A9248712CB13A ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
19:58:08.0326 0x0ddc  Origin Client Service - ok
19:58:08.0380 0x0ddc  [ 2B7D360154E5324F9BA181AF0DBFB2AA, DD53FEDAEC6CB8243142561A946B7A372C320A2C69F8896D33DB504B78707D35 ] OverwolfUpdaterService C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
19:58:08.0401 0x0ddc  OverwolfUpdaterService - ok
19:58:08.0479 0x0ddc  [ E357862CA46F2C3E98E5E8007A317363, 0A3ADF2F6A8800EA1A76BBA58D5CB1B22A70DF895EF5D4C7169456B0C44061ED ] OxygenAudioDevMon C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
19:58:08.0520 0x0ddc  OxygenAudioDevMon - ok
19:58:08.0552 0x0ddc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:58:08.0567 0x0ddc  p2pimsvc - ok
19:58:08.0588 0x0ddc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:58:08.0605 0x0ddc  p2psvc - ok
19:58:08.0668 0x0ddc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:58:08.0699 0x0ddc  Parport - ok
19:58:08.0719 0x0ddc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:58:08.0729 0x0ddc  partmgr - ok
19:58:08.0742 0x0ddc  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:58:08.0774 0x0ddc  PcaSvc - ok
19:58:08.0782 0x0ddc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:58:08.0794 0x0ddc  pci - ok
19:58:08.0807 0x0ddc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:58:08.0816 0x0ddc  pciide - ok
19:58:08.0846 0x0ddc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:58:08.0858 0x0ddc  pcmcia - ok
19:58:08.0862 0x0ddc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:58:08.0870 0x0ddc  pcw - ok
19:58:08.0910 0x0ddc  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:58:08.0963 0x0ddc  PEAUTH - ok
19:58:08.0999 0x0ddc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:58:09.0020 0x0ddc  PerfHost - ok
19:58:09.0071 0x0ddc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:58:09.0126 0x0ddc  pla - ok
19:58:09.0157 0x0ddc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:58:09.0188 0x0ddc  PlugPlay - ok
19:58:09.0222 0x0ddc  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
19:58:09.0230 0x0ddc  PnkBstrA - ok
19:58:09.0248 0x0ddc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:58:09.0257 0x0ddc  PNRPAutoReg - ok
19:58:09.0272 0x0ddc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:58:09.0287 0x0ddc  PNRPsvc - ok
19:58:09.0317 0x0ddc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:58:09.0354 0x0ddc  PolicyAgent - ok
19:58:09.0383 0x0ddc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:58:09.0424 0x0ddc  Power - ok
19:58:09.0437 0x0ddc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:58:09.0464 0x0ddc  PptpMiniport - ok
19:58:09.0482 0x0ddc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
19:58:09.0509 0x0ddc  Processor - ok
19:58:09.0550 0x0ddc  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:58:09.0588 0x0ddc  ProfSvc - ok
19:58:09.0606 0x0ddc  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:58:09.0615 0x0ddc  ProtectedStorage - ok
19:58:09.0678 0x0ddc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:58:09.0721 0x0ddc  Psched - ok
19:58:09.0745 0x0ddc  [ BC08F7F3C53CBEE68670ED1314E290FD, EC683DDE60AFED297D28BC7570BB6DA27A94F52417AD6DE1FBE265255F4051DD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
19:58:09.0753 0x0ddc  PxHlpa64 - ok
19:58:10.0036 0x0ddc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:58:10.0077 0x0ddc  ql2300 - ok
19:58:10.0093 0x0ddc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:58:10.0104 0x0ddc  ql40xx - ok
19:58:10.0122 0x0ddc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:58:10.0140 0x0ddc  QWAVE - ok
19:58:10.0149 0x0ddc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:58:10.0176 0x0ddc  QWAVEdrv - ok
19:58:10.0193 0x0ddc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:58:10.0218 0x0ddc  RasAcd - ok
19:58:10.0249 0x0ddc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:58:10.0275 0x0ddc  RasAgileVpn - ok
19:58:10.0288 0x0ddc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:58:10.0316 0x0ddc  RasAuto - ok
19:58:10.0322 0x0ddc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:58:10.0352 0x0ddc  Rasl2tp - ok
19:58:10.0369 0x0ddc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:58:10.0416 0x0ddc  RasMan - ok
19:58:10.0421 0x0ddc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:58:10.0449 0x0ddc  RasPppoe - ok
19:58:10.0455 0x0ddc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:58:10.0482 0x0ddc  RasSstp - ok
19:58:10.0501 0x0ddc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:58:10.0533 0x0ddc  rdbss - ok
19:58:10.0549 0x0ddc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:58:10.0571 0x0ddc  rdpbus - ok
19:58:10.0587 0x0ddc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:58:10.0612 0x0ddc  RDPCDD - ok
19:58:10.0617 0x0ddc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:58:10.0702 0x0ddc  RDPENCDD - ok
19:58:10.0709 0x0ddc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:58:10.0735 0x0ddc  RDPREFMP - ok
19:58:10.0765 0x0ddc  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:58:10.0779 0x0ddc  RdpVideoMiniport - ok
19:58:10.0811 0x0ddc  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:58:10.0834 0x0ddc  RDPWD - ok
19:58:10.0848 0x0ddc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:58:10.0861 0x0ddc  rdyboost - ok
19:58:10.0886 0x0ddc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:58:10.0925 0x0ddc  RemoteAccess - ok
19:58:10.0955 0x0ddc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:58:10.0984 0x0ddc  RemoteRegistry - ok
19:58:10.0989 0x0ddc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:58:11.0017 0x0ddc  RpcEptMapper - ok
19:58:11.0031 0x0ddc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:58:11.0041 0x0ddc  RpcLocator - ok
19:58:11.0094 0x0ddc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:58:11.0130 0x0ddc  RpcSs - ok
19:58:11.0143 0x0ddc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:58:11.0177 0x0ddc  rspndr - ok
19:58:11.0217 0x0ddc  [ 8181B5E7BFC040E0B26349C73E719335, EBB244A7E8E2CDC51041B2C2A78DCB77324F9E3746942C84902FCD928ADED897 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:58:11.0237 0x0ddc  RTL8167 - ok
19:58:11.0246 0x0ddc  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs           C:\Windows\system32\lsass.exe
19:58:11.0255 0x0ddc  SamSs - ok
19:58:11.0264 0x0ddc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:58:11.0274 0x0ddc  sbp2port - ok
19:58:11.0292 0x0ddc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:58:11.0338 0x0ddc  SCardSvr - ok
19:58:11.0356 0x0ddc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:58:11.0382 0x0ddc  scfilter - ok
19:58:11.0420 0x0ddc  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:58:11.0469 0x0ddc  Schedule - ok
19:58:11.0493 0x0ddc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:58:11.0519 0x0ddc  SCPolicySvc - ok
19:58:11.0543 0x0ddc  [ 8B56BDCE6A303DDE63D63440D1CF9AD1, 66A4356C29D00A1B8A95975C073AE4E6D2A90CBF3B143FE9B83B96BEC0805D46 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
19:58:11.0551 0x0ddc  ScreamBAudioSvc - ok
19:58:11.0570 0x0ddc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:58:11.0597 0x0ddc  SDRSVC - ok
19:58:11.0714 0x0ddc  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
19:58:11.0757 0x0ddc  SDScannerService - ok
19:58:11.0839 0x0ddc  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:58:11.0889 0x0ddc  SDUpdateService - ok
19:58:11.0908 0x0ddc  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:58:11.0918 0x0ddc  SDWSCService - ok
19:58:11.0932 0x0ddc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:58:11.0958 0x0ddc  secdrv - ok
19:58:11.0967 0x0ddc  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:58:11.0994 0x0ddc  seclogon - ok
19:58:12.0004 0x0ddc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
19:58:12.0031 0x0ddc  SENS - ok
19:58:12.0038 0x0ddc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:58:12.0047 0x0ddc  SensrSvc - ok
19:58:12.0061 0x0ddc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:58:12.0069 0x0ddc  Serenum - ok
19:58:12.0079 0x0ddc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:58:12.0089 0x0ddc  Serial - ok
19:58:12.0109 0x0ddc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:58:12.0118 0x0ddc  sermouse - ok
19:58:12.0142 0x0ddc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:58:12.0183 0x0ddc  SessionEnv - ok
19:58:12.0199 0x0ddc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:58:12.0219 0x0ddc  sffdisk - ok
19:58:12.0230 0x0ddc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:58:12.0241 0x0ddc  sffp_mmc - ok
19:58:12.0258 0x0ddc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:58:12.0268 0x0ddc  sffp_sd - ok
19:58:12.0283 0x0ddc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:58:12.0292 0x0ddc  sfloppy - ok
19:58:12.0360 0x0ddc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:58:12.0409 0x0ddc  SharedAccess - ok
19:58:12.0436 0x0ddc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:58:12.0478 0x0ddc  ShellHWDetection - ok
19:58:12.0487 0x0ddc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:58:12.0495 0x0ddc  SiSRaid2 - ok
19:58:12.0504 0x0ddc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:58:12.0513 0x0ddc  SiSRaid4 - ok
19:58:12.0530 0x0ddc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:58:12.0560 0x0ddc  Smb - ok
19:58:12.0611 0x0ddc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:58:12.0633 0x0ddc  SNMPTRAP - ok
19:58:12.0651 0x0ddc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:58:12.0662 0x0ddc  spldr - ok
19:58:12.0705 0x0ddc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
19:58:12.0749 0x0ddc  Spooler - ok
19:58:12.0866 0x0ddc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:58:12.0966 0x0ddc  sppsvc - ok
19:58:12.0979 0x0ddc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:58:13.0008 0x0ddc  sppuinotify - ok
19:58:13.0070 0x0ddc  [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd            C:\Windows\System32\Drivers\sptd.sys
19:58:13.0099 0x0ddc  sptd - ok
19:58:13.0134 0x0ddc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:58:13.0151 0x0ddc  srv - ok
19:58:13.0163 0x0ddc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:58:13.0187 0x0ddc  srv2 - ok
19:58:13.0195 0x0ddc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:58:13.0206 0x0ddc  srvnet - ok
19:58:13.0234 0x0ddc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:58:13.0273 0x0ddc  SSDPSRV - ok
19:58:13.0290 0x0ddc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:58:13.0326 0x0ddc  SstpSvc - ok
19:58:13.0366 0x0ddc  [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
19:58:13.0377 0x0ddc  ssudmdm - ok
19:58:13.0401 0x0ddc  [ F7093A27C4AF6D9EEA0ACAC1C4FF6828, 40E1A8FB08D3063711E87C15B24009B397CAD279905AA72FADBB4A8B611474CD ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
19:58:13.0413 0x0ddc  ssudserd - ok
19:58:13.0467 0x0ddc  [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:58:13.0490 0x0ddc  Steam Client Service - ok
19:58:13.0510 0x0ddc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:58:13.0518 0x0ddc  stexstor - ok
19:58:13.0552 0x0ddc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:58:13.0577 0x0ddc  stisvc - ok
19:58:13.0625 0x0ddc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:58:13.0644 0x0ddc  swenum - ok
19:58:13.0707 0x0ddc  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:58:13.0737 0x0ddc  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
19:58:16.0165 0x0ddc  Detect skipped due to KSN trusted
19:58:16.0165 0x0ddc  SwitchBoard - ok
19:58:16.0232 0x0ddc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:58:16.0278 0x0ddc  swprv - ok
19:58:16.0344 0x0ddc  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:58:16.0395 0x0ddc  SysMain - ok
19:58:16.0415 0x0ddc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:58:16.0441 0x0ddc  TabletInputService - ok
19:58:16.0466 0x0ddc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:58:16.0508 0x0ddc  TapiSrv - ok
19:58:16.0518 0x0ddc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:58:16.0573 0x0ddc  TBS - ok
19:58:16.0702 0x0ddc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:58:16.0751 0x0ddc  Tcpip - ok
19:58:16.0807 0x0ddc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:58:16.0854 0x0ddc  TCPIP6 - ok
19:58:16.0875 0x0ddc  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:58:16.0884 0x0ddc  tcpipreg - ok
19:58:16.0907 0x0ddc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:58:16.0916 0x0ddc  TDPIPE - ok
19:58:16.0957 0x0ddc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:58:16.0978 0x0ddc  TDTCP - ok
19:58:17.0008 0x0ddc  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:58:17.0022 0x0ddc  tdx - ok
19:58:17.0033 0x0ddc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:58:17.0045 0x0ddc  TermDD - ok
19:58:17.0088 0x0ddc  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
19:58:17.0115 0x0ddc  TermService - ok
19:58:17.0125 0x0ddc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:58:17.0139 0x0ddc  Themes - ok
19:58:17.0157 0x0ddc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:58:17.0184 0x0ddc  THREADORDER - ok
19:58:17.0200 0x0ddc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:58:17.0228 0x0ddc  TrkWks - ok
19:58:17.0274 0x0ddc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:58:17.0303 0x0ddc  TrustedInstaller - ok
19:58:17.0331 0x0ddc  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:58:17.0340 0x0ddc  tssecsrv - ok
19:58:17.0359 0x0ddc  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:58:17.0367 0x0ddc  TsUsbFlt - ok
19:58:17.0391 0x0ddc  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:58:17.0399 0x0ddc  TsUsbGD - ok
19:58:17.0503 0x0ddc  [ 258C050D197D923668B36C8D3F6A2353, 9A8CDC8FDCF24986FE963566591E2B535653837A8A63EE462126D336E6F94E97 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
19:58:17.0556 0x0ddc  TuneUp.UtilitiesSvc - ok
19:58:17.0618 0x0ddc  [ 45427C4B8CAC6B241478F149B935CD80, 7F772D6D00D1ADD394F5907804661C75780EE9F8DF21EF0719D3E4ABA00092B7 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
19:58:17.0637 0x0ddc  TuneUpUtilitiesDrv - ok
19:58:17.0660 0x0ddc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:58:17.0699 0x0ddc  tunnel - ok
19:58:17.0715 0x0ddc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:58:17.0724 0x0ddc  uagp35 - ok
19:58:17.0756 0x0ddc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:58:17.0787 0x0ddc  udfs - ok
19:58:17.0802 0x0ddc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:58:17.0812 0x0ddc  UI0Detect - ok
19:58:17.0835 0x0ddc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:58:17.0843 0x0ddc  uliagpkx - ok
19:58:17.0865 0x0ddc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:58:17.0895 0x0ddc  umbus - ok
19:58:17.0909 0x0ddc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:58:17.0944 0x0ddc  UmPass - ok
19:58:17.0970 0x0ddc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:58:18.0012 0x0ddc  upnphost - ok
19:58:18.0030 0x0ddc  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:58:18.0040 0x0ddc  usbaudio - ok
19:58:18.0056 0x0ddc  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:58:18.0066 0x0ddc  usbccgp - ok
19:58:18.0084 0x0ddc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:58:18.0094 0x0ddc  usbcir - ok
19:58:18.0112 0x0ddc  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:58:18.0129 0x0ddc  usbehci - ok
19:58:18.0149 0x0ddc  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:58:18.0163 0x0ddc  usbhub - ok
19:58:18.0174 0x0ddc  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:58:18.0191 0x0ddc  usbohci - ok
19:58:18.0208 0x0ddc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:58:18.0232 0x0ddc  usbprint - ok
19:58:18.0263 0x0ddc  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:58:18.0272 0x0ddc  USBSTOR - ok
19:58:18.0293 0x0ddc  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:58:18.0311 0x0ddc  usbuhci - ok
19:58:18.0347 0x0ddc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:58:18.0359 0x0ddc  usbvideo - ok
19:58:18.0377 0x0ddc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:58:18.0404 0x0ddc  UxSms - ok
19:58:18.0429 0x0ddc  [ 97BCD40E27C46B398524DF9B4DC88A6F, D1466C414B6044B65D63138B3C42B54B3B6E54AD40613E171F980D0E0D9627B5 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
19:58:18.0436 0x0ddc  UxTuneUp - ok
19:58:18.0446 0x0ddc  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc        C:\Windows\system32\lsass.exe
19:58:18.0455 0x0ddc  VaultSvc - ok
19:58:18.0469 0x0ddc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:58:18.0477 0x0ddc  vdrvroot - ok
19:58:18.0497 0x0ddc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:58:18.0534 0x0ddc  vds - ok
19:58:18.0555 0x0ddc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:58:18.0566 0x0ddc  vga - ok
19:58:18.0585 0x0ddc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:58:18.0623 0x0ddc  VgaSave - ok
19:58:18.0679 0x0ddc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:58:18.0700 0x0ddc  vhdmp - ok
19:58:18.0799 0x0ddc  [ EECF5B7210D773F3501CEDA848D53D31, C98034418DA5351A82B3FFAFBD277BAE4AE8AF25DD491BF628CEA0C708A5A9B2 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:58:18.0852 0x0ddc  VIAHdAudAddService - ok
19:58:18.0874 0x0ddc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:58:18.0881 0x0ddc  viaide - ok
19:58:18.0890 0x0ddc  [ 43412F74D9516EF87988F2397A9B8E78, 82253E49D2762D67D202A8D3A215EF5F937ADFCF711AD238B6FDACAE0CC80A49 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
19:58:18.0897 0x0ddc  VIAKaraokeService - ok
19:58:18.0902 0x0ddc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:58:18.0911 0x0ddc  volmgr - ok
19:58:18.0922 0x0ddc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:58:18.0936 0x0ddc  volmgrx - ok
19:58:18.0946 0x0ddc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:58:18.0960 0x0ddc  volsnap - ok
19:58:18.0970 0x0ddc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:58:18.0981 0x0ddc  vsmraid - ok
19:58:19.0028 0x0ddc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:58:19.0098 0x0ddc  VSS - ok
19:58:19.0114 0x0ddc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:58:19.0140 0x0ddc  vwifibus - ok
19:58:19.0161 0x0ddc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:58:19.0196 0x0ddc  W32Time - ok
19:58:19.0219 0x0ddc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:58:19.0257 0x0ddc  WacomPen - ok
19:58:19.0272 0x0ddc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:58:19.0303 0x0ddc  WANARP - ok
19:58:19.0308 0x0ddc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:58:19.0334 0x0ddc  Wanarpv6 - ok
19:58:19.0380 0x0ddc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:58:19.0420 0x0ddc  wbengine - ok
19:58:19.0437 0x0ddc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:58:19.0454 0x0ddc  WbioSrvc - ok
19:58:19.0469 0x0ddc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:58:19.0489 0x0ddc  wcncsvc - ok
19:58:19.0499 0x0ddc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:58:19.0509 0x0ddc  WcsPlugInService - ok
19:58:19.0521 0x0ddc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
19:58:19.0528 0x0ddc  Wd - ok
19:58:19.0544 0x0ddc  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
19:58:19.0551 0x0ddc  WDC_SAM - ok
19:58:19.0580 0x0ddc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:58:19.0606 0x0ddc  Wdf01000 - ok
19:58:19.0669 0x0ddc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:58:19.0719 0x0ddc  WdiServiceHost - ok
19:58:19.0729 0x0ddc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:58:19.0751 0x0ddc  WdiSystemHost - ok
19:58:19.0777 0x0ddc  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
19:58:19.0792 0x0ddc  WebClient - ok
19:58:19.0808 0x0ddc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:58:19.0847 0x0ddc  Wecsvc - ok
19:58:19.0852 0x0ddc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:58:19.0880 0x0ddc  wercplsupport - ok
19:58:19.0895 0x0ddc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:58:19.0923 0x0ddc  WerSvc - ok
19:58:19.0934 0x0ddc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:58:19.0961 0x0ddc  WfpLwf - ok
19:58:19.0979 0x0ddc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:58:19.0987 0x0ddc  WIMMount - ok
19:58:20.0008 0x0ddc  WinDefend - ok
19:58:20.0013 0x0ddc  WinHttpAutoProxySvc - ok
19:58:20.0054 0x0ddc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:58:20.0086 0x0ddc  Winmgmt - ok
19:58:20.0156 0x0ddc  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
19:58:20.0207 0x0ddc  WinRM - ok
19:58:20.0230 0x0ddc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:58:20.0241 0x0ddc  WinUsb - ok
19:58:20.0282 0x0ddc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:58:20.0316 0x0b40  Object required for P2P: [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject
19:58:20.0321 0x0ddc  Wlansvc - ok
19:58:20.0497 0x0ddc  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:58:20.0553 0x0ddc  wlidsvc - ok
19:58:20.0594 0x0ddc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:58:20.0603 0x0ddc  WmiAcpi - ok
19:58:20.0621 0x0ddc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:58:20.0633 0x0ddc  wmiApSrv - ok
19:58:20.0638 0x0ddc  WMPNetworkSvc - ok
19:58:20.0652 0x0ddc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:58:20.0661 0x0ddc  WPCSvc - ok
19:58:20.0690 0x0ddc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:58:20.0703 0x0ddc  WPDBusEnum - ok
19:58:20.0714 0x0ddc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:58:20.0740 0x0ddc  ws2ifsl - ok
19:58:20.0749 0x0ddc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
19:58:20.0763 0x0ddc  wscsvc - ok
19:58:20.0766 0x0ddc  WSearch - ok
19:58:20.0849 0x0ddc  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:58:20.0911 0x0ddc  wuauserv - ok
19:58:20.0932 0x0ddc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:58:20.0941 0x0ddc  WudfPf - ok
19:58:20.0955 0x0ddc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:20.0967 0x0ddc  WUDFRd - ok
19:58:20.0993 0x0ddc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:58:21.0003 0x0ddc  wudfsvc - ok
19:58:21.0023 0x0ddc  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:58:21.0048 0x0ddc  WwanSvc - ok
19:58:21.0054 0x0ddc  ================ Scan global ===============================
19:58:21.0100 0x0ddc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:58:21.0136 0x0ddc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:58:21.0154 0x0ddc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:58:21.0176 0x0ddc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:58:21.0220 0x0ddc  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:58:21.0238 0x0ddc  [ Global ] - ok
19:58:21.0239 0x0ddc  ================ Scan MBR ==================================
19:58:21.0245 0x0ddc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:58:21.0512 0x0ddc  \Device\Harddisk0\DR0 - ok
19:58:21.0532 0x0ddc  [ 205060F860AA1EC25B607A1B5B40A40C ] \Device\Harddisk1\DR1
19:58:21.0618 0x0ddc  \Device\Harddisk1\DR1 - ok
19:58:21.0628 0x0ddc  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
19:58:22.0174 0x0ddc  \Device\Harddisk2\DR2 - ok
19:58:22.0182 0x0ddc  [ 988D3C46CBD13EC7F482B833C55264C8 ] \Device\Harddisk3\DR3
19:58:22.0643 0x0ddc  \Device\Harddisk3\DR3 - ok
19:58:22.0644 0x0ddc  ================ Scan VBR ==================================
19:58:22.0652 0x0ddc  [ C07BC3BE82CA91B4832947491A4E6E31 ] \Device\Harddisk0\DR0\Partition1
19:58:22.0655 0x0ddc  \Device\Harddisk0\DR0\Partition1 - ok
19:58:22.0668 0x0ddc  [ EDB793810F8BAECAE2F9D3C0C5311652 ] \Device\Harddisk0\DR0\Partition2
19:58:22.0705 0x0ddc  \Device\Harddisk0\DR0\Partition2 - ok
19:58:22.0707 0x0ddc  [ ED28D0D8202823080428C72EEA85B213 ] \Device\Harddisk0\DR0\Partition3
19:58:22.0708 0x0ddc  \Device\Harddisk0\DR0\Partition3 - ok
19:58:22.0730 0x0ddc  [ 7604813F6EDB7C5C5A77592F1C163FE0 ] \Device\Harddisk1\DR1\Partition1
19:58:22.0731 0x0ddc  \Device\Harddisk1\DR1\Partition1 - ok
19:58:22.0731 0x0b40  Object send P2P result: true
19:58:22.0752 0x0ddc  [ 887DD3C8B480381118BB555328DFF85E ] \Device\Harddisk1\DR1\Partition2
19:58:22.0753 0x0ddc  \Device\Harddisk1\DR1\Partition2 - ok
19:58:22.0769 0x0ddc  [ 81023E46A17A1940216BCDC3921122DC ] \Device\Harddisk1\DR1\Partition3
19:58:22.0770 0x0ddc  \Device\Harddisk1\DR1\Partition3 - ok
19:58:22.0774 0x0ddc  [ 60B4F8F9D84337FFBADD364A2E6A3988 ] \Device\Harddisk1\DR1\Partition4
19:58:22.0775 0x0ddc  \Device\Harddisk1\DR1\Partition4 - ok
19:58:22.0778 0x0ddc  [ 97793C6EBE782489632BE676E2C9BE30 ] \Device\Harddisk2\DR2\Partition1
19:58:22.0780 0x0ddc  \Device\Harddisk2\DR2\Partition1 - ok
19:58:22.0782 0x0ddc  [ EFB00E60BB2055492290E549E5A4574A ] \Device\Harddisk3\DR3\Partition1
19:58:22.0783 0x0ddc  \Device\Harddisk3\DR3\Partition1 - ok
19:58:22.0785 0x0ddc  ================ Scan generic autorun ======================
19:58:22.0857 0x0ddc  [ 320681DF28D82CDCA7E3EED0846625DB, 7F709ADFB0FE36BEC857A928E9CB29BB5B6C0BAD98824D0302C7BB7185100CB9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
19:58:22.0875 0x0ddc  AdobeAAMUpdater-1.0 - ok
19:58:23.0052 0x0ddc  [ 3D6737ADDB9B1DF81605C442ED6D2D90, 5B8D68945E1A97FD1AF40333448FE335743F48F46A70E303ADF406CC0CC253FB ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
19:58:23.0173 0x0ddc  HDAudDeck - detected UnsignedFile.Multi.Generic ( 1 )
19:58:25.0590 0x0ddc  Detect skipped due to KSN trusted
19:58:25.0590 0x0ddc  HDAudDeck - ok
19:58:25.0653 0x0ddc  [ 94D247679E0862C7FA8C5AD712E03948, B6579E5675DDEE338D5248B6A1769CFCEC72DF127A5A367980F388FE782C4748 ] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe
19:58:25.0677 0x0ddc  Cpu Level Up help - ok
19:58:25.0738 0x0ddc  [ 80F72159E0EB98A9B32FF61132C2E60D, 7F9AD5AE0C23EC5AB7DD63020897646A57CD275D325D399C35001C3DAC0B147F ] C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
19:58:25.0781 0x0ddc  Turbo Key - detected UnsignedFile.Multi.Generic ( 1 )
19:58:28.0198 0x0ddc  Detect skipped due to KSN trusted
19:58:28.0198 0x0ddc  Turbo Key - ok
19:58:28.0232 0x0ddc  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:58:28.0255 0x0ddc  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
19:58:28.0255 0x0ddc  Detect skipped due to KSN trusted
19:58:28.0255 0x0ddc  SwitchBoard - ok
19:58:28.0299 0x0ddc  [ 8FE651ACBA3344E645CFEB6286FFF6B8, ECE4DFFEB7EB0B19B6790FD0F619A5C4B23CA0BA9CC3F25924925F8EA07264B6 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
19:58:28.0326 0x0ddc  AdobeCS6ServiceManager - ok
19:58:28.0356 0x0ddc  [ C5239F47944FA3036A256DE9BDB94EB6, 3464B8B5036FA954553850A590D765D30E805818049FBF2E6C444B5FB0147BD4 ] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
19:58:28.0369 0x0ddc  Zboard - detected UnsignedFile.Multi.Generic ( 1 )
19:58:30.0789 0x0ddc  Detect skipped due to KSN trusted
19:58:30.0789 0x0ddc  Zboard - ok
19:58:30.0887 0x0ddc  [ DB3682851D0218AEC5911CD0D1D7AABE, E3186E075F788131C7E6746D035DED5E3056E20784D635D5CAEC00EF3D27CC72 ] C:\Program Files (x86)\BF2Hub Client\bf2hub.exe
19:58:30.0923 0x0ddc  BF2Hub Client - detected UnsignedFile.Multi.Generic ( 1 )
19:58:33.0310 0x0f98  Object required for P2P: [ 320681DF28D82CDCA7E3EED0846625DB ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
19:58:33.0402 0x0ddc  BF2Hub Client ( UnsignedFile.Multi.Generic ) - warning
19:58:35.0733 0x0f98  Object send P2P result: true
19:58:35.0803 0x0ddc  [ F8A3337DE768B126B061F1B7CD38A436, F93EE8D8D7CA28658587F82C38AE6C13D51A03CFE8DE6AC3BA35DC6A1DB986CE ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
19:58:35.0826 0x0ddc  KiesTrayAgent - ok
19:58:35.0861 0x0ddc  [ ACFE2A5FBB735E6463B51D19A84B5C1E, ECCA84BD6E56C2370BBCF1EFE88F92649DF040C53D73711C5BBEF19962214119 ] C:\Program Files (x86)\Raptr\raptrstub.exe
19:58:35.0871 0x0ddc  Raptr - ok
19:58:35.0961 0x0ddc  [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
19:58:35.0988 0x0ddc  StartCCC - ok
19:58:36.0149 0x0ddc  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
19:58:36.0239 0x0ddc  SDTray - ok
19:58:36.0247 0x0ddc  {438CD09C-011B-459C-A685-5269559B3DF4} - ok
19:58:36.0336 0x0ddc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:58:36.0384 0x0ddc  Sidebar - ok
19:58:36.0413 0x0ddc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:58:36.0427 0x0ddc  mctadmin - ok
19:58:36.0474 0x0ddc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:58:36.0507 0x0ddc  Sidebar - ok
19:58:36.0513 0x0ddc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:58:36.0527 0x0ddc  mctadmin - ok
19:58:36.0574 0x0ddc  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\SysWOW64\rundll32.exe
19:58:36.0598 0x0ddc  NextLive - ok
19:58:36.0712 0x0ddc  [ 3255867AE34EDD5346C750677EE63354, 3FC8E1EFF33EE83717C285D0CD388886135C5BF977B69CF6ADCFD4196139D483 ] C:\Program Files (x86)\Steam\Steam.exe
19:58:36.0776 0x0ddc  Steam - ok
19:58:36.0920 0x0ddc  [ 1BFCA8EBFBDC43B5C7C3BCF92A47DD77, EA4A4B5E4BFB31451A472A3E5F23CA163EB53B7D08C892454D6905B034ABBBF6 ] C:\Program Files (x86)\Origin\Origin.exe
19:58:37.0000 0x0ddc  EADM - ok
19:58:37.0061 0x0ddc  [ 2F85D5E63A1ECE08085D32C1B615BBFD, 7263F4E0CC7D375CBAA44406F90F427E6EC9382184B3CD62A90C0DD6B7D88372 ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
19:58:37.0098 0x0ddc  KiesPreload - ok
19:58:37.0134 0x0ddc  [ 06ACC931AD00231ECAD476F56AE73368, BFB82E25F4D6021E43BF8627A7BF0DFA7027AB38B4F3B6AD1DEB8461D4F87AD5 ] C:\Users\Wallace\AppData\Roaming\Pace-worried\paceoccasion.exe
19:58:37.0134 0x0ddc  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Roaming\Pace-worried\paceoccasion.exe. md5: 06ACC931AD00231ECAD476F56AE73368, sha256: BFB82E25F4D6021E43BF8627A7BF0DFA7027AB38B4F3B6AD1DEB8461D4F87AD5
19:58:37.0134 0x0ddc  pace-egg - detected LockedFile.Multi.Generic ( 1 )
19:58:39.0549 0x0ddc  Detect turned to UDS exact due to KSN untrusted
19:58:39.0549 0x0ddc  pace-egg ( UDS:DangerousObject.Multi.Generic ) - infected
19:58:39.0549 0x0ddc  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Roaming\Pace-worried\paceoccasion.exe
19:58:41.0974 0x0ddc  Object send P2P result: true
19:58:44.0359 0x0ddc  [ F4FAEFA73454CD942314ECF40953D93B, 3645ACF85998631E4E75FF7D9DAF7A813684DB77DFD7996A6A1768231B7250E9 ] C:\Users\Wallace\AppData\Roaming\Hatinvite\hat_retire.exe
19:58:44.0359 0x0ddc  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Roaming\Hatinvite\hat_retire.exe. md5: F4FAEFA73454CD942314ECF40953D93B, sha256: 3645ACF85998631E4E75FF7D9DAF7A813684DB77DFD7996A6A1768231B7250E9
19:58:44.0360 0x0ddc  hat-date - detected LockedFile.Multi.Generic ( 1 )
19:58:46.0789 0x0ddc  Object required for P2P: [ F4FAEFA73454CD942314ECF40953D93B ] C:\Users\Wallace\AppData\Roaming\Hatinvite\hat_retire.exe
19:58:49.0214 0x0ddc  Object send P2P result: true
19:58:49.0214 0x0ddc  Detect turned to UDS exact due to KSN untrusted
19:58:49.0214 0x0ddc  hat-date ( UDS:DangerousObject.Multi.Generic ) - infected
19:58:49.0214 0x0ddc  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Roaming\Hatinvite\hat_retire.exe
19:59:02.0654 0x0ddc  Object send P2P result: true
19:59:05.0066 0x0ddc  [ C9F15C15E1B5B06062CD9BAA1133D77C, 49F466489532FF55F2BF7AA8E28A6277BE04211B0BED2BF7F3DB15D9485BAB6F ] C:\Users\Wallace\AppData\Local\Temp\String-entrance\string-justify.exe
19:59:05.0067 0x0ddc  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Local\Temp\String-entrance\string-justify.exe. md5: C9F15C15E1B5B06062CD9BAA1133D77C, sha256: 49F466489532FF55F2BF7AA8E28A6277BE04211B0BED2BF7F3DB15D9485BAB6F
19:59:05.0087 0x0ddc  string-weekend - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
19:59:07.0507 0x0ddc  string-weekend ( Trojan-Spy.Win32.ZBot.gen ) - infected
19:59:07.0507 0x0ddc  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Local\Temp\String-entrance\string-justify.exe
19:59:09.0934 0x0ddc  Object send P2P result: true
19:59:12.0322 0x0ddc  [ 6E1E462001758C45B740158E831B19C1, 3936F8F783E3E3CA933831E17D6C0066830B55D7F26E1D78799982FF53022158 ] C:\Users\Wallace\AppData\Roaming\Contest_team\contest_interview.exe
19:59:12.0323 0x0ddc  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Roaming\Contest_team\contest_interview.exe. md5: 6E1E462001758C45B740158E831B19C1, sha256: 3936F8F783E3E3CA933831E17D6C0066830B55D7F26E1D78799982FF53022158
19:59:12.0323 0x0ddc  contest-compare - detected LockedFile.Multi.Generic ( 1 )
19:59:14.0749 0x0ddc  Detect turned to UDS exact due to KSN untrusted
19:59:14.0749 0x0ddc  contest-compare ( UDS:DangerousObject.Multi.Generic ) - infected
19:59:14.0749 0x0ddc  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Roaming\Contest_team\contest_interview.exe
19:59:17.0182 0x0ddc  Object send P2P result: true
19:59:19.0580 0x0ddc  [ E0942E3DD4A6078D0A678A9093018CFC, 0C9BD42A55E5A6EA7F1F911944D64B6E9CE43E6675508C69663A99F5B39E1A48 ] C:\Users\Wallace\AppData\Roaming\Opening-speed\opening_pause.exe
19:59:19.0580 0x0ddc  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Roaming\Opening-speed\opening_pause.exe. md5: E0942E3DD4A6078D0A678A9093018CFC, sha256: 0C9BD42A55E5A6EA7F1F911944D64B6E9CE43E6675508C69663A99F5B39E1A48
19:59:19.0581 0x0ddc  openinglimited - detected LockedFile.Multi.Generic ( 1 )
19:59:22.0008 0x0ddc  Detect turned to UDS exact due to KSN untrusted
19:59:22.0008 0x0ddc  openinglimited ( UDS:DangerousObject.Multi.Generic ) - infected
19:59:22.0009 0x0ddc  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Roaming\Opening-speed\opening_pause.exe
19:59:24.0483 0x0ddc  Object send P2P result: true
19:59:26.0875 0x0ddc  [ 682A590D24524DC5EC2C96F59407A9D3, CB36F86D80FF0EA329183FD6393ECBFAB4081B6146821B8A1B5D29F46451E9B6 ] C:\Users\Wallace\AppData\Local\Temp\Proof-shock\proof-switch.exe
19:59:26.0875 0x0ddc  Suspicious file ( Hidden ): C:\Users\Wallace\AppData\Local\Temp\Proof-shock\proof-switch.exe. md5: 682A590D24524DC5EC2C96F59407A9D3, sha256: CB36F86D80FF0EA329183FD6393ECBFAB4081B6146821B8A1B5D29F46451E9B6
19:59:26.0883 0x0ddc  proof-reflect - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
19:59:29.0308 0x0ddc  proof-reflect ( Trojan-Spy.Win32.ZBot.gen ) - infected
19:59:29.0308 0x0ddc  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Local\Temp\Proof-shock\proof-switch.exe
19:59:31.0726 0x0ddc  Object send P2P result: true
19:59:34.0134 0x0ddc  [ 648847084828A4E2EB16342306F04A03, 99028B19114A3081BA0E34F1ED3CB8A5F9FC87DA3186EFA445F2C2783A248063 ] C:\Users\Wallace\AppData\Roaming\Matter-suffer\matter_slide.exe
19:59:34.0135 0x0ddc  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Roaming\Matter-suffer\matter_slide.exe. md5: 648847084828A4E2EB16342306F04A03, sha256: 99028B19114A3081BA0E34F1ED3CB8A5F9FC87DA3186EFA445F2C2783A248063
19:59:34.0135 0x0ddc  matter-visit - detected LockedFile.Multi.Generic ( 1 )
19:59:39.0559 0x0ddc  Detect turned to UDS exact due to KSN untrusted
19:59:39.0559 0x0ddc  matter-visit ( UDS:DangerousObject.Multi.Generic ) - infected
19:59:39.0559 0x0ddc  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Roaming\Matter-suffer\matter_slide.exe
19:59:41.0983 0x0ddc  Object send P2P result: true
19:59:44.0366 0x0ddc  Win FW state via NFP2: enabled
19:59:46.0714 0x0ddc  ============================================================
19:59:46.0714 0x0ddc  Scan finished
19:59:46.0714 0x0ddc  ============================================================
19:59:46.0727 0x0960  Detected object count: 8
19:59:46.0727 0x0960  Actual detected object count: 8
20:07:36.0058 0x0960  BF2Hub Client ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:36.0058 0x0960  BF2Hub Client ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:36.0092 0x0960  C:\Users\Wallace\AppData\Roaming\Pace-worried\paceoccasion.exe - copied to quarantine
20:07:36.0093 0x0960  HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce:pace-egg - will be deleted on reboot
20:07:36.0093 0x0960  C:\Users\Wallace\AppData\Roaming\Pace-worried\paceoccasion.exe - will be deleted on reboot
20:07:36.0093 0x0960  pace-egg ( UDS:DangerousObject.Multi.Generic ) - User select action: Delete 
20:07:36.0116 0x0960  C:\Users\Wallace\AppData\Roaming\Hatinvite\hat_retire.exe - copied to quarantine
20:07:36.0116 0x0960  HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce:hat-date - will be deleted on reboot
20:07:36.0117 0x0960  C:\Users\Wallace\AppData\Roaming\Hatinvite\hat_retire.exe - will be deleted on reboot
20:07:36.0117 0x0960  hat-date ( UDS:DangerousObject.Multi.Generic ) - User select action: Delete 
20:07:36.0145 0x0960  C:\Users\Wallace\AppData\Local\Temp\String-entrance\string-justify.exe - copied to quarantine
20:07:36.0146 0x0960  HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce:string-weekend - will be deleted on reboot
20:07:36.0147 0x0960  C:\Users\Wallace\AppData\Local\Temp\String-entrance\string-justify.exe - will be deleted on reboot
20:07:36.0147 0x0960  string-weekend ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Delete 
20:07:36.0176 0x0960  C:\Users\Wallace\AppData\Roaming\Contest_team\contest_interview.exe - copied to quarantine
20:07:36.0176 0x0960  HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce:contest-compare - will be deleted on reboot
20:07:36.0177 0x0960  C:\Users\Wallace\AppData\Roaming\Contest_team\contest_interview.exe - will be deleted on reboot
20:07:36.0177 0x0960  contest-compare ( UDS:DangerousObject.Multi.Generic ) - User select action: Delete 
20:07:36.0208 0x0960  C:\Users\Wallace\AppData\Roaming\Opening-speed\opening_pause.exe - copied to quarantine
20:07:36.0208 0x0960  HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce:openinglimited - will be deleted on reboot
20:07:36.0209 0x0960  C:\Users\Wallace\AppData\Roaming\Opening-speed\opening_pause.exe - will be deleted on reboot
20:07:36.0209 0x0960  openinglimited ( UDS:DangerousObject.Multi.Generic ) - User select action: Delete 
20:07:36.0245 0x0960  C:\Users\Wallace\AppData\Local\Temp\Proof-shock\proof-switch.exe - copied to quarantine
20:07:36.0245 0x0960  HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce:proof-reflect - will be deleted on reboot
20:07:36.0246 0x0960  C:\Users\Wallace\AppData\Local\Temp\Proof-shock\proof-switch.exe - will be deleted on reboot
20:07:36.0246 0x0960  proof-reflect ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Delete 
20:07:36.0278 0x0960  C:\Users\Wallace\AppData\Roaming\Matter-suffer\matter_slide.exe - copied to quarantine
20:07:36.0278 0x0960  HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce:matter-visit - will be deleted on reboot
20:07:36.0281 0x0960  C:\Users\Wallace\AppData\Roaming\Matter-suffer\matter_slide.exe - will be deleted on reboot
20:07:36.0281 0x0960  matter-visit ( UDS:DangerousObject.Multi.Generic ) - User select action: Delete 
20:07:36.0931 0x0960  KLMD registered as C:\Windows\system32\drivers\18745686.sys
20:07:40.0186 0x038c  Deinitialize success
         

Geändert von DaWallace (23.02.2015 um 20:30 Uhr)

Alt 23.02.2015, 20:30   #8
DaWallace
 
Angeblich nymaim Trojaner eingefangen - Standard

Teil2



Und nach dem Reboot der zweite Scan mit Reboot:
Code:
ATTFilter
20:12:57.0145 0x0e78  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:12:57.0550 0x0e78  ============================================================
20:12:57.0550 0x0e78  Current date / time: 2015/02/23 20:12:57.0550
20:12:57.0550 0x0e78  SystemInfo:
20:12:57.0550 0x0e78  
20:12:57.0550 0x0e78  OS Version: 6.1.7601 ServicePack: 1.0
20:12:57.0550 0x0e78  Product type: Workstation
20:12:57.0550 0x0e78  ComputerName: DRAGON64
20:12:57.0550 0x0e78  UserName: Wallace
20:12:57.0550 0x0e78  Windows directory: C:\Windows
20:12:57.0550 0x0e78  System windows directory: C:\Windows
20:12:57.0550 0x0e78  Running under WOW64
20:12:57.0550 0x0e78  Processor architecture: Intel x64
20:12:57.0550 0x0e78  Number of processors: 4
20:12:57.0550 0x0e78  Page size: 0x1000
20:12:57.0550 0x0e78  Boot type: Normal boot
20:12:57.0550 0x0e78  ============================================================
20:12:57.0550 0x0e78  BG loaded
20:12:58.0674 0x0e78  System UUID: {16D1EC3B-9554-5EDC-4910-9ECB978DB774}
20:12:59.0984 0x0e78  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:13:00.0046 0x0e78  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:13:00.0062 0x0e78  Drive \Device\Harddisk2\DR2 - Size: 0x1D1BF100000 ( 1862.99 Gb ), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:13:00.0062 0x0e78  Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:13:00.0078 0x0e78  ============================================================
20:13:00.0078 0x0e78  \Device\Harddisk0\DR0:
20:13:00.0390 0x0e78  MBR partitions:
20:13:00.0390 0x0e78  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:13:00.0390 0x0e78  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55AE0800
20:13:00.0390 0x0e78  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x55B13000, BlocksNum 0x1A32800
20:13:00.0390 0x0e78  \Device\Harddisk1\DR1:
20:13:00.0405 0x0e78  MBR partitions:
20:13:00.0405 0x0e78  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x61D6AB1, BlocksNum 0xC35314E
20:13:00.0421 0x0e78  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12529C3E, BlocksNum 0x124FAAB4
20:13:00.0436 0x0e78  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x24A24731, BlocksNum 0x15960510
20:13:00.0436 0x0e78  \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x61D2B72
20:13:00.0436 0x0e78  \Device\Harddisk2\DR2:
20:13:00.0436 0x0e78  MBR partitions:
20:13:00.0436 0x0e78  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
20:13:00.0436 0x0e78  \Device\Harddisk3\DR3:
20:13:00.0436 0x0e78  MBR partitions:
20:13:00.0436 0x0e78  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A380D41
20:13:00.0436 0x0e78  ============================================================
20:13:00.0780 0x0e78  C: <-> \Device\Harddisk0\DR0\Partition2
20:13:00.0811 0x0e78  D: <-> \Device\Harddisk1\DR1\Partition4
20:13:00.0842 0x0e78  E: <-> \Device\Harddisk1\DR1\Partition1
20:13:00.0873 0x0e78  F: <-> \Device\Harddisk1\DR1\Partition2
20:13:00.0904 0x0e78  G: <-> \Device\Harddisk1\DR1\Partition3
20:13:01.0279 0x0e78  H: <-> \Device\Harddisk0\DR0\Partition3
20:13:01.0324 0x0e78  O: <-> \Device\Harddisk2\DR2\Partition1
20:13:01.0334 0x0e78  Q: <-> \Device\Harddisk3\DR3\Partition1
20:13:01.0334 0x0e78  ============================================================
20:13:01.0334 0x0e78  Initialize success
20:13:01.0334 0x0e78  ============================================================
20:17:15.0524 0x0cec  ============================================================
20:17:15.0524 0x0cec  Scan started
20:17:15.0524 0x0cec  Mode: Manual; SigCheck; TDLFS; 
20:17:15.0524 0x0cec  ============================================================
20:17:15.0524 0x0cec  KSN ping started
20:17:28.0957 0x0cec  KSN ping finished: true
20:17:32.0389 0x0cec  ================ Scan system memory ========================
20:17:32.0389 0x0cec  System memory - ok
20:17:32.0389 0x0cec  ================ Scan services =============================
20:17:32.0560 0x0cec  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:17:32.0623 0x0cec  1394ohci - ok
20:17:32.0654 0x0cec  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:17:32.0670 0x0cec  ACPI - ok
20:17:32.0685 0x0cec  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:17:32.0748 0x0cec  AcpiPmi - ok
20:17:32.0779 0x0cec  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:17:32.0810 0x0cec  AdobeARMservice - ok
20:17:32.0888 0x0cec  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:17:32.0919 0x0cec  AdobeFlashPlayerUpdateSvc - ok
20:17:32.0950 0x0cec  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:17:32.0966 0x0cec  adp94xx - ok
20:17:32.0997 0x0cec  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:17:33.0013 0x0cec  adpahci - ok
20:17:33.0028 0x0cec  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:17:33.0028 0x0cec  adpu320 - ok
20:17:33.0060 0x0cec  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:17:33.0138 0x0cec  AeLookupSvc - ok
20:17:33.0184 0x0cec  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:17:33.0216 0x0cec  AFD - ok
20:17:33.0231 0x0cec  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:17:33.0247 0x0cec  agp440 - ok
20:17:33.0278 0x0cec  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:17:33.0309 0x0cec  ALG - ok
20:17:33.0325 0x0cec  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:17:33.0325 0x0cec  aliide - ok
20:17:33.0356 0x0cec  [ B3E801135E0C81733542C14D9AA8120A, 69A19C73BBB942DDEBD079EF924ED1AEFC3516867569618D2FBBD1CD831204C2 ] Alpham1         C:\Windows\system32\DRIVERS\Alpham164.sys
20:17:33.0387 0x0cec  Alpham1 - ok
20:17:33.0403 0x0cec  [ 6493983FEDBC49D9112703ECE9B251FE, E5D0EEBA8C8D9C02CC4109C86ABC6375E5CF79F6549917C011238FD2DD78BF71 ] Alpham2         C:\Windows\system32\DRIVERS\Alpham264.sys
20:17:33.0418 0x0cec  Alpham2 - ok
20:17:33.0528 0x0cec  [ F17B1902DFCED1C24DB57492A7896FF8, 966AB1A072A8AF98D7EDD2A388D919B50FC41A06E1C51B04B2C2F54F1BA7F0D5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:17:33.0543 0x0cec  AMD External Events Utility - ok
20:17:33.0590 0x0cec  AMD FUEL Service - ok
20:17:33.0590 0x0cec  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:17:33.0606 0x0cec  amdide - ok
20:17:33.0621 0x0cec  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:17:33.0637 0x0cec  AmdK8 - ok
20:17:34.0089 0x0cec  [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:17:34.0495 0x0cec  amdkmdag - ok
20:17:34.0557 0x0cec  [ AF6B384E03D15471EDCEDDDEBAA363B2, 2D8CFA26D69A8FF0FAC6EBA2E5A62977B21ECBA0C65458072FEC4A886B3EDD73 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:17:34.0588 0x0cec  amdkmdap - ok
20:17:34.0604 0x0cec  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:17:34.0620 0x0cec  AmdPPM - ok
20:17:34.0651 0x0cec  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:17:34.0651 0x0cec  amdsata - ok
20:17:34.0666 0x0cec  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:17:34.0682 0x0cec  amdsbs - ok
20:17:34.0698 0x0cec  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:17:34.0698 0x0cec  amdxata - ok
20:17:34.0713 0x0cec  AODDriver4.2.0 - ok
20:17:34.0744 0x0cec  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:17:34.0760 0x0cec  AODDriver4.3 - ok
20:17:34.0791 0x0cec  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
20:17:34.0885 0x0cec  AppID - ok
20:17:34.0916 0x0cec  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:17:34.0947 0x0cec  AppIDSvc - ok
20:17:34.0978 0x0cec  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:17:34.0994 0x0cec  Appinfo - ok
20:17:35.0010 0x0cec  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:17:35.0025 0x0cec  arc - ok
20:17:35.0025 0x0cec  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:17:35.0041 0x0cec  arcsas - ok
20:17:35.0072 0x0cec  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE, DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
20:17:35.0072 0x0cec  AsIO - ok
20:17:35.0088 0x0cec  [ 22842362DF890F5492F85AA60916A697, EC01380B1C9BF4CFBA018FC314563F0785280172A2A9B51D50F088E7101951EF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
20:17:35.0103 0x0cec  asmthub3 - ok
20:17:35.0134 0x0cec  [ 08E2D77766CC05E75A0707207D9FC684, 6CF3B12B2B3375B715A3EBC66EF148CEA2248D448A3A37875B7B1BC7CDA40FDD ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
20:17:35.0150 0x0cec  asmtxhci - ok
20:17:35.0212 0x0cec  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:17:35.0212 0x0cec  aspnet_state - ok
20:17:35.0259 0x0cec  [ 954FFBFF05B0B60EB63B52AF561436C4, 40228A2B688E827815B5A567584FCF99BF661696DB8CC8BB455393B3CEE35094 ] AsSysCtrlService C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe
20:17:35.0259 0x0cec  AsSysCtrlService - ok
20:17:35.0275 0x0cec  [ 26D66E32E78D3059715B3A17BC679CD9, 5039CB81CE0829C5F3DED16A4005FEB10141C6C9B473CC319E81BAF6D1DA33E3 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
20:17:35.0275 0x0cec  AsUpIO - ok
20:17:35.0290 0x0cec  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:17:35.0337 0x0cec  AsyncMac - ok
20:17:35.0353 0x0cec  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:17:35.0368 0x0cec  atapi - ok
20:17:35.0384 0x0cec  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:17:35.0400 0x0cec  AtiHDAudioService - detected UnsignedFile.Multi.Generic ( 1 )
20:17:37.0849 0x0cec  Detect skipped due to KSN trusted
20:17:37.0849 0x0cec  AtiHDAudioService - ok
20:17:38.0317 0x0cec  [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:17:38.0691 0x0cec  atikmdag - ok
20:17:38.0754 0x0cec  [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
20:17:38.0754 0x0cec  AtiPcie - ok
20:17:38.0785 0x0cec  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:17:38.0816 0x0cec  AudioEndpointBuilder - ok
20:17:38.0832 0x0cec  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:17:38.0863 0x0cec  AudioSrv - ok
20:17:38.0894 0x0cec  [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject        C:\Windows\system32\drivers\avmeject.sys
20:17:38.0910 0x0cec  avmeject - ok
20:17:38.0941 0x0cec  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:17:39.0019 0x0cec  AxInstSV - ok
20:17:39.0066 0x0cec  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:17:39.0112 0x0cec  b06bdrv - ok
20:17:39.0128 0x0cec  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:17:39.0159 0x0cec  b57nd60a - ok
20:17:39.0175 0x0cec  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:17:39.0190 0x0cec  BDESVC - ok
20:17:39.0206 0x0cec  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:17:39.0222 0x0cec  Beep - ok
20:17:39.0253 0x0cec  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:17:39.0268 0x0cec  BFE - ok
20:17:39.0331 0x0cec  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:17:39.0362 0x0cec  BITS - ok
20:17:39.0378 0x0cec  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:17:39.0393 0x0cec  blbdrive - ok
20:17:39.0409 0x0cec  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:17:39.0440 0x0cec  bowser - ok
20:17:39.0456 0x0cec  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:17:39.0487 0x0cec  BrFiltLo - ok
20:17:39.0502 0x0cec  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:17:39.0502 0x0cec  BrFiltUp - ok
20:17:39.0518 0x0cec  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:17:39.0534 0x0cec  Browser - ok
20:17:39.0549 0x0cec  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:17:39.0565 0x0cec  Brserid - ok
20:17:39.0580 0x0cec  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:17:39.0580 0x0cec  BrSerWdm - ok
20:17:39.0596 0x0cec  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:17:39.0612 0x0cec  BrUsbMdm - ok
20:17:39.0627 0x0cec  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:17:39.0627 0x0cec  BrUsbSer - ok
20:17:39.0643 0x0cec  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:17:39.0658 0x0cec  BTHMODEM - ok
20:17:39.0674 0x0cec  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:17:39.0705 0x0cec  bthserv - ok
20:17:39.0768 0x0cec  [ DC22832C7A65054129DEFE8BC0C6E2B6, 913C8FE83A1FFDC6A1EA54B910D98D9A4C8EF049D0B1D0D0AFB5BF1514AABE59 ] camfilt2        C:\Windows\system32\DRIVERS\camfilt2.sys
20:17:39.0783 0x0cec  camfilt2 - ok
20:17:39.0799 0x0cec  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:17:39.0877 0x0cec  cdfs - ok
20:17:39.0908 0x0cec  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:17:39.0924 0x0cec  cdrom - ok
20:17:39.0939 0x0cec  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:17:39.0970 0x0cec  CertPropSvc - ok
20:17:39.0986 0x0cec  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:17:39.0986 0x0cec  circlass - ok
20:17:40.0017 0x0cec  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:17:40.0033 0x0cec  CLFS - ok
20:17:40.0080 0x0cec  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:17:40.0111 0x0cec  clr_optimization_v2.0.50727_32 - ok
20:17:40.0142 0x0cec  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:17:40.0142 0x0cec  clr_optimization_v2.0.50727_64 - ok
20:17:40.0204 0x0cec  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:17:40.0220 0x0cec  clr_optimization_v4.0.30319_32 - ok
20:17:40.0236 0x0cec  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:17:40.0236 0x0cec  clr_optimization_v4.0.30319_64 - ok
20:17:40.0267 0x0cec  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:17:40.0267 0x0cec  CmBatt - ok
20:17:40.0298 0x0cec  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:17:40.0298 0x0cec  cmdide - ok
20:17:40.0345 0x0cec  [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG             C:\Windows\system32\Drivers\cng.sys
20:17:40.0360 0x0cec  CNG - ok
20:17:40.0360 0x0cec  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:17:40.0376 0x0cec  Compbatt - ok
20:17:40.0392 0x0cec  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:17:40.0407 0x0cec  CompositeBus - ok
20:17:40.0407 0x0cec  COMSysApp - ok
20:17:40.0423 0x0cec  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:17:40.0438 0x0cec  crcdisk - ok
20:17:40.0454 0x0cec  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:17:40.0485 0x0cec  CryptSvc - ok
20:17:40.0516 0x0cec  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:17:40.0563 0x0cec  DcomLaunch - ok
20:17:40.0594 0x0cec  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:17:40.0626 0x0cec  defragsvc - ok
20:17:40.0626 0x0cec  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:17:40.0657 0x0cec  DfsC - ok
20:17:40.0688 0x0cec  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:17:40.0719 0x0cec  dg_ssudbus - ok
20:17:40.0735 0x0cec  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:17:40.0766 0x0cec  Dhcp - ok
20:17:40.0782 0x0cec  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:17:40.0828 0x0cec  discache - ok
20:17:40.0828 0x0cec  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:17:40.0844 0x0cec  Disk - ok
20:17:40.0875 0x0cec  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:17:40.0875 0x0cec  Dnscache - ok
20:17:40.0891 0x0cec  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:17:40.0938 0x0cec  dot3svc - ok
20:17:40.0969 0x0cec  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:17:40.0984 0x0cec  DPS - ok
20:17:41.0016 0x0cec  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:17:41.0047 0x0cec  drmkaud - ok
20:17:41.0094 0x0cec  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:17:41.0109 0x0cec  DXGKrnl - ok
20:17:41.0140 0x0cec  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:17:41.0187 0x0cec  EapHost - ok
20:17:41.0296 0x0cec  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:17:41.0374 0x0cec  ebdrv - ok
20:17:41.0421 0x0cec  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS             C:\Windows\System32\lsass.exe
20:17:41.0437 0x0cec  EFS - ok
20:17:41.0499 0x0cec  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:17:41.0530 0x0cec  ehRecvr - ok
20:17:41.0546 0x0cec  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:17:41.0562 0x0cec  ehSched - ok
20:17:41.0577 0x0cec  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:17:41.0593 0x0cec  elxstor - ok
20:17:41.0608 0x0cec  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:17:41.0624 0x0cec  ErrDev - ok
20:17:41.0655 0x0cec  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:17:41.0702 0x0cec  EventSystem - ok
20:17:41.0733 0x0cec  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:17:41.0780 0x0cec  exfat - ok
20:17:41.0796 0x0cec  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:17:41.0827 0x0cec  fastfat - ok
20:17:41.0842 0x0cec  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:17:41.0874 0x0cec  Fax - ok
20:17:41.0889 0x0cec  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
20:17:41.0905 0x0cec  fdc - ok
20:17:41.0920 0x0cec  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:17:41.0936 0x0cec  fdPHost - ok
20:17:41.0936 0x0cec  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:17:41.0967 0x0cec  FDResPub - ok
20:17:41.0983 0x0cec  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:17:41.0998 0x0cec  FileInfo - ok
20:17:41.0998 0x0cec  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:17:42.0030 0x0cec  Filetrace - ok
20:17:42.0045 0x0cec  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:17:42.0061 0x0cec  flpydisk - ok
20:17:42.0076 0x0cec  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:17:42.0092 0x0cec  FltMgr - ok
20:17:42.0170 0x0cec  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:17:42.0201 0x0cec  FontCache - ok
20:17:42.0232 0x0cec  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:17:42.0248 0x0cec  FontCache3.0.0.0 - ok
20:17:42.0264 0x0cec  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:17:42.0264 0x0cec  FsDepends - ok
20:17:42.0279 0x0cec  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:17:42.0295 0x0cec  Fs_Rec - ok
20:17:42.0310 0x0cec  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:17:42.0326 0x0cec  fvevol - ok
20:17:42.0357 0x0cec  [ 444534CBA693DD23C1CC589681E01656, DF8ED7FFA66E0A88EBB58A491A177D8CEB35B08B0911D7A1F4B8865755DC27CE ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
20:17:42.0388 0x0cec  FWLANUSB - ok
20:17:42.0404 0x0cec  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:17:42.0404 0x0cec  gagp30kx - ok
20:17:42.0451 0x0cec  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:17:42.0482 0x0cec  gpsvc - ok
20:17:42.0544 0x0cec  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:17:42.0560 0x0cec  gupdate - ok
20:17:42.0576 0x0cec  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:17:42.0591 0x0cec  gupdatem - ok
20:17:42.0607 0x0cec  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:17:42.0622 0x0cec  hcw85cir - ok
20:17:42.0654 0x0cec  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:17:42.0685 0x0cec  HdAudAddService - ok
20:17:42.0700 0x0cec  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:17:42.0732 0x0cec  HDAudBus - ok
20:17:42.0763 0x0cec  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:17:42.0778 0x0cec  HidBatt - ok
20:17:42.0794 0x0cec  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:17:42.0825 0x0cec  HidBth - ok
20:17:42.0841 0x0cec  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:17:42.0856 0x0cec  HidIr - ok
20:17:42.0872 0x0cec  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:17:42.0903 0x0cec  hidserv - ok
20:17:42.0919 0x0cec  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:17:42.0950 0x0cec  HidUsb - ok
20:17:42.0981 0x0cec  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:17:43.0044 0x0cec  hkmsvc - ok
20:17:43.0059 0x0cec  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:17:43.0075 0x0cec  HomeGroupListener - ok
20:17:43.0090 0x0cec  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:17:43.0106 0x0cec  HomeGroupProvider - ok
20:17:43.0122 0x0cec  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:17:43.0122 0x0cec  HpSAMD - ok
20:17:43.0153 0x0cec  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:17:43.0200 0x0cec  HTTP - ok
20:17:43.0215 0x0cec  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:17:43.0215 0x0cec  hwpolicy - ok
20:17:43.0231 0x0cec  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:17:43.0246 0x0cec  i8042prt - ok
20:17:43.0278 0x0cec  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:17:43.0293 0x0cec  iaStorV - ok
20:17:43.0356 0x0cec  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:17:43.0371 0x0cec  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:17:45.0836 0x0cec  Detect skipped due to KSN trusted
20:17:45.0836 0x0cec  IDriverT - ok
20:17:45.0914 0x0cec  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:17:45.0945 0x0cec  idsvc - ok
20:17:45.0945 0x0cec  IEEtwCollectorService - ok
20:17:45.0961 0x0cec  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:17:45.0976 0x0cec  iirsp - ok
20:17:46.0023 0x0cec  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:17:46.0039 0x0cec  IKEEXT - ok
20:17:46.0054 0x0cec  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:17:46.0070 0x0cec  intelide - ok
20:17:46.0086 0x0cec  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
20:17:46.0101 0x0cec  intelppm - ok
20:17:46.0132 0x0cec  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:17:46.0164 0x0cec  IPBusEnum - ok
20:17:46.0179 0x0cec  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:17:46.0226 0x0cec  IpFilterDriver - ok
20:17:46.0273 0x0cec  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:17:46.0320 0x0cec  iphlpsvc - ok
20:17:46.0335 0x0cec  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:17:46.0351 0x0cec  IPMIDRV - ok
20:17:46.0382 0x0cec  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:17:46.0413 0x0cec  IPNAT - ok
20:17:46.0429 0x0cec  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:17:46.0429 0x0cec  IRENUM - ok
20:17:46.0444 0x0cec  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:17:46.0460 0x0cec  isapnp - ok
20:17:46.0476 0x0cec  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:17:46.0491 0x0cec  iScsiPrt - ok
20:17:46.0507 0x0cec  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:17:46.0522 0x0cec  kbdclass - ok
20:17:46.0522 0x0cec  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:17:46.0554 0x0cec  kbdhid - ok
20:17:46.0569 0x0cec  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso          C:\Windows\system32\lsass.exe
20:17:46.0585 0x0cec  KeyIso - ok
20:17:46.0600 0x0cec  [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:17:46.0600 0x0cec  KSecDD - ok
20:17:46.0616 0x0cec  [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:17:46.0632 0x0cec  KSecPkg - ok
20:17:46.0632 0x0cec  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:17:46.0663 0x0cec  ksthunk - ok
20:17:46.0694 0x0cec  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:17:46.0725 0x0cec  KtmRm - ok
20:17:46.0756 0x0cec  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:17:46.0788 0x0cec  LanmanServer - ok
20:17:46.0803 0x0cec  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:17:46.0850 0x0cec  LanmanWorkstation - ok
20:17:46.0866 0x0cec  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:17:46.0897 0x0cec  lltdio - ok
20:17:46.0928 0x0cec  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:17:46.0959 0x0cec  lltdsvc - ok
20:17:46.0975 0x0cec  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:17:47.0006 0x0cec  lmhosts - ok
20:17:47.0037 0x0cec  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:17:47.0037 0x0cec  LSI_FC - ok
20:17:47.0053 0x0cec  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:17:47.0053 0x0cec  LSI_SAS - ok
20:17:47.0068 0x0cec  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:17:47.0084 0x0cec  LSI_SAS2 - ok
20:17:47.0084 0x0cec  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:17:47.0100 0x0cec  LSI_SCSI - ok
20:17:47.0100 0x0cec  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:17:47.0131 0x0cec  luafv - ok
20:17:47.0162 0x0cec  [ F0DCD0FD9D79668E34A660F49C8C00BC, 1A57E0E6528AD21F983577E3945B3B72A3A3614E6245313330A4351D9FD3F207 ] MADFULEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys
20:17:47.0162 0x0cec  MADFULEGACYKEYBOARD - ok
20:17:47.0178 0x0cec  [ FAEDBEE189A877E302B023BD24FAEBF8, C6E77B90D5D53E539A3AE35D42DD17E90AC1F90B3698C4600BC537E58EA867E4 ] MAUSBLEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys
20:17:47.0193 0x0cec  MAUSBLEGACYKEYBOARD - ok
20:17:47.0224 0x0cec  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:17:47.0240 0x0cec  Mcx2Svc - ok
20:17:47.0240 0x0cec  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:17:47.0256 0x0cec  megasas - ok
20:17:47.0271 0x0cec  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:17:47.0287 0x0cec  MegaSR - ok
20:17:47.0302 0x0cec  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:17:47.0334 0x0cec  MMCSS - ok
20:17:47.0349 0x0cec  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:17:47.0380 0x0cec  Modem - ok
20:17:47.0396 0x0cec  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:17:47.0412 0x0cec  monitor - ok
20:17:47.0427 0x0cec  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:17:47.0443 0x0cec  mouclass - ok
20:17:47.0458 0x0cec  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:17:47.0474 0x0cec  mouhid - ok
20:17:47.0474 0x0cec  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:17:47.0490 0x0cec  mountmgr - ok
20:17:47.0521 0x0cec  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:17:47.0521 0x0cec  MozillaMaintenance - ok
20:17:47.0536 0x0cec  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:17:47.0552 0x0cec  mpio - ok
20:17:47.0568 0x0cec  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:17:47.0599 0x0cec  mpsdrv - ok
20:17:47.0661 0x0cec  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:17:47.0708 0x0cec  MpsSvc - ok
20:17:47.0739 0x0cec  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:17:47.0770 0x0cec  MRxDAV - ok
20:17:47.0802 0x0cec  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:17:47.0833 0x0cec  mrxsmb - ok
20:17:47.0864 0x0cec  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:17:47.0880 0x0cec  mrxsmb10 - ok
20:17:47.0895 0x0cec  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:17:47.0911 0x0cec  mrxsmb20 - ok
20:17:47.0926 0x0cec  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:17:47.0942 0x0cec  msahci - ok
20:17:47.0942 0x0cec  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:17:47.0958 0x0cec  msdsm - ok
20:17:47.0973 0x0cec  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:17:47.0989 0x0cec  MSDTC - ok
20:17:47.0989 0x0cec  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:17:48.0020 0x0cec  Msfs - ok
20:17:48.0036 0x0cec  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:17:48.0067 0x0cec  mshidkmdf - ok
20:17:48.0067 0x0cec  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:17:48.0067 0x0cec  msisadrv - ok
20:17:48.0098 0x0cec  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:17:48.0129 0x0cec  MSiSCSI - ok
20:17:48.0129 0x0cec  msiserver - ok
20:17:48.0145 0x0cec  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:17:48.0176 0x0cec  MSKSSRV - ok
20:17:48.0192 0x0cec  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:17:48.0207 0x0cec  MSPCLOCK - ok
20:17:48.0223 0x0cec  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:17:48.0254 0x0cec  MSPQM - ok
20:17:48.0270 0x0cec  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:17:48.0285 0x0cec  MsRPC - ok
20:17:48.0301 0x0cec  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:17:48.0316 0x0cec  mssmbios - ok
20:17:48.0316 0x0cec  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:17:48.0348 0x0cec  MSTEE - ok
20:17:48.0363 0x0cec  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:17:48.0379 0x0cec  MTConfig - ok
20:17:48.0394 0x0cec  [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:17:48.0410 0x0cec  MTsensor - ok
20:17:48.0426 0x0cec  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:17:48.0426 0x0cec  Mup - ok
20:17:48.0457 0x0cec  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:17:48.0488 0x0cec  napagent - ok
20:17:48.0519 0x0cec  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:17:48.0550 0x0cec  NativeWifiP - ok
20:17:48.0597 0x0cec  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:17:48.0628 0x0cec  NDIS - ok
20:17:48.0628 0x0cec  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:17:48.0660 0x0cec  NdisCap - ok
20:17:48.0675 0x0cec  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:17:48.0691 0x0cec  NdisTapi - ok
20:17:48.0706 0x0cec  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:17:48.0738 0x0cec  Ndisuio - ok
20:17:48.0738 0x0cec  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:17:48.0784 0x0cec  NdisWan - ok
20:17:48.0800 0x0cec  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:17:48.0831 0x0cec  NDProxy - ok
20:17:48.0831 0x0cec  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:17:48.0862 0x0cec  NetBIOS - ok
20:17:48.0878 0x0cec  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:17:48.0909 0x0cec  NetBT - ok
20:17:48.0925 0x0cec  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon        C:\Windows\system32\lsass.exe
20:17:48.0925 0x0cec  Netlogon - ok
20:17:48.0956 0x0cec  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:17:48.0987 0x0cec  Netman - ok
20:17:49.0018 0x0cec  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:49.0034 0x0cec  NetMsmqActivator - ok
20:17:49.0034 0x0cec  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:49.0050 0x0cec  NetPipeActivator - ok
20:17:49.0081 0x0cec  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:17:49.0112 0x0cec  netprofm - ok
20:17:49.0128 0x0cec  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:49.0143 0x0cec  NetTcpActivator - ok
20:17:49.0143 0x0cec  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:49.0159 0x0cec  NetTcpPortSharing - ok
20:17:49.0174 0x0cec  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:17:49.0174 0x0cec  nfrd960 - ok
20:17:49.0206 0x0cec  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:17:49.0221 0x0cec  NlaSvc - ok
20:17:49.0221 0x0cec  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:17:49.0252 0x0cec  Npfs - ok
20:17:49.0268 0x0cec  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:17:49.0315 0x0cec  nsi - ok
20:17:49.0315 0x0cec  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:17:49.0346 0x0cec  nsiproxy - ok
20:17:49.0408 0x0cec  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:17:49.0455 0x0cec  Ntfs - ok
20:17:49.0471 0x0cec  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:17:49.0502 0x0cec  Null - ok
20:17:49.0518 0x0cec  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:17:49.0533 0x0cec  nvraid - ok
20:17:49.0549 0x0cec  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:17:49.0564 0x0cec  nvstor - ok
20:17:49.0580 0x0cec  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:17:49.0596 0x0cec  nv_agp - ok
20:17:49.0611 0x0cec  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:17:49.0611 0x0cec  ohci1394 - ok
20:17:49.0642 0x0cec  [ FA5D730CE3F3A3BD21C1040E212230D4, 74C4C5DD79D60D7A5821F514614861FC7EE0C7160F7F8A96683087DEDE67C2C6 ] OM0530          C:\Windows\system32\Drivers\ov530vx.sys
20:17:49.0658 0x0cec  OM0530 - ok
20:17:49.0783 0x0cec  [ 4F2ED8FB21F127DC1FA98D4CA2279E75, 96DB5DF9C55757EB2F761309036F87D8C55BAB2851FBB716A02A9248712CB13A ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
20:17:49.0830 0x0cec  Origin Client Service - ok
20:17:49.0876 0x0cec  [ 2B7D360154E5324F9BA181AF0DBFB2AA, DD53FEDAEC6CB8243142561A946B7A372C320A2C69F8896D33DB504B78707D35 ] OverwolfUpdaterService C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
20:17:49.0876 0x0cec  OverwolfUpdaterService - ok
20:17:49.0939 0x0cec  [ E357862CA46F2C3E98E5E8007A317363, 0A3ADF2F6A8800EA1A76BBA58D5CB1B22A70DF895EF5D4C7169456B0C44061ED ] OxygenAudioDevMon C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
20:17:49.0970 0x0cec  OxygenAudioDevMon - ok
20:17:50.0001 0x0cec  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:17:50.0017 0x0cec  p2pimsvc - ok
20:17:50.0032 0x0cec  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:17:50.0048 0x0cec  p2psvc - ok
20:17:50.0064 0x0cec  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:17:50.0110 0x0cec  Parport - ok
20:17:50.0126 0x0cec  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:17:50.0142 0x0cec  partmgr - ok
20:17:50.0157 0x0cec  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:17:50.0188 0x0cec  PcaSvc - ok
20:17:50.0188 0x0cec  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:17:50.0204 0x0cec  pci - ok
20:17:50.0220 0x0cec  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:17:50.0220 0x0cec  pciide - ok
20:17:50.0251 0x0cec  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:17:50.0251 0x0cec  pcmcia - ok
20:17:50.0266 0x0cec  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:17:50.0266 0x0cec  pcw - ok
20:17:50.0313 0x0cec  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:17:50.0376 0x0cec  PEAUTH - ok
20:17:50.0438 0x0cec  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:17:50.0485 0x0cec  PerfHost - ok
20:17:50.0547 0x0cec  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:17:50.0610 0x0cec  pla - ok
20:17:50.0641 0x0cec  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:17:50.0672 0x0cec  PlugPlay - ok
20:17:50.0703 0x0cec  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
20:17:50.0719 0x0cec  PnkBstrA - ok
20:17:50.0719 0x0cec  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:17:50.0734 0x0cec  PNRPAutoReg - ok
20:17:50.0750 0x0cec  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:17:50.0766 0x0cec  PNRPsvc - ok
20:17:50.0797 0x0cec  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:17:50.0828 0x0cec  PolicyAgent - ok
20:17:50.0859 0x0cec  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:17:50.0890 0x0cec  Power - ok
20:17:50.0922 0x0cec  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:17:50.0953 0x0cec  PptpMiniport - ok
20:17:50.0968 0x0cec  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
20:17:51.0000 0x0cec  Processor - ok
20:17:51.0015 0x0cec  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:17:51.0046 0x0cec  ProfSvc - ok
20:17:51.0062 0x0cec  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:17:51.0062 0x0cec  ProtectedStorage - ok
20:17:51.0078 0x0cec  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:17:51.0093 0x0cec  Psched - ok
20:17:51.0124 0x0cec  [ BC08F7F3C53CBEE68670ED1314E290FD, EC683DDE60AFED297D28BC7570BB6DA27A94F52417AD6DE1FBE265255F4051DD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
20:17:51.0124 0x0cec  PxHlpa64 - ok
20:17:51.0171 0x0cec  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:17:51.0218 0x0cec  ql2300 - ok
20:17:51.0234 0x0cec  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:17:51.0234 0x0cec  ql40xx - ok
20:17:51.0249 0x0cec  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:17:51.0280 0x0cec  QWAVE - ok
20:17:51.0280 0x0cec  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:17:51.0312 0x0cec  QWAVEdrv - ok
20:17:51.0327 0x0cec  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:17:51.0358 0x0cec  RasAcd - ok
20:17:51.0358 0x0cec  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:17:51.0390 0x0cec  RasAgileVpn - ok
20:17:51.0405 0x0cec  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:17:51.0436 0x0cec  RasAuto - ok
20:17:51.0436 0x0cec  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:17:51.0468 0x0cec  Rasl2tp - ok
20:17:51.0483 0x0cec  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:17:51.0530 0x0cec  RasMan - ok
20:17:51.0546 0x0cec  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:17:51.0561 0x0cec  RasPppoe - ok
20:17:51.0577 0x0cec  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:17:51.0592 0x0cec  RasSstp - ok
20:17:51.0624 0x0cec  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:17:51.0655 0x0cec  rdbss - ok
20:17:51.0670 0x0cec  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:17:51.0686 0x0cec  rdpbus - ok
20:17:51.0702 0x0cec  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:17:51.0733 0x0cec  RDPCDD - ok
20:17:51.0733 0x0cec  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:17:51.0780 0x0cec  RDPENCDD - ok
20:17:51.0811 0x0cec  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:17:51.0842 0x0cec  RDPREFMP - ok
20:17:51.0873 0x0cec  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:17:51.0889 0x0cec  RdpVideoMiniport - ok
20:17:51.0904 0x0cec  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:17:51.0920 0x0cec  RDPWD - ok
20:17:51.0936 0x0cec  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:17:51.0936 0x0cec  rdyboost - ok
20:17:51.0967 0x0cec  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:17:52.0014 0x0cec  RemoteAccess - ok
20:17:52.0045 0x0cec  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:17:52.0092 0x0cec  RemoteRegistry - ok
20:17:52.0092 0x0cec  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:17:52.0123 0x0cec  RpcEptMapper - ok
20:17:52.0138 0x0cec  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:17:52.0154 0x0cec  RpcLocator - ok
20:17:52.0216 0x0cec  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:17:52.0263 0x0cec  RpcSs - ok
20:17:52.0263 0x0cec  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:17:52.0310 0x0cec  rspndr - ok
20:17:52.0341 0x0cec  [ 8181B5E7BFC040E0B26349C73E719335, EBB244A7E8E2CDC51041B2C2A78DCB77324F9E3746942C84902FCD928ADED897 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:17:52.0357 0x0cec  RTL8167 - ok
20:17:52.0357 0x0cec  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs           C:\Windows\system32\lsass.exe
20:17:52.0372 0x0cec  SamSs - ok
20:17:52.0388 0x0cec  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:17:52.0388 0x0cec  sbp2port - ok
20:17:52.0404 0x0cec  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:17:52.0450 0x0cec  SCardSvr - ok
20:17:52.0450 0x0cec  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:17:52.0482 0x0cec  scfilter - ok
20:17:52.0528 0x0cec  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:17:52.0575 0x0cec  Schedule - ok
20:17:52.0591 0x0cec  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:17:52.0622 0x0cec  SCPolicySvc - ok
20:17:52.0638 0x0cec  [ 8B56BDCE6A303DDE63D63440D1CF9AD1, 66A4356C29D00A1B8A95975C073AE4E6D2A90CBF3B143FE9B83B96BEC0805D46 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
20:17:52.0653 0x0cec  ScreamBAudioSvc - ok
20:17:52.0669 0x0cec  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:17:52.0700 0x0cec  SDRSVC - ok
20:17:52.0825 0x0cec  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:17:52.0872 0x0cec  SDScannerService - ok
20:17:52.0934 0x0cec  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:17:52.0996 0x0cec  SDUpdateService - ok
20:17:53.0012 0x0cec  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:17:53.0012 0x0cec  SDWSCService - ok
20:17:53.0028 0x0cec  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:17:53.0059 0x0cec  secdrv - ok
20:17:53.0074 0x0cec  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:17:53.0090 0x0cec  seclogon - ok
20:17:53.0106 0x0cec  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:17:53.0137 0x0cec  SENS - ok
20:17:53.0137 0x0cec  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:17:53.0152 0x0cec  SensrSvc - ok
20:17:53.0168 0x0cec  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:17:53.0168 0x0cec  Serenum - ok
20:17:53.0184 0x0cec  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:17:53.0184 0x0cec  Serial - ok
20:17:53.0215 0x0cec  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:17:53.0215 0x0cec  sermouse - ok
20:17:53.0246 0x0cec  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:17:53.0277 0x0cec  SessionEnv - ok
20:17:53.0293 0x0cec  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:17:53.0324 0x0cec  sffdisk - ok
20:17:53.0324 0x0cec  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:17:53.0340 0x0cec  sffp_mmc - ok
20:17:53.0355 0x0cec  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:17:53.0371 0x0cec  sffp_sd - ok
20:17:53.0371 0x0cec  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:17:53.0386 0x0cec  sfloppy - ok
20:17:53.0449 0x0cec  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:17:53.0496 0x0cec  SharedAccess - ok
20:17:53.0527 0x0cec  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:17:53.0574 0x0cec  ShellHWDetection - ok
20:17:53.0589 0x0cec  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:17:53.0589 0x0cec  SiSRaid2 - ok
20:17:53.0605 0x0cec  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:17:53.0620 0x0cec  SiSRaid4 - ok
20:17:53.0636 0x0cec  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:17:53.0667 0x0cec  Smb - ok
20:17:53.0683 0x0cec  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:17:53.0698 0x0cec  SNMPTRAP - ok
20:17:53.0698 0x0cec  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:17:53.0714 0x0cec  spldr - ok
20:17:53.0745 0x0cec  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:17:53.0776 0x0cec  Spooler - ok
20:17:53.0917 0x0cec  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:17:54.0010 0x0cec  sppsvc - ok
20:17:54.0026 0x0cec  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:17:54.0042 0x0cec  sppuinotify - ok
20:17:54.0120 0x0cec  [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd            C:\Windows\System32\Drivers\sptd.sys
20:17:54.0135 0x0cec  sptd - ok
20:17:54.0182 0x0cec  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:17:54.0213 0x0cec  srv - ok
20:17:54.0213 0x0cec  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:17:54.0276 0x0cec  srv2 - ok
20:17:54.0291 0x0cec  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:17:54.0322 0x0cec  srvnet - ok
20:17:54.0354 0x0cec  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:17:54.0416 0x0cec  SSDPSRV - ok
20:17:54.0432 0x0cec  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:17:54.0447 0x0cec  SstpSvc - ok
20:17:54.0478 0x0cec  [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:17:54.0494 0x0cec  ssudmdm - ok
20:17:54.0525 0x0cec  [ F7093A27C4AF6D9EEA0ACAC1C4FF6828, 40E1A8FB08D3063711E87C15B24009B397CAD279905AA72FADBB4A8B611474CD ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
20:17:54.0525 0x0cec  ssudserd - ok
20:17:54.0603 0x0cec  [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:17:54.0619 0x0cec  Steam Client Service - ok
20:17:54.0650 0x0cec  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:17:54.0650 0x0cec  stexstor - ok
20:17:54.0681 0x0cec  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:17:54.0712 0x0cec  stisvc - ok
20:17:54.0712 0x0cec  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:17:54.0728 0x0cec  swenum - ok
20:17:54.0775 0x0cec  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:17:54.0790 0x0cec  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:17:57.0255 0x0cec  Detect skipped due to KSN trusted
20:17:57.0255 0x0cec  SwitchBoard - ok
20:17:57.0286 0x0cec  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:17:57.0349 0x0cec  swprv - ok
20:17:57.0427 0x0cec  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:17:57.0474 0x0cec  SysMain - ok
20:17:57.0474 0x0cec  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:17:57.0505 0x0cec  TabletInputService - ok
20:17:57.0536 0x0cec  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:17:57.0583 0x0cec  TapiSrv - ok
20:17:57.0598 0x0cec  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:17:57.0645 0x0cec  TBS - ok
20:17:57.0708 0x0cec  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:17:57.0754 0x0cec  Tcpip - ok
20:17:57.0848 0x0cec  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:17:57.0895 0x0cec  TCPIP6 - ok
20:17:57.0910 0x0cec  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:17:57.0926 0x0cec  tcpipreg - ok
20:17:57.0942 0x0cec  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:17:57.0957 0x0cec  TDPIPE - ok
20:17:57.0988 0x0cec  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:17:58.0004 0x0cec  TDTCP - ok
20:17:58.0035 0x0cec  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:17:58.0051 0x0cec  tdx - ok
20:17:58.0066 0x0cec  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:17:58.0082 0x0cec  TermDD - ok
20:17:58.0113 0x0cec  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:17:58.0129 0x0cec  TermService - ok
20:17:58.0144 0x0cec  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:17:58.0160 0x0cec  Themes - ok
20:17:58.0176 0x0cec  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:17:58.0207 0x0cec  THREADORDER - ok
20:17:58.0222 0x0cec  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:17:58.0254 0x0cec  TrkWks - ok
20:17:58.0300 0x0cec  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:17:58.0332 0x0cec  TrustedInstaller - ok
20:17:58.0347 0x0cec  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:17:58.0363 0x0cec  tssecsrv - ok
20:17:58.0378 0x0cec  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:17:58.0394 0x0cec  TsUsbFlt - ok
20:17:58.0425 0x0cec  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:17:58.0425 0x0cec  TsUsbGD - ok
20:17:58.0550 0x0cec  [ 258C050D197D923668B36C8D3F6A2353, 9A8CDC8FDCF24986FE963566591E2B535653837A8A63EE462126D336E6F94E97 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
20:17:58.0597 0x0cec  TuneUp.UtilitiesSvc - ok
20:17:58.0628 0x0cec  [ 45427C4B8CAC6B241478F149B935CD80, 7F772D6D00D1ADD394F5907804661C75780EE9F8DF21EF0719D3E4ABA00092B7 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
20:17:58.0628 0x0cec  TuneUpUtilitiesDrv - ok
20:17:58.0659 0x0cec  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:17:58.0675 0x0cec  tunnel - ok
20:17:58.0706 0x0cec  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:17:58.0706 0x0cec  uagp35 - ok
20:17:58.0737 0x0cec  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:17:58.0768 0x0cec  udfs - ok
20:17:58.0784 0x0cec  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:17:58.0815 0x0cec  UI0Detect - ok
20:17:58.0831 0x0cec  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:17:58.0831 0x0cec  uliagpkx - ok
20:17:58.0862 0x0cec  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:17:58.0862 0x0cec  umbus - ok
20:17:58.0878 0x0cec  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:17:58.0893 0x0cec  UmPass - ok
20:17:58.0924 0x0cec  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:17:58.0956 0x0cec  upnphost - ok
20:17:58.0971 0x0cec  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:17:58.0987 0x0cec  usbaudio - ok
20:17:59.0002 0x0cec  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:17:59.0002 0x0cec  usbccgp - ok
20:17:59.0034 0x0cec  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:17:59.0034 0x0cec  usbcir - ok
20:17:59.0049 0x0cec  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:17:59.0065 0x0cec  usbehci - ok
20:17:59.0096 0x0cec  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:17:59.0112 0x0cec  usbhub - ok
20:17:59.0112 0x0cec  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:17:59.0174 0x0cec  usbohci - ok
20:17:59.0205 0x0cec  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:17:59.0252 0x0cec  usbprint - ok
20:17:59.0268 0x0cec  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:17:59.0299 0x0cec  USBSTOR - ok
20:17:59.0314 0x0440  Object required for P2P: [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject
20:17:59.0314 0x0cec  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:17:59.0346 0x0cec  usbuhci - ok
20:17:59.0377 0x0cec  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:17:59.0392 0x0cec  usbvideo - ok
20:17:59.0408 0x0cec  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:17:59.0455 0x0cec  UxSms - ok
20:17:59.0470 0x0cec  [ 97BCD40E27C46B398524DF9B4DC88A6F, D1466C414B6044B65D63138B3C42B54B3B6E54AD40613E171F980D0E0D9627B5 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
20:17:59.0486 0x0cec  UxTuneUp - ok
20:17:59.0486 0x0cec  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc        C:\Windows\system32\lsass.exe
20:17:59.0502 0x0cec  VaultSvc - ok
20:17:59.0517 0x0cec  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:17:59.0517 0x0cec  vdrvroot - ok
20:17:59.0548 0x0cec  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:17:59.0595 0x0cec  vds - ok
20:17:59.0611 0x0cec  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:17:59.0626 0x0cec  vga - ok
20:17:59.0642 0x0cec  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:17:59.0689 0x0cec  VgaSave - ok
20:17:59.0704 0x0cec  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:17:59.0704 0x0cec  vhdmp - ok
20:17:59.0782 0x0cec  [ EECF5B7210D773F3501CEDA848D53D31, C98034418DA5351A82B3FFAFBD277BAE4AE8AF25DD491BF628CEA0C708A5A9B2 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
20:17:59.0829 0x0cec  VIAHdAudAddService - ok
20:17:59.0860 0x0cec  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:17:59.0876 0x0cec  viaide - ok
20:17:59.0876 0x0cec  [ 43412F74D9516EF87988F2397A9B8E78, 82253E49D2762D67D202A8D3A215EF5F937ADFCF711AD238B6FDACAE0CC80A49 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
20:17:59.0892 0x0cec  VIAKaraokeService - ok
20:17:59.0892 0x0cec  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:17:59.0907 0x0cec  volmgr - ok
20:17:59.0907 0x0cec  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:17:59.0923 0x0cec  volmgrx - ok
20:17:59.0938 0x0cec  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:17:59.0954 0x0cec  volsnap - ok
20:17:59.0970 0x0cec  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:17:59.0970 0x0cec  vsmraid - ok
20:18:00.0016 0x0cec  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:18:00.0094 0x0cec  VSS - ok
20:18:00.0110 0x0cec  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:18:00.0126 0x0cec  vwifibus - ok
20:18:00.0157 0x0cec  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:18:00.0188 0x0cec  W32Time - ok
20:18:00.0219 0x0cec  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:18:00.0250 0x0cec  WacomPen - ok
20:18:00.0282 0x0cec  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:18:00.0313 0x0cec  WANARP - ok
20:18:00.0328 0x0cec  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:18:00.0344 0x0cec  Wanarpv6 - ok
20:18:00.0391 0x0cec  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:18:00.0438 0x0cec  wbengine - ok
20:18:00.0453 0x0cec  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:18:00.0469 0x0cec  WbioSrvc - ok
20:18:00.0484 0x0cec  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:18:00.0500 0x0cec  wcncsvc - ok
20:18:00.0516 0x0cec  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:18:00.0531 0x0cec  WcsPlugInService - ok
20:18:00.0531 0x0cec  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
20:18:00.0547 0x0cec  Wd - ok
20:18:00.0578 0x0cec  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
20:18:00.0594 0x0cec  WDC_SAM - ok
20:18:00.0656 0x0cec  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:18:00.0703 0x0cec  Wdf01000 - ok
20:18:00.0703 0x0cec  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:18:00.0734 0x0cec  WdiServiceHost - ok
20:18:00.0750 0x0cec  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:18:00.0750 0x0cec  WdiSystemHost - ok
20:18:00.0781 0x0cec  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:18:00.0796 0x0cec  WebClient - ok
20:18:00.0812 0x0cec  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:18:00.0859 0x0cec  Wecsvc - ok
20:18:00.0859 0x0cec  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:18:00.0890 0x0cec  wercplsupport - ok
20:18:00.0906 0x0cec  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:18:00.0937 0x0cec  WerSvc - ok
20:18:00.0937 0x0cec  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:18:00.0968 0x0cec  WfpLwf - ok
20:18:00.0984 0x0cec  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:18:00.0999 0x0cec  WIMMount - ok
20:18:01.0015 0x0cec  WinDefend - ok
20:18:01.0030 0x0cec  WinHttpAutoProxySvc - ok
20:18:01.0062 0x0cec  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:18:01.0093 0x0cec  Winmgmt - ok
20:18:01.0155 0x0cec  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
20:18:01.0202 0x0cec  WinRM - ok
20:18:01.0233 0x0cec  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:18:01.0249 0x0cec  WinUsb - ok
20:18:01.0296 0x0cec  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:18:01.0342 0x0cec  Wlansvc - ok
20:18:01.0514 0x0cec  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:18:01.0576 0x0cec  wlidsvc - ok
20:18:01.0592 0x0cec  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:18:01.0592 0x0cec  WmiAcpi - ok
20:18:01.0608 0x0cec  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:18:01.0623 0x0cec  wmiApSrv - ok
20:18:01.0639 0x0cec  WMPNetworkSvc - ok
20:18:01.0654 0x0cec  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:18:01.0670 0x0cec  WPCSvc - ok
20:18:01.0670 0x0cec  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:18:01.0686 0x0cec  WPDBusEnum - ok
20:18:01.0701 0x0cec  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:18:01.0732 0x0cec  ws2ifsl - ok
20:18:01.0748 0x0cec  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:18:01.0764 0x0cec  wscsvc - ok
20:18:01.0764 0x0cec  WSearch - ok
20:18:01.0779 0x0440  Object send P2P result: true
20:18:01.0842 0x0cec  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:18:01.0904 0x0cec  wuauserv - ok
20:18:01.0920 0x0cec  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:18:01.0935 0x0cec  WudfPf - ok
20:18:01.0951 0x0cec  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:18:01.0966 0x0cec  WUDFRd - ok
20:18:01.0982 0x0cec  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:18:01.0998 0x0cec  wudfsvc - ok
20:18:02.0013 0x0cec  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:18:02.0044 0x0cec  WwanSvc - ok
20:18:02.0044 0x0cec  ================ Scan global ===============================
20:18:02.0091 0x0cec  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:18:02.0122 0x0cec  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:18:02.0154 0x0cec  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:18:02.0154 0x0cec  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:18:02.0185 0x0cec  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:18:02.0185 0x0cec  [ Global ] - ok
20:18:02.0185 0x0cec  ================ Scan MBR ==================================
20:18:02.0200 0x0cec  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:18:02.0450 0x0cec  \Device\Harddisk0\DR0 - ok
20:18:02.0466 0x0cec  [ 205060F860AA1EC25B607A1B5B40A40C ] \Device\Harddisk1\DR1
20:18:02.0559 0x0cec  \Device\Harddisk1\DR1 - ok
20:18:02.0559 0x0cec  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
20:18:03.0105 0x0cec  \Device\Harddisk2\DR2 - ok
20:18:03.0121 0x0cec  [ 988D3C46CBD13EC7F482B833C55264C8 ] \Device\Harddisk3\DR3
20:18:03.0558 0x0cec  \Device\Harddisk3\DR3 - ok
20:18:03.0558 0x0cec  ================ Scan VBR ==================================
20:18:03.0589 0x0cec  [ C07BC3BE82CA91B4832947491A4E6E31 ] \Device\Harddisk0\DR0\Partition1
20:18:03.0589 0x0cec  \Device\Harddisk0\DR0\Partition1 - ok
20:18:03.0589 0x0cec  [ EDB793810F8BAECAE2F9D3C0C5311652 ] \Device\Harddisk0\DR0\Partition2
20:18:03.0636 0x0cec  \Device\Harddisk0\DR0\Partition2 - ok
20:18:03.0636 0x0cec  [ ED28D0D8202823080428C72EEA85B213 ] \Device\Harddisk0\DR0\Partition3
20:18:03.0636 0x0cec  \Device\Harddisk0\DR0\Partition3 - ok
20:18:03.0667 0x0cec  [ 7604813F6EDB7C5C5A77592F1C163FE0 ] \Device\Harddisk1\DR1\Partition1
20:18:03.0667 0x0cec  \Device\Harddisk1\DR1\Partition1 - ok
20:18:03.0682 0x0cec  [ 887DD3C8B480381118BB555328DFF85E ] \Device\Harddisk1\DR1\Partition2
20:18:03.0682 0x0cec  \Device\Harddisk1\DR1\Partition2 - ok
20:18:03.0698 0x0cec  [ 81023E46A17A1940216BCDC3921122DC ] \Device\Harddisk1\DR1\Partition3
20:18:03.0698 0x0cec  \Device\Harddisk1\DR1\Partition3 - ok
20:18:03.0698 0x0cec  [ 60B4F8F9D84337FFBADD364A2E6A3988 ] \Device\Harddisk1\DR1\Partition4
20:18:03.0714 0x0cec  \Device\Harddisk1\DR1\Partition4 - ok
20:18:03.0714 0x0cec  [ 97793C6EBE782489632BE676E2C9BE30 ] \Device\Harddisk2\DR2\Partition1
20:18:03.0714 0x0cec  \Device\Harddisk2\DR2\Partition1 - ok
20:18:03.0714 0x0cec  [ EFB00E60BB2055492290E549E5A4574A ] \Device\Harddisk3\DR3\Partition1
20:18:03.0729 0x0cec  \Device\Harddisk3\DR3\Partition1 - ok
20:18:03.0729 0x0cec  ================ Scan generic autorun ======================
20:18:03.0807 0x0cec  [ 320681DF28D82CDCA7E3EED0846625DB, 7F709ADFB0FE36BEC857A928E9CB29BB5B6C0BAD98824D0302C7BB7185100CB9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
20:18:03.0823 0x0cec  AdobeAAMUpdater-1.0 - ok
20:18:04.0010 0x0cec  [ 3D6737ADDB9B1DF81605C442ED6D2D90, 5B8D68945E1A97FD1AF40333448FE335743F48F46A70E303ADF406CC0CC253FB ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
20:18:04.0135 0x0cec  HDAudDeck - detected UnsignedFile.Multi.Generic ( 1 )
20:18:06.0600 0x0cec  Detect skipped due to KSN trusted
20:18:06.0600 0x0cec  HDAudDeck - ok
20:18:06.0662 0x0cec  [ 94D247679E0862C7FA8C5AD712E03948, B6579E5675DDEE338D5248B6A1769CFCEC72DF127A5A367980F388FE782C4748 ] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe
20:18:06.0678 0x0cec  Cpu Level Up help - ok
20:18:06.0771 0x0cec  [ 80F72159E0EB98A9B32FF61132C2E60D, 7F9AD5AE0C23EC5AB7DD63020897646A57CD275D325D399C35001C3DAC0B147F ] C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
20:18:06.0802 0x0cec  Turbo Key - detected UnsignedFile.Multi.Generic ( 1 )
20:18:09.0267 0x0cec  Detect skipped due to KSN trusted
20:18:09.0267 0x0cec  Turbo Key - ok
20:18:09.0314 0x0cec  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:18:09.0345 0x0cec  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:18:09.0345 0x0cec  Detect skipped due to KSN trusted
20:18:09.0345 0x0cec  SwitchBoard - ok
20:18:09.0392 0x0cec  [ 8FE651ACBA3344E645CFEB6286FFF6B8, ECE4DFFEB7EB0B19B6790FD0F619A5C4B23CA0BA9CC3F25924925F8EA07264B6 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
20:18:09.0423 0x0cec  AdobeCS6ServiceManager - ok
20:18:09.0439 0x0cec  [ C5239F47944FA3036A256DE9BDB94EB6, 3464B8B5036FA954553850A590D765D30E805818049FBF2E6C444B5FB0147BD4 ] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
20:18:09.0454 0x0cec  Zboard - detected UnsignedFile.Multi.Generic ( 1 )
20:18:11.0342 0x16e0  Object required for P2P: [ 320681DF28D82CDCA7E3EED0846625DB ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
20:18:11.0904 0x0cec  Detect skipped due to KSN trusted
20:18:11.0904 0x0cec  Zboard - ok
20:18:11.0966 0x0cec  [ DB3682851D0218AEC5911CD0D1D7AABE, E3186E075F788131C7E6746D035DED5E3056E20784D635D5CAEC00EF3D27CC72 ] C:\Program Files (x86)\BF2Hub Client\bf2hub.exe
20:18:12.0013 0x0cec  BF2Hub Client - detected UnsignedFile.Multi.Generic ( 1 )
20:18:13.0791 0x16e0  Object send P2P result: true
20:18:14.0556 0x0cec  BF2Hub Client ( UnsignedFile.Multi.Generic ) - warning
20:18:17.0005 0x0cec  [ F8A3337DE768B126B061F1B7CD38A436, F93EE8D8D7CA28658587F82C38AE6C13D51A03CFE8DE6AC3BA35DC6A1DB986CE ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
20:18:17.0036 0x0cec  KiesTrayAgent - ok
20:18:17.0083 0x0cec  [ ACFE2A5FBB735E6463B51D19A84B5C1E, ECCA84BD6E56C2370BBCF1EFE88F92649DF040C53D73711C5BBEF19962214119 ] C:\Program Files (x86)\Raptr\raptrstub.exe
20:18:17.0099 0x0cec  Raptr - ok
20:18:17.0208 0x0cec  [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:18:17.0239 0x0cec  StartCCC - ok
20:18:17.0395 0x0cec  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
20:18:17.0473 0x0cec  SDTray - ok
20:18:17.0551 0x0cec  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:18:17.0598 0x0cec  Sidebar - ok
20:18:17.0629 0x0cec  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:18:17.0629 0x0cec  mctadmin - ok
20:18:17.0707 0x0cec  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:18:17.0738 0x0cec  Sidebar - ok
20:18:17.0754 0x0cec  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:18:17.0769 0x0cec  mctadmin - ok
20:18:17.0801 0x0cec  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\SysWOW64\rundll32.exe
20:18:17.0832 0x0cec  NextLive - ok
20:18:17.0957 0x0cec  [ 3255867AE34EDD5346C750677EE63354, 3FC8E1EFF33EE83717C285D0CD388886135C5BF977B69CF6ADCFD4196139D483 ] C:\Program Files (x86)\Steam\Steam.exe
20:18:18.0019 0x0cec  Steam - ok
20:18:18.0175 0x0cec  [ 1BFCA8EBFBDC43B5C7C3BCF92A47DD77, EA4A4B5E4BFB31451A472A3E5F23CA163EB53B7D08C892454D6905B034ABBBF6 ] C:\Program Files (x86)\Origin\Origin.exe
20:18:18.0253 0x0cec  EADM - ok
20:18:18.0315 0x0cec  [ 2F85D5E63A1ECE08085D32C1B615BBFD, 7263F4E0CC7D375CBAA44406F90F427E6EC9382184B3CD62A90C0DD6B7D88372 ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
20:18:18.0347 0x0cec  KiesPreload - ok
20:18:18.0409 0x0cec  [ 50FAF9CD04F26878FE2CDF63BA70971C, F4E725994F0E81E155750F16E9C60504DC70B82A78432B93412BB4024EC99275 ] C:\Users\Wallace\AppData\Local\Temp\Proof-distribute\proof-collect.exe
20:18:18.0409 0x0cec  Suspicious file ( NoAccess ): C:\Users\Wallace\AppData\Local\Temp\Proof-distribute\proof-collect.exe. md5: 50FAF9CD04F26878FE2CDF63BA70971C, sha256: F4E725994F0E81E155750F16E9C60504DC70B82A78432B93412BB4024EC99275
20:18:18.0425 0x0cec  proof-reflect - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
20:18:20.0889 0x0cec  proof-reflect ( Trojan-Spy.Win32.ZBot.gen ) - infected
20:18:20.0889 0x0cec  Force sending object to P2P due to detect: C:\Users\Wallace\AppData\Local\Temp\Proof-distribute\proof-collect.exe
20:18:23.0354 0x0cec  Object send P2P result: true
20:18:25.0772 0x0cec  Win FW state via NFP2: enabled
20:18:28.0175 0x0cec  ============================================================
20:18:28.0175 0x0cec  Scan finished
20:18:28.0175 0x0cec  ============================================================
20:18:28.0190 0x1420  Detected object count: 2
20:18:28.0190 0x1420  Actual detected object count: 2
20:18:36.0021 0x1420  BF2Hub Client ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:36.0021 0x1420  BF2Hub Client ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:18:36.0037 0x1420  C:\Users\Wallace\AppData\Local\Temp\Proof-distribute\proof-collect.exe - copied to quarantine
20:18:36.0037 0x1420  HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce:proof-reflect - will be deleted on reboot
20:18:36.0037 0x1420  C:\Users\Wallace\AppData\Local\Temp\Proof-distribute\proof-collect.exe - will be deleted on reboot
20:18:36.0037 0x1420  proof-reflect ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Delete 
20:18:36.0583 0x1420  KLMD registered as C:\Windows\system32\drivers\08702800.sys
20:18:41.0076 0x0e44  Deinitialize success
         

Alt 24.02.2015, 07:18   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



Hast Du Cure oder Delete gemacht? Bitte nochmal.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.02.2015, 16:45   #10
DaWallace
 
Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



Delete. Also dass was er mir empfohlen hat.

Cure kann ich nicht auswählen. Hab nur die Wahl zwischen Delete, Skip und quarantine.

Alt 25.02.2015, 06:43   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



Dan nochmal delete bitte, dann nochmal nen Scan machen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.02.2015, 18:10   #12
DaWallace
 
Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



Ok, hab ich getan.

Code:
ATTFilter
18:04:44.0334 0x14a8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
18:04:46.0050 0x14a8  ============================================================
18:04:46.0050 0x14a8  Current date / time: 2015/02/25 18:04:46.0050
18:04:46.0050 0x14a8  SystemInfo:
18:04:46.0050 0x14a8  
18:04:46.0050 0x14a8  OS Version: 6.1.7601 ServicePack: 1.0
18:04:46.0050 0x14a8  Product type: Workstation
18:04:46.0050 0x14a8  ComputerName: DRAGON64
18:04:46.0050 0x14a8  UserName: Wallace
18:04:46.0050 0x14a8  Windows directory: C:\Windows
18:04:46.0050 0x14a8  System windows directory: C:\Windows
18:04:46.0050 0x14a8  Running under WOW64
18:04:46.0050 0x14a8  Processor architecture: Intel x64
18:04:46.0050 0x14a8  Number of processors: 4
18:04:46.0050 0x14a8  Page size: 0x1000
18:04:46.0050 0x14a8  Boot type: Normal boot
18:04:46.0050 0x14a8  ============================================================
18:04:48.0265 0x14a8  KLMD registered as C:\Windows\system32\drivers\49526201.sys
18:04:48.0452 0x14a8  System UUID: {16D1EC3B-9554-5EDC-4910-9ECB978DB774}
18:04:48.0842 0x14a8  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:04:48.0858 0x14a8  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:04:48.0858 0x14a8  Drive \Device\Harddisk2\DR2 - Size: 0x1D1BF100000 ( 1862.99 Gb ), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:04:49.0248 0x14a8  Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:04:54.0552 0x14a8  ============================================================
18:04:54.0552 0x14a8  \Device\Harddisk0\DR0:
18:04:54.0552 0x14a8  MBR partitions:
18:04:54.0552 0x14a8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:04:54.0552 0x14a8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55AE0800
18:04:54.0552 0x14a8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x55B13000, BlocksNum 0x1A32800
18:04:54.0552 0x14a8  \Device\Harddisk1\DR1:
18:04:54.0567 0x14a8  MBR partitions:
18:04:54.0567 0x14a8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x61D6AB1, BlocksNum 0xC35314E
18:04:54.0583 0x14a8  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12529C3E, BlocksNum 0x124FAAB4
18:04:54.0598 0x14a8  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x24A24731, BlocksNum 0x15960510
18:04:54.0598 0x14a8  \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x61D2B72
18:04:54.0598 0x14a8  \Device\Harddisk2\DR2:
18:04:54.0598 0x14a8  MBR partitions:
18:04:54.0598 0x14a8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
18:04:54.0598 0x14a8  \Device\Harddisk3\DR3:
18:04:54.0598 0x14a8  MBR partitions:
18:04:54.0598 0x14a8  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A380D41
18:04:54.0598 0x14a8  ============================================================
18:04:54.0630 0x14a8  C: <-> \Device\Harddisk0\DR0\Partition2
18:04:54.0661 0x14a8  D: <-> \Device\Harddisk1\DR1\Partition4
18:04:54.0692 0x14a8  E: <-> \Device\Harddisk1\DR1\Partition1
18:04:54.0723 0x14a8  F: <-> \Device\Harddisk1\DR1\Partition2
18:04:54.0739 0x14a8  G: <-> \Device\Harddisk1\DR1\Partition3
18:04:54.0770 0x14a8  H: <-> \Device\Harddisk0\DR0\Partition3
18:04:54.0801 0x14a8  O: <-> \Device\Harddisk2\DR2\Partition1
18:04:54.0801 0x14a8  Q: <-> \Device\Harddisk3\DR3\Partition1
18:04:54.0801 0x14a8  ============================================================
18:04:54.0801 0x14a8  Initialize success
18:04:54.0801 0x14a8  ============================================================
18:05:01.0104 0x1648  ============================================================
18:05:01.0104 0x1648  Scan started
18:05:01.0104 0x1648  Mode: Manual; SigCheck; TDLFS; 
18:05:01.0104 0x1648  ============================================================
18:05:01.0104 0x1648  KSN ping started
18:05:14.0879 0x1648  KSN ping finished: true
18:05:18.0108 0x1648  ================ Scan system memory ========================
18:05:18.0108 0x1648  System memory - ok
18:05:18.0108 0x1648  ================ Scan services =============================
18:05:18.0233 0x1648  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:05:18.0311 0x1648  1394ohci - ok
18:05:18.0326 0x1648  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:05:18.0357 0x1648  ACPI - ok
18:05:18.0373 0x1648  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:05:18.0420 0x1648  AcpiPmi - ok
18:05:18.0482 0x1648  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:05:18.0498 0x1648  AdobeARMservice - ok
18:05:18.0591 0x1648  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:05:18.0607 0x1648  AdobeFlashPlayerUpdateSvc - ok
18:05:18.0638 0x1648  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:05:18.0669 0x1648  adp94xx - ok
18:05:18.0685 0x1648  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:05:18.0701 0x1648  adpahci - ok
18:05:18.0701 0x1648  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:05:18.0716 0x1648  adpu320 - ok
18:05:18.0747 0x1648  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:05:18.0872 0x1648  AeLookupSvc - ok
18:05:18.0935 0x1648  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
18:05:19.0013 0x1648  AFD - ok
18:05:19.0028 0x1648  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:05:19.0044 0x1648  agp440 - ok
18:05:19.0059 0x1648  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:05:19.0106 0x1648  ALG - ok
18:05:19.0122 0x1648  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:05:19.0122 0x1648  aliide - ok
18:05:19.0153 0x1648  [ B3E801135E0C81733542C14D9AA8120A, 69A19C73BBB942DDEBD079EF924ED1AEFC3516867569618D2FBBD1CD831204C2 ] Alpham1         C:\Windows\system32\DRIVERS\Alpham164.sys
18:05:19.0184 0x1648  Alpham1 - ok
18:05:19.0200 0x1648  [ 6493983FEDBC49D9112703ECE9B251FE, E5D0EEBA8C8D9C02CC4109C86ABC6375E5CF79F6549917C011238FD2DD78BF71 ] Alpham2         C:\Windows\system32\DRIVERS\Alpham264.sys
18:05:19.0231 0x1648  Alpham2 - ok
18:05:19.0293 0x1648  [ F17B1902DFCED1C24DB57492A7896FF8, 966AB1A072A8AF98D7EDD2A388D919B50FC41A06E1C51B04B2C2F54F1BA7F0D5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:05:19.0340 0x1648  AMD External Events Utility - ok
18:05:19.0418 0x1648  AMD FUEL Service - ok
18:05:19.0512 0x1648  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:05:19.0559 0x1648  amdide - ok
18:05:19.0621 0x1648  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:05:19.0637 0x1648  AmdK8 - ok
18:05:20.0323 0x1648  [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:05:20.0885 0x1648  amdkmdag - ok
18:05:20.0947 0x1648  [ AF6B384E03D15471EDCEDDDEBAA363B2, 2D8CFA26D69A8FF0FAC6EBA2E5A62977B21ECBA0C65458072FEC4A886B3EDD73 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:05:20.0978 0x1648  amdkmdap - ok
18:05:21.0009 0x1648  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:05:21.0025 0x1648  AmdPPM - ok
18:05:21.0041 0x1648  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:05:21.0056 0x1648  amdsata - ok
18:05:21.0072 0x1648  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:05:21.0087 0x1648  amdsbs - ok
18:05:21.0103 0x1648  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:05:21.0119 0x1648  amdxata - ok
18:05:21.0119 0x1648  AODDriver4.2.0 - ok
18:05:21.0150 0x1648  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:05:21.0181 0x1648  AODDriver4.3 - ok
18:05:21.0197 0x1648  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
18:05:21.0321 0x1648  AppID - ok
18:05:21.0321 0x1648  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:05:21.0368 0x1648  AppIDSvc - ok
18:05:21.0399 0x1648  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
18:05:21.0462 0x1648  Appinfo - ok
18:05:21.0477 0x1648  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
18:05:21.0493 0x1648  arc - ok
18:05:21.0493 0x1648  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:05:21.0509 0x1648  arcsas - ok
18:05:21.0540 0x1648  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE, DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
18:05:21.0555 0x1648  AsIO - ok
18:05:21.0555 0x1648  [ 22842362DF890F5492F85AA60916A697, EC01380B1C9BF4CFBA018FC314563F0785280172A2A9B51D50F088E7101951EF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
18:05:21.0602 0x1648  asmthub3 - ok
18:05:21.0649 0x1648  [ 08E2D77766CC05E75A0707207D9FC684, 6CF3B12B2B3375B715A3EBC66EF148CEA2248D448A3A37875B7B1BC7CDA40FDD ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
18:05:21.0711 0x1648  asmtxhci - ok
18:05:21.0758 0x1648  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:05:21.0821 0x1648  aspnet_state - ok
18:05:21.0867 0x1648  [ 954FFBFF05B0B60EB63B52AF561436C4, 40228A2B688E827815B5A567584FCF99BF661696DB8CC8BB455393B3CEE35094 ] AsSysCtrlService C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe
18:05:21.0883 0x1648  AsSysCtrlService - ok
18:05:21.0899 0x1648  [ 26D66E32E78D3059715B3A17BC679CD9, 5039CB81CE0829C5F3DED16A4005FEB10141C6C9B473CC319E81BAF6D1DA33E3 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
18:05:21.0914 0x1648  AsUpIO - ok
18:05:21.0914 0x1648  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:05:21.0961 0x1648  AsyncMac - ok
18:05:22.0008 0x1648  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:05:22.0008 0x1648  atapi - ok
18:05:22.0070 0x1648  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:05:22.0086 0x1648  AtiHDAudioService - detected UnsignedFile.Multi.Generic ( 1 )
18:05:24.0473 0x1648  Detect skipped due to KSN trusted
18:05:24.0473 0x1648  AtiHDAudioService - ok
18:05:24.0972 0x1648  [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:05:25.0331 0x1648  atikmdag - ok
18:05:25.0409 0x1648  [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
18:05:25.0424 0x1648  AtiPcie - ok
18:05:25.0455 0x1648  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:05:25.0518 0x1648  AudioEndpointBuilder - ok
18:05:25.0533 0x1648  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:05:25.0549 0x1648  AudioSrv - ok
18:05:25.0596 0x1648  [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject        C:\Windows\system32\drivers\avmeject.sys
18:05:25.0611 0x1648  avmeject - ok
18:05:25.0643 0x1648  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:05:25.0721 0x1648  AxInstSV - ok
18:05:25.0783 0x1648  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:05:25.0845 0x1648  b06bdrv - ok
18:05:25.0877 0x1648  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:05:25.0939 0x1648  b57nd60a - ok
18:05:25.0955 0x1648  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:05:26.0001 0x1648  BDESVC - ok
18:05:26.0001 0x1648  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:05:26.0048 0x1648  Beep - ok
18:05:26.0142 0x1648  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:05:26.0204 0x1648  BFE - ok
18:05:26.0282 0x1648  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:05:26.0345 0x1648  BITS - ok
18:05:26.0360 0x1648  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:05:26.0376 0x1648  blbdrive - ok
18:05:26.0391 0x1648  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:05:26.0454 0x1648  bowser - ok
18:05:26.0469 0x1648  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:05:26.0501 0x1648  BrFiltLo - ok
18:05:26.0516 0x1648  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:05:26.0532 0x1648  BrFiltUp - ok
18:05:26.0563 0x1648  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:05:26.0579 0x1648  Browser - ok
18:05:26.0625 0x1648  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:05:26.0657 0x1648  Brserid - ok
18:05:26.0688 0x1648  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:05:26.0703 0x1648  BrSerWdm - ok
18:05:26.0719 0x1648  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:05:26.0735 0x1648  BrUsbMdm - ok
18:05:26.0750 0x1648  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:05:26.0766 0x1648  BrUsbSer - ok
18:05:26.0781 0x1648  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:05:26.0797 0x1648  BTHMODEM - ok
18:05:26.0828 0x1648  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:05:26.0859 0x1648  bthserv - ok
18:05:26.0891 0x1648  [ DC22832C7A65054129DEFE8BC0C6E2B6, 913C8FE83A1FFDC6A1EA54B910D98D9A4C8EF049D0B1D0D0AFB5BF1514AABE59 ] camfilt2        C:\Windows\system32\DRIVERS\camfilt2.sys
18:05:26.0906 0x1648  camfilt2 - ok
18:05:26.0937 0x1648  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:05:26.0984 0x1648  cdfs - ok
18:05:27.0000 0x1648  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:05:27.0015 0x1648  cdrom - ok
18:05:27.0031 0x1648  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:05:27.0062 0x1648  CertPropSvc - ok
18:05:27.0078 0x1648  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:05:27.0093 0x1648  circlass - ok
18:05:27.0125 0x1648  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
18:05:27.0140 0x1648  CLFS - ok
18:05:27.0187 0x1648  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:05:27.0218 0x1648  clr_optimization_v2.0.50727_32 - ok
18:05:27.0249 0x1648  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:05:27.0249 0x1648  clr_optimization_v2.0.50727_64 - ok
18:05:27.0312 0x1648  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:05:27.0374 0x1648  clr_optimization_v4.0.30319_32 - ok
18:05:27.0390 0x1648  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:05:27.0421 0x1648  clr_optimization_v4.0.30319_64 - ok
18:05:27.0437 0x1648  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:05:27.0452 0x1648  CmBatt - ok
18:05:27.0483 0x1648  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:05:27.0483 0x1648  cmdide - ok
18:05:27.0515 0x1648  [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:05:27.0546 0x1648  CNG - ok
18:05:27.0561 0x1648  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:05:27.0561 0x1648  Compbatt - ok
18:05:27.0577 0x1648  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:05:27.0608 0x1648  CompositeBus - ok
18:05:27.0608 0x1648  COMSysApp - ok
18:05:27.0608 0x1648  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:05:27.0624 0x1648  crcdisk - ok
18:05:27.0655 0x1648  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:05:27.0686 0x1648  CryptSvc - ok
18:05:27.0733 0x1648  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:05:27.0795 0x1648  DcomLaunch - ok
18:05:27.0827 0x1648  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:05:27.0858 0x1648  defragsvc - ok
18:05:27.0858 0x1648  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:05:27.0905 0x1648  DfsC - ok
18:05:27.0936 0x1648  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
18:05:27.0951 0x1648  dg_ssudbus - ok
18:05:27.0983 0x1648  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:05:28.0014 0x1648  Dhcp - ok
18:05:28.0045 0x1648  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:05:28.0092 0x1648  discache - ok
18:05:28.0092 0x1648  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
18:05:28.0107 0x1648  Disk - ok
18:05:28.0139 0x1648  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:05:28.0154 0x1648  Dnscache - ok
18:05:28.0170 0x1648  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:05:28.0217 0x1648  dot3svc - ok
18:05:28.0232 0x1648  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:05:28.0263 0x1648  DPS - ok
18:05:28.0279 0x1648  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:05:28.0341 0x1648  drmkaud - ok
18:05:28.0388 0x1648  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:05:28.0435 0x1648  DXGKrnl - ok
18:05:28.0466 0x1648  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:05:28.0513 0x1648  EapHost - ok
18:05:28.0622 0x1648  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:05:28.0747 0x1648  ebdrv - ok
18:05:28.0778 0x1648  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS             C:\Windows\System32\lsass.exe
18:05:28.0825 0x1648  EFS - ok
18:05:28.0903 0x1648  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:05:28.0965 0x1648  ehRecvr - ok
18:05:28.0981 0x1648  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:05:28.0997 0x1648  ehSched - ok
18:05:29.0043 0x1648  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:05:29.0075 0x1648  elxstor - ok
18:05:29.0090 0x1648  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:05:29.0153 0x1648  ErrDev - ok
18:05:29.0262 0x1648  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:05:29.0324 0x1648  EventSystem - ok
18:05:29.0355 0x1648  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:05:29.0387 0x1648  exfat - ok
18:05:29.0402 0x1648  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:05:29.0433 0x1648  fastfat - ok
18:05:29.0449 0x1648  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:05:29.0574 0x1648  Fax - ok
18:05:29.0589 0x1648  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
18:05:29.0605 0x1648  fdc - ok
18:05:29.0621 0x1648  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:05:29.0652 0x1648  fdPHost - ok
18:05:29.0667 0x1648  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:05:29.0699 0x1648  FDResPub - ok
18:05:29.0699 0x1648  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:05:29.0714 0x1648  FileInfo - ok
18:05:29.0714 0x1648  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:05:29.0745 0x1648  Filetrace - ok
18:05:29.0761 0x1648  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:05:29.0777 0x1648  flpydisk - ok
18:05:29.0792 0x1648  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:05:29.0808 0x1648  FltMgr - ok
18:05:29.0839 0x1648  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
18:05:29.0917 0x1648  FontCache - ok
18:05:29.0964 0x1648  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:05:29.0979 0x1648  FontCache3.0.0.0 - ok
18:05:29.0995 0x1648  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:05:30.0026 0x1648  FsDepends - ok
18:05:30.0026 0x1648  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:05:30.0042 0x1648  Fs_Rec - ok
18:05:30.0057 0x1648  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:05:30.0073 0x1648  fvevol - ok
18:05:30.0104 0x1648  [ 444534CBA693DD23C1CC589681E01656, DF8ED7FFA66E0A88EBB58A491A177D8CEB35B08B0911D7A1F4B8865755DC27CE ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
18:05:30.0151 0x1648  FWLANUSB - ok
18:05:30.0167 0x1648  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:05:30.0182 0x1648  gagp30kx - ok
18:05:30.0229 0x1648  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:05:30.0276 0x1648  gpsvc - ok
18:05:30.0338 0x1648  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:05:30.0354 0x1648  gupdate - ok
18:05:30.0369 0x1648  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:05:30.0369 0x1648  gupdatem - ok
18:05:30.0385 0x1648  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:05:30.0416 0x1648  hcw85cir - ok
18:05:30.0432 0x1648  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:05:30.0463 0x1648  HdAudAddService - ok
18:05:30.0479 0x1648  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:05:30.0494 0x1648  HDAudBus - ok
18:05:30.0510 0x1648  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:05:30.0525 0x1648  HidBatt - ok
18:05:30.0541 0x1648  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:05:30.0572 0x1648  HidBth - ok
18:05:30.0588 0x1648  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:05:30.0603 0x1648  HidIr - ok
18:05:30.0619 0x1648  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
18:05:30.0650 0x1648  hidserv - ok
18:05:30.0666 0x1648  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:05:30.0713 0x1648  HidUsb - ok
18:05:30.0744 0x1648  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:05:30.0822 0x1648  hkmsvc - ok
18:05:30.0837 0x1648  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:05:30.0869 0x1648  HomeGroupListener - ok
18:05:30.0900 0x1648  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:05:30.0900 0x1648  HomeGroupProvider - ok
18:05:30.0915 0x1648  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:05:30.0931 0x1648  HpSAMD - ok
18:05:30.0962 0x1648  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:05:30.0993 0x1648  HTTP - ok
18:05:31.0009 0x1648  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:05:31.0025 0x1648  hwpolicy - ok
18:05:31.0040 0x1648  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:05:31.0056 0x1648  i8042prt - ok
18:05:31.0087 0x1648  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:05:31.0103 0x1648  iaStorV - ok
18:05:31.0165 0x1648  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:05:31.0181 0x1648  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
18:05:33.0583 0x1648  Detect skipped due to KSN trusted
18:05:33.0583 0x1648  IDriverT - ok
18:05:33.0661 0x1648  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:05:33.0692 0x1648  idsvc - ok
18:05:33.0708 0x1648  IEEtwCollectorService - ok
18:05:33.0708 0x1648  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:05:33.0723 0x1648  iirsp - ok
18:05:33.0770 0x1648  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:05:33.0801 0x1648  IKEEXT - ok
18:05:33.0817 0x1648  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:05:33.0833 0x1648  intelide - ok
18:05:33.0848 0x1648  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
18:05:33.0864 0x1648  intelppm - ok
18:05:33.0895 0x1648  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:05:33.0926 0x1648  IPBusEnum - ok
18:05:33.0942 0x1648  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:05:34.0004 0x1648  IpFilterDriver - ok
18:05:34.0035 0x1648  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:05:34.0082 0x1648  iphlpsvc - ok
18:05:34.0098 0x1648  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:05:34.0129 0x1648  IPMIDRV - ok
18:05:34.0145 0x1648  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:05:34.0176 0x1648  IPNAT - ok
18:05:34.0191 0x1648  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:05:34.0207 0x1648  IRENUM - ok
18:05:34.0207 0x1648  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:05:34.0223 0x1648  isapnp - ok
18:05:34.0238 0x1648  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:05:34.0285 0x1648  iScsiPrt - ok
18:05:34.0301 0x1648  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:05:34.0347 0x1648  kbdclass - ok
18:05:34.0363 0x1648  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:05:34.0441 0x1648  kbdhid - ok
18:05:34.0472 0x1648  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso          C:\Windows\system32\lsass.exe
18:05:34.0503 0x1648  KeyIso - ok
18:05:34.0519 0x1648  [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:05:34.0535 0x1648  KSecDD - ok
18:05:34.0535 0x1648  [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:05:34.0550 0x1648  KSecPkg - ok
18:05:34.0566 0x1648  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:05:34.0581 0x1648  ksthunk - ok
18:05:34.0613 0x1648  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:05:34.0644 0x1648  KtmRm - ok
18:05:34.0675 0x1648  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:05:34.0722 0x1648  LanmanServer - ok
18:05:34.0737 0x1648  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:05:34.0784 0x1648  LanmanWorkstation - ok
18:05:34.0800 0x1648  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:05:34.0831 0x1648  lltdio - ok
18:05:34.0862 0x1648  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:05:34.0909 0x1648  lltdsvc - ok
18:05:34.0909 0x1648  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:05:34.0956 0x1648  lmhosts - ok
18:05:34.0971 0x1648  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:05:34.0987 0x1648  LSI_FC - ok
18:05:34.0987 0x1648  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:05:35.0003 0x1648  LSI_SAS - ok
18:05:35.0003 0x1648  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:05:35.0018 0x1648  LSI_SAS2 - ok
18:05:35.0018 0x1648  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:05:35.0034 0x1648  LSI_SCSI - ok
18:05:35.0034 0x1648  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:05:35.0081 0x1648  luafv - ok
18:05:35.0112 0x1648  [ F0DCD0FD9D79668E34A660F49C8C00BC, 1A57E0E6528AD21F983577E3945B3B72A3A3614E6245313330A4351D9FD3F207 ] MADFULEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys
18:05:35.0127 0x1648  MADFULEGACYKEYBOARD - ok
18:05:35.0143 0x1648  [ FAEDBEE189A877E302B023BD24FAEBF8, C6E77B90D5D53E539A3AE35D42DD17E90AC1F90B3698C4600BC537E58EA867E4 ] MAUSBLEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys
18:05:35.0174 0x1648  MAUSBLEGACYKEYBOARD - ok
18:05:35.0205 0x1648  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:05:35.0205 0x1648  Mcx2Svc - ok
18:05:35.0221 0x1648  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:05:35.0237 0x1648  megasas - ok
18:05:35.0252 0x1648  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:05:35.0268 0x1648  MegaSR - ok
18:05:35.0283 0x1648  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:05:35.0315 0x1648  MMCSS - ok
18:05:35.0346 0x1648  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:05:35.0361 0x1648  Modem - ok
18:05:35.0377 0x1648  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:05:35.0408 0x1648  monitor - ok
18:05:35.0424 0x1648  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:05:35.0424 0x1648  mouclass - ok
18:05:35.0439 0x1648  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:05:35.0455 0x1648  mouhid - ok
18:05:35.0471 0x1648  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:05:35.0471 0x1648  mountmgr - ok
18:05:35.0502 0x1648  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:05:35.0517 0x1648  MozillaMaintenance - ok
18:05:35.0533 0x1648  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:05:35.0549 0x1648  mpio - ok
18:05:35.0549 0x1648  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:05:35.0611 0x1648  mpsdrv - ok
18:05:35.0642 0x1648  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:05:35.0705 0x1648  MpsSvc - ok
18:05:35.0720 0x1648  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:05:35.0767 0x1648  MRxDAV - ok
18:05:35.0798 0x1648  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:05:35.0845 0x1648  mrxsmb - ok
18:05:35.0876 0x1648  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:05:35.0892 0x1648  mrxsmb10 - ok
18:05:35.0907 0x1648  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:05:35.0939 0x1648  mrxsmb20 - ok
18:05:35.0954 0x1648  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:05:35.0970 0x1648  msahci - ok
18:05:35.0970 0x1648  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:05:35.0985 0x1648  msdsm - ok
18:05:36.0001 0x1648  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:05:36.0017 0x1648  MSDTC - ok
18:05:36.0017 0x1648  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:05:36.0048 0x1648  Msfs - ok
18:05:36.0063 0x1648  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:05:36.0079 0x1648  mshidkmdf - ok
18:05:36.0079 0x1648  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:05:36.0095 0x1648  msisadrv - ok
18:05:36.0110 0x1648  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:05:36.0141 0x1648  MSiSCSI - ok
18:05:36.0141 0x1648  msiserver - ok
18:05:36.0157 0x1648  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:05:36.0188 0x1648  MSKSSRV - ok
18:05:36.0204 0x1648  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:05:36.0235 0x1648  MSPCLOCK - ok
18:05:36.0235 0x1648  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:05:36.0266 0x1648  MSPQM - ok
18:05:36.0282 0x1648  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:05:36.0297 0x1648  MsRPC - ok
18:05:36.0313 0x1648  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:05:36.0329 0x1648  mssmbios - ok
18:05:36.0344 0x1648  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:05:36.0360 0x1648  MSTEE - ok
18:05:36.0375 0x1648  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:05:36.0391 0x1648  MTConfig - ok
18:05:36.0407 0x1648  [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
18:05:36.0422 0x1648  MTsensor - ok
18:05:36.0422 0x1648  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:05:36.0438 0x1648  Mup - ok
18:05:36.0453 0x1648  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:05:36.0500 0x1648  napagent - ok
18:05:36.0531 0x1648  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:05:36.0563 0x1648  NativeWifiP - ok
18:05:36.0625 0x1648  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:05:36.0672 0x1648  NDIS - ok
18:05:36.0672 0x1648  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:05:36.0703 0x1648  NdisCap - ok
18:05:36.0703 0x1648  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:05:36.0734 0x1648  NdisTapi - ok
18:05:36.0750 0x1648  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:05:36.0781 0x1648  Ndisuio - ok
18:05:36.0797 0x1648  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:05:36.0843 0x1648  NdisWan - ok
18:05:36.0843 0x1648  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:05:36.0875 0x1648  NDProxy - ok
18:05:36.0890 0x1648  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:05:36.0921 0x1648  NetBIOS - ok
18:05:36.0937 0x1648  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:05:36.0968 0x1648  NetBT - ok
18:05:36.0984 0x1648  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon        C:\Windows\system32\lsass.exe
18:05:36.0984 0x1648  Netlogon - ok
18:05:36.0999 0x1648  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:05:37.0046 0x1648  Netman - ok
18:05:37.0062 0x1648  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:05:37.0077 0x1648  NetMsmqActivator - ok
18:05:37.0077 0x1648  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:05:37.0093 0x1648  NetPipeActivator - ok
18:05:37.0124 0x1648  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:05:37.0171 0x1648  netprofm - ok
18:05:37.0171 0x1648  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:05:37.0187 0x1648  NetTcpActivator - ok
18:05:37.0202 0x1648  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:05:37.0202 0x1648  NetTcpPortSharing - ok
18:05:37.0218 0x1648  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:05:37.0218 0x1648  nfrd960 - ok
18:05:37.0249 0x1648  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:05:37.0296 0x1648  NlaSvc - ok
18:05:37.0296 0x1648  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:05:37.0327 0x1648  Npfs - ok
18:05:37.0343 0x1648  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:05:37.0374 0x1648  nsi - ok
18:05:37.0374 0x1648  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:05:37.0405 0x1648  nsiproxy - ok
18:05:37.0514 0x1648  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:05:37.0577 0x1648  Ntfs - ok
18:05:37.0592 0x1648  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:05:37.0639 0x1648  Null - ok
18:05:37.0670 0x1648  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:05:37.0670 0x1648  nvraid - ok
18:05:37.0701 0x1648  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:05:37.0701 0x1648  nvstor - ok
18:05:37.0733 0x1648  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:05:37.0748 0x1648  nv_agp - ok
18:05:37.0748 0x1648  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:05:37.0764 0x1648  ohci1394 - ok
18:05:37.0795 0x1648  [ FA5D730CE3F3A3BD21C1040E212230D4, 74C4C5DD79D60D7A5821F514614861FC7EE0C7160F7F8A96683087DEDE67C2C6 ] OM0530          C:\Windows\system32\Drivers\ov530vx.sys
18:05:37.0795 0x1648  OM0530 - ok
18:05:37.0920 0x1648  [ 4F2ED8FB21F127DC1FA98D4CA2279E75, 96DB5DF9C55757EB2F761309036F87D8C55BAB2851FBB716A02A9248712CB13A ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
18:05:37.0982 0x1648  Origin Client Service - ok
18:05:38.0029 0x1648  [ 2B7D360154E5324F9BA181AF0DBFB2AA, DD53FEDAEC6CB8243142561A946B7A372C320A2C69F8896D33DB504B78707D35 ] OverwolfUpdaterService C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
18:05:38.0029 0x1648  OverwolfUpdaterService - ok
18:05:38.0107 0x1648  [ E357862CA46F2C3E98E5E8007A317363, 0A3ADF2F6A8800EA1A76BBA58D5CB1B22A70DF895EF5D4C7169456B0C44061ED ] OxygenAudioDevMon C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
18:05:38.0169 0x1648  OxygenAudioDevMon - ok
18:05:38.0201 0x1648  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:05:38.0247 0x1648  p2pimsvc - ok
18:05:38.0279 0x1648  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:05:38.0294 0x1648  p2psvc - ok
18:05:38.0310 0x1648  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:05:38.0325 0x1648  Parport - ok
18:05:38.0357 0x1648  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:05:38.0357 0x1648  partmgr - ok
18:05:38.0372 0x1648  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:05:38.0403 0x1648  PcaSvc - ok
18:05:38.0403 0x1648  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:05:38.0419 0x1648  pci - ok
18:05:38.0435 0x1648  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:05:38.0450 0x1648  pciide - ok
18:05:38.0466 0x1648  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:05:38.0481 0x1648  pcmcia - ok
18:05:38.0481 0x1648  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:05:38.0497 0x1648  pcw - ok
18:05:38.0528 0x1648  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:05:38.0591 0x1648  PEAUTH - ok
18:05:38.0653 0x1648  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:05:38.0669 0x1648  PerfHost - ok
18:05:38.0731 0x1648  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:05:38.0809 0x1648  pla - ok
18:05:38.0840 0x1648  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:05:38.0903 0x1648  PlugPlay - ok
18:05:38.0949 0x1648  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
18:05:38.0965 0x1648  PnkBstrA - ok
18:05:38.0981 0x1648  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:05:38.0996 0x1648  PNRPAutoReg - ok
18:05:39.0027 0x1648  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:05:39.0043 0x1648  PNRPsvc - ok
18:05:39.0059 0x1648  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:05:39.0090 0x1648  PolicyAgent - ok
18:05:39.0121 0x1648  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:05:39.0168 0x1648  Power - ok
18:05:39.0183 0x1648  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:05:39.0199 0x1648  PptpMiniport - ok
18:05:39.0215 0x1648  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
18:05:39.0261 0x1648  Processor - ok
18:05:39.0293 0x1648  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:05:39.0371 0x1648  ProfSvc - ok
18:05:39.0386 0x1648  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:05:39.0402 0x1648  ProtectedStorage - ok
18:05:39.0402 0x1648  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:05:39.0433 0x1648  Psched - ok
18:05:39.0464 0x1648  [ BC08F7F3C53CBEE68670ED1314E290FD, EC683DDE60AFED297D28BC7570BB6DA27A94F52417AD6DE1FBE265255F4051DD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
18:05:39.0464 0x1648  PxHlpa64 - ok
18:05:39.0573 0x1648  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:05:39.0620 0x1648  ql2300 - ok
18:05:39.0636 0x1648  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:05:39.0651 0x1648  ql40xx - ok
18:05:39.0667 0x1648  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:05:39.0683 0x1648  QWAVE - ok
18:05:39.0698 0x1648  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:05:39.0729 0x1648  QWAVEdrv - ok
18:05:39.0745 0x1648  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:05:39.0761 0x1648  RasAcd - ok
18:05:39.0792 0x1648  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:05:39.0823 0x1648  RasAgileVpn - ok
18:05:39.0839 0x1648  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:05:39.0870 0x1648  RasAuto - ok
18:05:39.0870 0x1648  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:39.0901 0x1648  Rasl2tp - ok
18:05:39.0917 0x1648  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:05:39.0963 0x1648  RasMan - ok
18:05:39.0979 0x1648  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:40.0026 0x1648  RasPppoe - ok
18:05:40.0026 0x1648  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:05:40.0057 0x1648  RasSstp - ok
18:05:40.0088 0x1648  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:05:40.0119 0x1648  rdbss - ok
18:05:40.0135 0x1648  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:05:40.0151 0x1648  rdpbus - ok
18:05:40.0166 0x1648  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:40.0197 0x1648  RDPCDD - ok
18:05:40.0197 0x1648  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:05:40.0244 0x1648  RDPENCDD - ok
18:05:40.0244 0x1648  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:05:40.0275 0x1648  RDPREFMP - ok
18:05:40.0291 0x1648  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:05:40.0353 0x1648  RdpVideoMiniport - ok
18:05:40.0385 0x1648  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:05:40.0431 0x1648  RDPWD - ok
18:05:40.0447 0x1648  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:05:40.0463 0x1648  rdyboost - ok
18:05:40.0494 0x1648  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:05:40.0572 0x1648  RemoteAccess - ok
18:05:40.0587 0x1648  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:05:40.0619 0x1648  RemoteRegistry - ok
18:05:40.0619 0x1648  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:05:40.0681 0x1648  RpcEptMapper - ok
18:05:40.0697 0x1648  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:05:40.0712 0x1648  RpcLocator - ok
18:05:40.0728 0x1648  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:05:40.0775 0x1648  RpcSs - ok
18:05:40.0775 0x1648  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:05:40.0821 0x1648  rspndr - ok
18:05:40.0853 0x1648  [ 8181B5E7BFC040E0B26349C73E719335, EBB244A7E8E2CDC51041B2C2A78DCB77324F9E3746942C84902FCD928ADED897 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:05:40.0884 0x1648  RTL8167 - ok
18:05:40.0899 0x1648  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs           C:\Windows\system32\lsass.exe
18:05:40.0899 0x1648  SamSs - ok
18:05:40.0915 0x1648  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:05:40.0915 0x1648  sbp2port - ok
18:05:40.0946 0x1648  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:05:40.0977 0x1648  SCardSvr - ok
18:05:40.0977 0x1648  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:05:41.0009 0x1648  scfilter - ok
18:05:41.0040 0x1648  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:05:41.0102 0x1648  Schedule - ok
18:05:41.0133 0x1648  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:05:41.0165 0x1648  SCPolicySvc - ok
18:05:41.0180 0x1648  [ 8B56BDCE6A303DDE63D63440D1CF9AD1, 66A4356C29D00A1B8A95975C073AE4E6D2A90CBF3B143FE9B83B96BEC0805D46 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
18:05:41.0196 0x1648  ScreamBAudioSvc - ok
18:05:41.0211 0x1648  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:05:41.0243 0x1648  SDRSVC - ok
18:05:41.0336 0x1648  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
18:05:41.0414 0x1648  SDScannerService - ok
18:05:41.0477 0x1648  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:05:41.0555 0x1648  SDUpdateService - ok
18:05:41.0570 0x1648  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:05:41.0586 0x1648  SDWSCService - ok
18:05:41.0601 0x1648  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:05:41.0617 0x1648  secdrv - ok
18:05:41.0633 0x1648  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:05:41.0679 0x1648  seclogon - ok
18:05:41.0679 0x1648  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
18:05:41.0711 0x1648  SENS - ok
18:05:41.0726 0x1648  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:05:41.0757 0x1648  SensrSvc - ok
18:05:41.0773 0x1648  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:05:41.0773 0x1648  Serenum - ok
18:05:41.0789 0x1648  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:05:41.0804 0x1648  Serial - ok
18:05:41.0820 0x1648  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:05:41.0835 0x1648  sermouse - ok
18:05:41.0851 0x1648  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:05:41.0898 0x1648  SessionEnv - ok
18:05:41.0913 0x1648  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:05:41.0945 0x1648  sffdisk - ok
18:05:41.0960 0x1648  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:05:41.0991 0x1648  sffp_mmc - ok
18:05:42.0007 0x1648  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:05:42.0023 0x1648  sffp_sd - ok
18:05:42.0038 0x1648  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:05:42.0054 0x1648  sfloppy - ok
18:05:42.0101 0x1648  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:05:42.0225 0x1648  SharedAccess - ok
18:05:42.0257 0x1648  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:05:42.0303 0x1648  ShellHWDetection - ok
18:05:42.0319 0x1648  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:05:42.0335 0x1648  SiSRaid2 - ok
18:05:42.0350 0x1648  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:05:42.0366 0x1648  SiSRaid4 - ok
18:05:42.0381 0x1648  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:05:42.0413 0x1648  Smb - ok
18:05:42.0428 0x1648  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:05:42.0444 0x1648  SNMPTRAP - ok
18:05:42.0459 0x1648  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:05:42.0459 0x1648  spldr - ok
18:05:42.0506 0x1648  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:05:42.0569 0x1648  Spooler - ok
18:05:42.0693 0x1648  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:05:42.0834 0x1648  sppsvc - ok
18:05:42.0849 0x1648  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:05:42.0881 0x1648  sppuinotify - ok
18:05:42.0927 0x1648  [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd            C:\Windows\System32\Drivers\sptd.sys
18:05:42.0943 0x1648  sptd - ok
18:05:43.0005 0x1648  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:05:43.0037 0x1648  srv - ok
18:05:43.0052 0x1648  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:05:43.0083 0x1648  srv2 - ok
18:05:43.0099 0x1648  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:05:43.0115 0x1648  srvnet - ok
18:05:43.0130 0x1648  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:05:43.0177 0x1648  SSDPSRV - ok
18:05:43.0177 0x1648  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:05:43.0208 0x1648  SstpSvc - ok
18:05:43.0239 0x1648  [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
18:05:43.0255 0x1648  ssudmdm - ok
18:05:43.0271 0x1648  [ F7093A27C4AF6D9EEA0ACAC1C4FF6828, 40E1A8FB08D3063711E87C15B24009B397CAD279905AA72FADBB4A8B611474CD ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
18:05:43.0286 0x1648  ssudserd - ok
18:05:43.0364 0x1648  [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:05:43.0395 0x1648  Steam Client Service - ok
18:05:43.0411 0x1648  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:05:43.0411 0x1648  stexstor - ok
18:05:43.0442 0x1648  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:05:43.0473 0x1648  stisvc - ok
18:05:43.0473 0x1648  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:05:43.0489 0x1648  swenum - ok
18:05:43.0536 0x1648  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:05:43.0583 0x1648  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
18:05:48.0949 0x0c64  Object required for P2P: [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject
18:05:49.0401 0x1648  Detect skipped due to KSN trusted
18:05:49.0401 0x1648  SwitchBoard - ok
18:05:49.0448 0x1648  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:05:49.0511 0x1648  swprv - ok
18:05:49.0557 0x1648  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:05:49.0635 0x1648  SysMain - ok
18:05:49.0635 0x1648  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:05:49.0667 0x1648  TabletInputService - ok
18:05:49.0698 0x1648  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:05:49.0807 0x1648  TapiSrv - ok
18:05:49.0854 0x1648  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:05:49.0916 0x1648  TBS - ok
18:05:49.0979 0x1648  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:05:50.0041 0x1648  Tcpip - ok
18:05:50.0103 0x1648  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:05:50.0150 0x1648  TCPIP6 - ok
18:05:50.0166 0x1648  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:05:50.0181 0x1648  tcpipreg - ok
18:05:50.0197 0x1648  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:05:50.0228 0x1648  TDPIPE - ok
18:05:50.0275 0x1648  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:05:50.0291 0x1648  TDTCP - ok
18:05:50.0322 0x1648  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:05:50.0353 0x1648  tdx - ok
18:05:50.0369 0x1648  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:05:50.0384 0x1648  TermDD - ok
18:05:50.0431 0x1648  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
18:05:50.0478 0x1648  TermService - ok
18:05:50.0493 0x1648  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:05:50.0493 0x1648  Themes - ok
18:05:50.0525 0x1648  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:05:50.0540 0x1648  THREADORDER - ok
18:05:50.0556 0x1648  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:05:50.0587 0x1648  TrkWks - ok
18:05:50.0634 0x1648  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:05:50.0665 0x1648  TrustedInstaller - ok
18:05:50.0681 0x1648  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:50.0696 0x1648  tssecsrv - ok
18:05:50.0712 0x1648  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:05:50.0759 0x1648  TsUsbFlt - ok
18:05:50.0790 0x1648  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:05:50.0805 0x1648  TsUsbGD - ok
18:05:50.0930 0x1648  [ 258C050D197D923668B36C8D3F6A2353, 9A8CDC8FDCF24986FE963566591E2B535653837A8A63EE462126D336E6F94E97 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
18:05:51.0008 0x1648  TuneUp.UtilitiesSvc - ok
18:05:51.0039 0x1648  [ 45427C4B8CAC6B241478F149B935CD80, 7F772D6D00D1ADD394F5907804661C75780EE9F8DF21EF0719D3E4ABA00092B7 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
18:05:51.0055 0x1648  TuneUpUtilitiesDrv - ok
18:05:51.0071 0x1648  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:05:51.0102 0x1648  tunnel - ok
18:05:51.0117 0x1648  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:05:51.0133 0x1648  uagp35 - ok
18:05:51.0164 0x1648  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:05:51.0195 0x1648  udfs - ok
18:05:51.0211 0x1648  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:05:51.0227 0x1648  UI0Detect - ok
18:05:51.0242 0x1648  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:05:51.0258 0x1648  uliagpkx - ok
18:05:51.0273 0x1648  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:05:51.0289 0x1648  umbus - ok
18:05:51.0305 0x1648  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:05:51.0320 0x1648  UmPass - ok
18:05:51.0351 0x1648  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:05:51.0383 0x1648  upnphost - ok
18:05:51.0414 0x1648  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:05:51.0429 0x1648  usbaudio - ok
18:05:51.0445 0x1648  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:51.0476 0x1648  usbccgp - ok
18:05:51.0507 0x1648  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:05:51.0523 0x1648  usbcir - ok
18:05:51.0539 0x1648  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:05:51.0554 0x1648  usbehci - ok
18:05:51.0570 0x1648  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:05:51.0585 0x1648  usbhub - ok
18:05:51.0601 0x1648  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:05:51.0617 0x1648  usbohci - ok
18:05:51.0632 0x1648  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:05:51.0663 0x1648  usbprint - ok
18:05:51.0695 0x1648  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:51.0741 0x1648  USBSTOR - ok
18:05:51.0773 0x1648  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:05:51.0819 0x1648  usbuhci - ok
18:05:51.0851 0x1648  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:05:51.0882 0x1648  usbvideo - ok
18:05:51.0897 0x1648  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:05:51.0929 0x1648  UxSms - ok
18:05:51.0960 0x1648  [ 97BCD40E27C46B398524DF9B4DC88A6F, D1466C414B6044B65D63138B3C42B54B3B6E54AD40613E171F980D0E0D9627B5 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
18:05:51.0960 0x1648  UxTuneUp - ok
18:05:51.0975 0x1648  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc        C:\Windows\system32\lsass.exe
18:05:51.0975 0x1648  VaultSvc - ok
18:05:51.0991 0x1648  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:05:52.0007 0x1648  vdrvroot - ok
18:05:52.0022 0x1648  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:05:52.0069 0x1648  vds - ok
18:05:52.0100 0x1648  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:52.0116 0x1648  vga - ok
18:05:52.0131 0x1648  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:05:52.0163 0x1648  VgaSave - ok
18:05:52.0178 0x1648  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:05:52.0194 0x1648  vhdmp - ok
18:05:52.0303 0x1648  [ EECF5B7210D773F3501CEDA848D53D31, C98034418DA5351A82B3FFAFBD277BAE4AE8AF25DD491BF628CEA0C708A5A9B2 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
18:05:52.0381 0x1648  VIAHdAudAddService - ok
18:05:52.0412 0x1648  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:05:52.0412 0x1648  viaide - ok
18:05:52.0428 0x1648  [ 43412F74D9516EF87988F2397A9B8E78, 82253E49D2762D67D202A8D3A215EF5F937ADFCF711AD238B6FDACAE0CC80A49 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
18:05:52.0428 0x1648  VIAKaraokeService - ok
18:05:52.0443 0x1648  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:05:52.0443 0x1648  volmgr - ok
18:05:52.0459 0x1648  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:05:52.0475 0x1648  volmgrx - ok
18:05:52.0490 0x1648  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:05:52.0506 0x1648  volsnap - ok
18:05:52.0521 0x1648  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:05:52.0521 0x1648  vsmraid - ok
18:05:52.0568 0x1648  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:05:52.0662 0x1648  VSS - ok
18:05:52.0677 0x1648  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:05:52.0709 0x1648  vwifibus - ok
18:05:52.0724 0x1648  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:05:52.0771 0x1648  W32Time - ok
18:05:52.0787 0x1648  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:05:52.0818 0x1648  WacomPen - ok
18:05:52.0833 0x1648  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:05:52.0865 0x1648  WANARP - ok
18:05:52.0865 0x1648  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:05:52.0896 0x1648  Wanarpv6 - ok
18:05:52.0927 0x1648  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:05:52.0989 0x1648  wbengine - ok
18:05:53.0021 0x1648  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:05:53.0036 0x1648  WbioSrvc - ok
18:05:53.0067 0x1648  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:05:53.0083 0x1648  wcncsvc - ok
18:05:53.0099 0x1648  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:05:53.0130 0x1648  WcsPlugInService - ok
18:05:53.0130 0x1648  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
18:05:53.0145 0x1648  Wd - ok
18:05:53.0161 0x1648  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
18:05:53.0177 0x1648  WDC_SAM - ok
18:05:53.0223 0x1648  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:05:53.0255 0x1648  Wdf01000 - ok
18:05:53.0255 0x1648  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:05:53.0348 0x1648  WdiServiceHost - ok
18:05:53.0364 0x1648  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:05:53.0395 0x1648  WdiSystemHost - ok
18:05:53.0411 0x1648  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
18:05:53.0457 0x1648  WebClient - ok
18:05:53.0473 0x1648  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:05:53.0520 0x1648  Wecsvc - ok
18:05:53.0535 0x1648  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:05:53.0567 0x1648  wercplsupport - ok
18:05:53.0567 0x1648  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:05:53.0598 0x1648  WerSvc - ok
18:05:53.0613 0x1648  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:05:53.0645 0x1648  WfpLwf - ok
18:05:53.0660 0x1648  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:05:53.0660 0x1648  WIMMount - ok
18:05:53.0691 0x1648  WinDefend - ok
18:05:53.0691 0x1648  WinHttpAutoProxySvc - ok
18:05:53.0723 0x1648  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:05:53.0754 0x1648  Winmgmt - ok
18:05:53.0847 0x1648  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
18:05:53.0925 0x1648  WinRM - ok
18:05:53.0957 0x1648  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:05:53.0972 0x1648  WinUsb - ok
18:05:54.0003 0x1648  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:05:54.0050 0x1648  Wlansvc - ok
18:05:54.0206 0x1648  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:05:54.0284 0x1648  wlidsvc - ok
18:05:54.0300 0x1648  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:05:54.0300 0x1648  WmiAcpi - ok
18:05:54.0315 0x1648  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:05:54.0331 0x1648  wmiApSrv - ok
18:05:54.0347 0x1648  WMPNetworkSvc - ok
18:05:54.0362 0x1648  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:05:54.0393 0x1648  WPCSvc - ok
18:05:54.0409 0x1648  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:05:54.0440 0x1648  WPDBusEnum - ok
18:05:54.0456 0x1648  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:05:54.0487 0x1648  ws2ifsl - ok
18:05:54.0503 0x1648  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
18:05:54.0518 0x1648  wscsvc - ok
18:05:54.0518 0x1648  WSearch - ok
18:05:54.0596 0x1648  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:05:54.0690 0x1648  wuauserv - ok
18:05:54.0705 0x1648  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:05:54.0737 0x1648  WudfPf - ok
18:05:54.0752 0x1648  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:54.0768 0x1648  WUDFRd - ok
18:05:54.0768 0x1648  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:05:54.0783 0x1648  wudfsvc - ok
18:05:54.0799 0x1648  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:05:54.0861 0x1648  WwanSvc - ok
18:05:54.0877 0x1648  ================ Scan global ===============================
18:05:54.0924 0x1648  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:05:54.0971 0x1648  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:05:54.0986 0x1648  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:05:55.0017 0x1648  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:05:55.0049 0x1648  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:05:55.0064 0x1648  [ Global ] - ok
18:05:55.0064 0x1648  ================ Scan MBR ==================================
18:05:55.0080 0x1648  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:05:55.0298 0x1648  \Device\Harddisk0\DR0 - ok
18:05:55.0329 0x1648  [ 205060F860AA1EC25B607A1B5B40A40C ] \Device\Harddisk1\DR1
18:05:55.0407 0x1648  \Device\Harddisk1\DR1 - ok
18:05:55.0407 0x1648  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
18:05:55.0875 0x1648  \Device\Harddisk2\DR2 - ok
18:05:55.0875 0x1648  [ 988D3C46CBD13EC7F482B833C55264C8 ] \Device\Harddisk3\DR3
18:05:56.0328 0x1648  \Device\Harddisk3\DR3 - ok
18:05:56.0328 0x1648  ================ Scan VBR ==================================
18:05:56.0359 0x1648  [ C07BC3BE82CA91B4832947491A4E6E31 ] \Device\Harddisk0\DR0\Partition1
18:05:56.0375 0x1648  \Device\Harddisk0\DR0\Partition1 - ok
18:05:56.0375 0x1648  [ EDB793810F8BAECAE2F9D3C0C5311652 ] \Device\Harddisk0\DR0\Partition2
18:05:56.0406 0x1648  \Device\Harddisk0\DR0\Partition2 - ok
18:05:56.0421 0x1648  [ ED28D0D8202823080428C72EEA85B213 ] \Device\Harddisk0\DR0\Partition3
18:05:56.0421 0x1648  \Device\Harddisk0\DR0\Partition3 - ok
18:05:56.0437 0x1648  [ 7604813F6EDB7C5C5A77592F1C163FE0 ] \Device\Harddisk1\DR1\Partition1
18:05:56.0437 0x1648  \Device\Harddisk1\DR1\Partition1 - ok
18:05:56.0468 0x1648  [ 887DD3C8B480381118BB555328DFF85E ] \Device\Harddisk1\DR1\Partition2
18:05:56.0468 0x1648  \Device\Harddisk1\DR1\Partition2 - ok
18:05:56.0484 0x1648  [ 81023E46A17A1940216BCDC3921122DC ] \Device\Harddisk1\DR1\Partition3
18:05:56.0484 0x1648  \Device\Harddisk1\DR1\Partition3 - ok
18:05:56.0484 0x1648  [ 60B4F8F9D84337FFBADD364A2E6A3988 ] \Device\Harddisk1\DR1\Partition4
18:05:56.0484 0x1648  \Device\Harddisk1\DR1\Partition4 - ok
18:05:56.0499 0x1648  [ 97793C6EBE782489632BE676E2C9BE30 ] \Device\Harddisk2\DR2\Partition1
18:05:56.0546 0x1648  \Device\Harddisk2\DR2\Partition1 - ok
18:05:56.0546 0x1648  [ EFB00E60BB2055492290E549E5A4574A ] \Device\Harddisk3\DR3\Partition1
18:05:56.0577 0x1648  \Device\Harddisk3\DR3\Partition1 - ok
18:05:56.0577 0x1648  ================ Scan generic autorun ======================
18:05:56.0655 0x1648  [ 320681DF28D82CDCA7E3EED0846625DB, 7F709ADFB0FE36BEC857A928E9CB29BB5B6C0BAD98824D0302C7BB7185100CB9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
18:05:56.0671 0x1648  AdobeAAMUpdater-1.0 - ok
18:05:56.0843 0x1648  [ 3D6737ADDB9B1DF81605C442ED6D2D90, 5B8D68945E1A97FD1AF40333448FE335743F48F46A70E303ADF406CC0CC253FB ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
18:05:57.0030 0x1648  HDAudDeck - detected UnsignedFile.Multi.Generic ( 1 )
18:05:59.0417 0x1648  Detect skipped due to KSN trusted
18:05:59.0417 0x1648  HDAudDeck - ok
18:05:59.0479 0x1648  [ 94D247679E0862C7FA8C5AD712E03948, B6579E5675DDEE338D5248B6A1769CFCEC72DF127A5A367980F388FE782C4748 ] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe
18:05:59.0510 0x1648  Cpu Level Up help - ok
18:05:59.0604 0x1648  [ 80F72159E0EB98A9B32FF61132C2E60D, 7F9AD5AE0C23EC5AB7DD63020897646A57CD275D325D399C35001C3DAC0B147F ] C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
18:05:59.0666 0x1648  Turbo Key - detected UnsignedFile.Multi.Generic ( 1 )
18:06:02.0069 0x1648  Detect skipped due to KSN trusted
18:06:02.0069 0x1648  Turbo Key - ok
18:06:02.0115 0x1648  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:06:02.0162 0x1648  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
18:06:02.0162 0x1648  Detect skipped due to KSN trusted
18:06:02.0162 0x1648  SwitchBoard - ok
18:06:02.0209 0x1648  [ 8FE651ACBA3344E645CFEB6286FFF6B8, ECE4DFFEB7EB0B19B6790FD0F619A5C4B23CA0BA9CC3F25924925F8EA07264B6 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
18:06:02.0256 0x1648  AdobeCS6ServiceManager - ok
18:06:02.0271 0x1648  [ C5239F47944FA3036A256DE9BDB94EB6, 3464B8B5036FA954553850A590D765D30E805818049FBF2E6C444B5FB0147BD4 ] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
18:06:02.0303 0x1648  Zboard - detected UnsignedFile.Multi.Generic ( 1 )
18:06:04.0721 0x1648  Detect skipped due to KSN trusted
18:06:04.0721 0x1648  Zboard - ok
18:06:04.0814 0x1648  [ DB3682851D0218AEC5911CD0D1D7AABE, E3186E075F788131C7E6746D035DED5E3056E20784D635D5CAEC00EF3D27CC72 ] C:\Program Files (x86)\BF2Hub Client\bf2hub.exe
18:06:04.0877 0x1648  BF2Hub Client - detected UnsignedFile.Multi.Generic ( 1 )
18:06:07.0045 0x1560  Object required for P2P: [ 320681DF28D82CDCA7E3EED0846625DB ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
18:06:07.0373 0x1648  BF2Hub Client ( UnsignedFile.Multi.Generic ) - warning
18:06:08.0964 0x0c64  Object send P2P result: false
18:06:09.0853 0x1648  [ F8A3337DE768B126B061F1B7CD38A436, F93EE8D8D7CA28658587F82C38AE6C13D51A03CFE8DE6AC3BA35DC6A1DB986CE ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
18:06:09.0869 0x1648  KiesTrayAgent - ok
18:06:09.0900 0x1648  [ ACFE2A5FBB735E6463B51D19A84B5C1E, ECCA84BD6E56C2370BBCF1EFE88F92649DF040C53D73711C5BBEF19962214119 ] C:\Program Files (x86)\Raptr\raptrstub.exe
18:06:09.0915 0x1648  Raptr - ok
18:06:10.0009 0x1648  [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
18:06:10.0040 0x1648  StartCCC - ok
18:06:10.0181 0x1648  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
18:06:10.0305 0x1648  SDTray - ok
18:06:10.0415 0x1648  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:06:10.0493 0x1648  Sidebar - ok
18:06:10.0508 0x1648  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:06:10.0524 0x1648  mctadmin - ok
18:06:10.0571 0x1648  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:06:10.0602 0x1648  Sidebar - ok
18:06:10.0617 0x1648  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:06:10.0633 0x1648  mctadmin - ok
18:06:10.0680 0x1648  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\SysWOW64\rundll32.exe
18:06:10.0695 0x1648  NextLive - ok
18:06:10.0820 0x1648  [ 3255867AE34EDD5346C750677EE63354, 3FC8E1EFF33EE83717C285D0CD388886135C5BF977B69CF6ADCFD4196139D483 ] C:\Program Files (x86)\Steam\Steam.exe
18:06:10.0898 0x1648  Steam - ok
18:06:11.0054 0x1648  [ 1BFCA8EBFBDC43B5C7C3BCF92A47DD77, EA4A4B5E4BFB31451A472A3E5F23CA163EB53B7D08C892454D6905B034ABBBF6 ] C:\Program Files (x86)\Origin\Origin.exe
18:06:11.0195 0x1648  EADM - ok
18:06:11.0257 0x1648  [ 2F85D5E63A1ECE08085D32C1B615BBFD, 7263F4E0CC7D375CBAA44406F90F427E6EC9382184B3CD62A90C0DD6B7D88372 ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
18:06:11.0304 0x1648  KiesPreload - ok
18:06:11.0304 0x1648  Waiting for KSN requests completion. In queue: 15
18:06:12.0318 0x1648  Waiting for KSN requests completion. In queue: 15
18:06:13.0332 0x1648  Waiting for KSN requests completion. In queue: 15
18:06:14.0346 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:15.0360 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:16.0374 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:17.0388 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:18.0402 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:19.0416 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:20.0430 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:21.0444 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:22.0458 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:23.0472 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:24.0486 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:25.0500 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:26.0514 0x1648  Waiting for KSN requests completion. In queue: 3
18:06:27.0060 0x1560  Object send P2P result: false
18:06:27.0543 0x1648  Win FW state via NFP2: enabled
18:06:40.0975 0x1648  ============================================================
18:06:40.0975 0x1648  Scan finished
18:06:40.0975 0x1648  ============================================================
18:06:40.0991 0x1570  Detected object count: 1
18:06:40.0991 0x1570  Actual detected object count: 1
18:06:53.0408 0x1570  BF2Hub Client ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:53.0408 0x1570  BF2Hub Client ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:06:58.0010 0x08c8  Deinitialize success
         
Zum BF2Hub:
Der BF2Hub Client ist bekanntes Tool um einen alternativen Masterserver für Battlefield2 zu kontaktieren, da die Masterserver von Electronic Arts für Battlefield 2 abgeschaltet wurden. Das Tool ist also unbedenklich.

Alt 26.02.2015, 08:02   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



Ja, der HUB intressiert mich auch nit


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.02.2015, 17:26   #14
DaWallace
 
Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



Danke!

Wurde ausgeführt:

Code:
ATTFilter
ComboFix 15-02-16.01 - Wallace 27.02.2015  17:07:17.1.4 - x64
ausgeführt von:: c:\users\Wallace\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Wallace\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\searchplugins\trovi-search.xml
c:\users\Wallace\AppData\Roaming\QmVucXSdon.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-27 bis 2015-02-27  ))))))))))))))))))))))))))))))
.
.
2015-02-23 18:56 . 2015-02-23 19:18	--------	d-----w-	C:\TDSSKiller_Quarantine
2015-02-22 18:42 . 2015-02-22 18:42	--------	d-----w-	c:\programdata\Malwarebytes
2015-02-22 18:42 . 2015-02-23 17:40	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-22 18:42 . 2015-02-22 18:57	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-22 18:41 . 2015-02-22 18:57	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-02-21 21:24 . 2015-02-21 21:49	--------	d-----w-	C:\FRST
2015-02-21 20:40 . 2015-02-23 19:08	--------	d--h--w-	c:\users\Wallace\AppData\Roaming\Contest_team
2015-02-20 23:38 . 2015-02-23 19:08	--------	d--h--w-	c:\users\Wallace\AppData\Roaming\Matter-suffer
2015-02-20 09:18 . 2013-09-20 09:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2015-02-20 09:18 . 2015-02-20 09:51	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-02-20 09:18 . 2015-02-20 09:20	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2015-02-20 09:16 . 2015-02-20 09:16	--------	d-----w-	c:\users\Wallace\AppData\Local\Steam
2015-02-18 06:54 . 2015-02-20 10:53	--------	d--h--w-	c:\users\Wallace\AppData\Roaming\Gpwzdqjjza
2015-02-16 17:48 . 2015-02-18 06:54	--------	d--h--w-	c:\users\Wallace\AppData\Roaming\Knkwzygm
2015-02-16 17:20 . 2015-02-23 19:08	--------	d--h--w-	c:\users\Wallace\AppData\Roaming\Pace-worried
2015-02-15 23:30 . 2015-02-23 19:08	--------	d--h--w-	c:\users\Wallace\AppData\Roaming\Opening-speed
2015-02-15 12:06 . 2015-02-23 19:08	--------	d--h--w-	c:\users\Wallace\AppData\Roaming\Hatinvite
2015-02-14 16:23 . 2015-02-16 17:48	--------	d--h--w-	c:\users\Wallace\AppData\Local\Hvxphis
2015-02-13 18:55 . 2015-01-23 04:42	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2015-02-13 18:55 . 2015-01-23 04:41	6041600	----a-w-	c:\windows\system32\jscript9.dll
2015-02-13 18:55 . 2015-01-23 03:43	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2015-02-13 18:55 . 2015-01-23 03:17	4300800	----a-w-	c:\windows\SysWow64\jscript9.dll
2015-02-11 18:57 . 2015-02-04 03:16	609280	----a-w-	c:\windows\system32\generaltel.dll
2015-02-11 18:56 . 2015-01-13 03:10	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-02-11 18:55 . 2015-01-14 06:09	5554112	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-02-11 18:55 . 2015-01-14 06:05	503808	----a-w-	c:\windows\system32\srcore.dll
2015-02-11 18:55 . 2015-01-14 06:05	50176	----a-w-	c:\windows\system32\srclient.dll
2015-02-11 18:55 . 2015-01-14 06:04	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-02-11 18:55 . 2015-01-14 05:44	3972544	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 18:55 . 2015-01-14 05:44	3917760	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 18:55 . 2015-01-14 05:41	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-02-11 18:55 . 2014-12-08 03:09	406528	----a-w-	c:\windows\system32\scesrv.dll
2015-02-11 18:55 . 2014-12-08 02:46	308224	----a-w-	c:\windows\SysWow64\scesrv.dll
2015-02-11 18:54 . 2015-01-09 02:03	3201536	----a-w-	c:\windows\system32\win32k.sys
2015-02-11 17:13 . 2015-02-22 18:36	--------	d-----w-	c:\programdata\rnx
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-11 19:00 . 2013-12-15 00:27	116773704	----a-w-	c:\windows\system32\MRT.exe
2015-02-07 09:45 . 2013-12-15 01:02	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-07 09:45 . 2013-12-15 01:02	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 18:44 . 2013-12-15 20:30	226680	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2015-02-04 17:08 . 2013-12-15 20:30	226680	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2015-02-04 16:42 . 2013-12-15 20:30	76152	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2014-12-31 14:37 . 2012-07-17 13:37	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-12-22 23:41 . 2010-11-21 03:27	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 14:46	210432	----a-w-	c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 14:46	141312	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 14:46	87040	----a-w-	c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 14:46	303616	----a-w-	c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 14:46	52224	----a-w-	c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 14:46	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2014-02-12 19:22 . 2014-02-12 19:22	682266	----a-w-	c:\program files (x86)\unins000.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\Wallace\AppData\Roaming\newnext.me\nengine.dll" [2013-12-15 1283584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-02-18 2874048]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2015-02-27 3631448]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-07-25 1562264]
"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-09 5015040]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-12-28 887936]
"Turbo Key"="c:\program files (x86)\ASUS\Turbo Key\TurboKey.exe" [2009-11-24 1874432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
"BF2Hub Client"="c:\program files (x86)\BF2Hub Client\bf2hub.exe" [2014-07-17 1521664]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-07-25 311616]
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2015-01-30 55568]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\users\Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Wallace\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ASUS Update Checker"=c:\program files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys;c:\windows\SYSNATIVE\DRIVERS\camfilt2.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioLegacyKeyboard_DFU.sys [x]
R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioLegacyKeyboard.sys [x]
R3 OM0530;EyeToy USB Camera (for PlayStation 2);c:\windows\system32\Drivers\ov530vx.sys;c:\windows\SYSNATIVE\Drivers\ov530vx.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\programdata\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe;c:\programdata\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe [x]
S2 OxygenAudioDevMon;Oxygen Audio Device Monitor;c:\program files (x86)\M-Audio\Oxygen\AudioDevMon.exe;c:\program files (x86)\M-Audio\Oxygen\AudioDevMon.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-15 09:45]
.
2015-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-06 11:14]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-06 11:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.ftp - 182.239.95.137
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 182.239.95.137
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 182.239.95.137
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 182.239.95.137
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-openinglimited - c:\users\Wallace\AppData\Roaming\Opening-speed\opening_pause.exe
Wow6432Node-HKCU-Run-pace-egg - c:\users\Wallace\AppData\Roaming\Pace-worried\paceoccasion.exe
Wow6432Node-HKCU-Run-matter-visit - c:\users\Wallace\AppData\Roaming\Matter-suffer\matter_slide.exe
Wow6432Node-HKCU-Run-hat-date - c:\users\Wallace\AppData\Roaming\Hatinvite\hat_retire.exe
Wow6432Node-HKCU-Run-contest-compare - c:\users\Wallace\AppData\Roaming\Contest_team\contest_interview.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-13839963.sys
SafeBoot-46463773.sys
SafeBoot-78707057.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-5513-1208-7298-9440 - c:\program files (x86)\JDownloader\JDUninstall.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\BFH Beta 2\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@DACL=(02 0000)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
"BuildNumber"=dword:00001db1
"FirstLogon"=dword:00000000
"ParseAutoexec"="1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-27  17:22:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-27 16:22
.
Vor Suchlauf: 10 Verzeichnis(se), 38.703.734.784 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 38.302.113.792 Bytes frei
.
- - End Of File - - DBB344F2579D40B7AF83C5CC0D6752C1
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 28.02.2015, 10:34   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Angeblich nymaim Trojaner eingefangen - Standard

Angeblich nymaim Trojaner eingefangen



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Angeblich nymaim Trojaner eingefangen
angeblich, checken, eingefangen, feedback, fehlermeldungen, fenster, freundlich, gefangen, gefunde, gelöscht, gesperrt, neustart, programm, refresh, safer networking, schaden, spybot, systems, trojan-spy.win32.zbot.gen, trojaner, trojaner eingefangen, uds:dangerousobject.multi.generic, uplay, öffnet



Ähnliche Themen: Angeblich nymaim Trojaner eingefangen


  1. Windows 7: Trojaner Nymaim
    Log-Analyse und Auswertung - 18.02.2015 (22)
  2. Win7: TrojanDownloader:Win32/Nymaim.C
    Plagegeister aller Art und deren Bekämpfung - 04.05.2014 (23)
  3. AVG-Erkennung angeblich zwei Trojaner: Generic29.CJJX ??
    Plagegeister aller Art und deren Bekämpfung - 14.01.2014 (5)
  4. Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 01.08.2013 (27)
  5. Evtl. Trojaner - grauer Bildschirm, angeblich Copyright Infringement
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (3)
  6. Laptop sperre angeblich Gema/Trojaner
    Log-Analyse und Auswertung - 07.08.2012 (2)
  7. Meine Website versendet angeblich einen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (1)
  8. BKA - Trojaner - Vista angeblich nicht orginal
    Plagegeister aller Art und deren Bekämpfung - 14.08.2011 (13)
  9. Trojaner.FakeAlert wurde angeblich schon gelöscht
    Plagegeister aller Art und deren Bekämpfung - 21.02.2011 (9)
  10. Onlinebanking Zugang gesperrt! Angeblich: Trojaner GOZI!
    Plagegeister aller Art und deren Bekämpfung - 18.11.2010 (10)
  11. Bank sperrt Online Banking angeblich Trojaner
    Log-Analyse und Auswertung - 10.10.2010 (3)
  12. Trojaner (angeblich) gelöscht - System sauber?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (12)
  13. angeblich 2 trojaner und 4 mal iloveyou virus
    Plagegeister aller Art und deren Bekämpfung - 25.08.2009 (5)
  14. angeblich Trojaner in Acer Arcade Game
    Log-Analyse und Auswertung - 17.12.2008 (0)
  15. Habe angeblich einen Trojaner in der Registry, bitte um Hilfe !
    Log-Analyse und Auswertung - 13.12.2006 (3)
  16. HILFE!: Habe mir irgendwas über e-mail die angeblich von der Telekom war eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 03.10.2006 (15)

Zum Thema Angeblich nymaim Trojaner eingefangen - Hallo zusammen. Also ich hatte vor zwei Tagen einen Betrugsversuch beim Online-Banking. Mein Online-Banking wurde jetzt erst mal gesperrt und die Bank ist dem Betrug nachgegangen und schrieb mir, dass - Angeblich nymaim Trojaner eingefangen...
Archiv
Du betrachtest: Angeblich nymaim Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.