Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: DHL-Trojaner-EMail mit PDF-Anhang geöffnet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.05.2015, 12:50   #1
rrm7
 
DHL-Trojaner-EMail mit PDF-Anhang geöffnet - Standard

DHL-Trojaner-EMail mit PDF-Anhang geöffnet



Hallo,

ich habe gestern eine DHL-Trojaner-Mail bekommen und den PDF-Anhang zur E-Mail geöffnet.
Ich bin mir allerdings nicht mehr sicher, ob die PDF-Datei einen Link beinhaltete oder nicht bzw. ob ich den auch angeklickt habe.
Mein Kaspersky Anti-Virus-Scan hat nichts gefunden. Dasselbe gilt für Kaspersky TDSSKilleer und Mbar, die ich mir dann schnell runtergeladen habe.
Aus den Logs (gmer, defogger, frst) werde ich auch nicht schlau.

Trotzdessen bleiben Zweifel, ob alles in Ordnung ist bzw. ob sich der Trojaner-Virus dennoch in mein System eingeschlichen hat.
Ich bin ein Laie und würde mich über eure Hilfe freuen.

Vielen Dank im Voraus.

Alt 14.05.2015, 13:03   #2
schrauber
/// the machine
/// TB-Ausbilder
 

DHL-Trojaner-EMail mit PDF-Anhang geöffnet - Standard

DHL-Trojaner-EMail mit PDF-Anhang geöffnet



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 14.05.2015, 15:11   #3
rrm7
 
DHL-Trojaner-EMail mit PDF-Anhang geöffnet - Standard

DHL-Trojaner-EMail mit PDF-Anhang geöffnet



Hallo,

danke für die schnelle Rückmeldung.

Das Systemtyp von meinem PC ist 64-Bit. Die 64-Version von FRST, die ich vorhin runtergeladen habe, passt also?!

Anbei die beiden Logs von FRST64:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 01
Ran by nomad81 (administrator) on XYZ on 14-05-2015 14:55:41
Running from C:\Users\nomad81\Desktop
Loaded Profiles: nomad81 (Available profiles: nomad81)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-12] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-18] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
Startup: C:\Users\nomad81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2014-03-23]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\nomad81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_59536739.lnk [2014-04-19]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-836943027-871465299-3026659436-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-836943027-871465299-3026659436-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-836943027-871465299-3026659436-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {FB61FD3C-B82B-450B-BAD1-3867AC51D0A1} URL = 
SearchScopes: HKU\.DEFAULT -> {FB61FD3C-B82B-450B-BAD1-3867AC51D0A1} URL = 
SearchScopes: HKU\S-1-5-21-836943027-871465299-3026659436-1002 -> DefaultScope {FB61FD3C-B82B-450B-BAD1-3867AC51D0A1} URL = 
SearchScopes: HKU\S-1-5-21-836943027-871465299-3026659436-1002 -> {FB61FD3C-B82B-450B-BAD1-3867AC51D0A1} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-03-23] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-19] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-03-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-23] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-19] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-03-23] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-03-23] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\nomad81\AppData\Roaming\Mozilla\Firefox\Profiles\qdbp4eny.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-19] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-19] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-19] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-23] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF user.js: detected! => C:\Users\nomad81\AppData\Roaming\Mozilla\Firefox\Profiles\qdbp4eny.default\user.js [2015-02-23]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-21]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [131312 2015-03-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-19] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 59536739; C:\Windows\system32\DRIVERS\59536739.sys [460888 2014-04-19] (Kaspersky Lab ZAO)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253680 2015-03-19] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-19] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3497240 2015-03-23] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 Tosrfcom; No ImagePath
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U3 uxldipow; \??\C:\Users\nomad81\AppData\Local\Temp\uxldipow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 14:55 - 2015-05-14 14:56 - 00019357 _____ () C:\Users\nomad81\Desktop\FRST.txt.txt
2015-05-14 11:49 - 2015-05-14 11:49 - 00370971 _____ () C:\Users\nomad81\Desktop\gmer_2.1.19355.zip
2015-05-14 11:45 - 2015-05-14 11:45 - 00000000 ____D () C:\Users\nomad81\Desktop\FRST-OlderVersion
2015-05-14 11:42 - 2015-05-14 11:42 - 00050477 _____ () C:\Users\nomad81\Desktop\Defogger.exe
2015-05-14 11:42 - 2015-05-14 11:42 - 00000000 _____ () C:\Users\nomad81\defogger_reenable
2015-05-14 10:48 - 2015-05-14 14:55 - 00000000 ____D () C:\FRST
2015-05-14 10:47 - 2015-05-14 11:45 - 02105856 _____ (Farbar) C:\Users\nomad81\Desktop\FRST64.exe
2015-05-14 10:23 - 2015-05-14 10:23 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\nomad81\Desktop\tdsskiller.exe
2015-05-14 10:16 - 2015-05-14 10:16 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-14 10:16 - 2015-05-14 10:16 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-14 10:16 - 2015-05-14 10:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-14 10:16 - 2015-05-14 10:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 10:16 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 10:16 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:39 - 2015-05-14 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-13 23:39 - 2015-05-14 11:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-13 23:39 - 2015-05-13 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-13 23:36 - 2015-05-14 11:01 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-13 23:35 - 2015-05-14 11:30 - 00000000 ____D () C:\Users\nomad81\Desktop\mbar
2015-05-13 23:32 - 2015-05-13 23:33 - 16502728 _____ (Malwarebytes Corp.) C:\Users\nomad81\Desktop\mbar-1.09.1.1004.exe
2015-05-13 22:30 - 2015-05-13 22:30 - 00000000 ____D () C:\KVRT_Data
2015-05-13 22:21 - 2015-05-13 22:29 - 110613848 _____ (Kaspersky Lab ZAO) C:\Users\nomad81\Desktop\KVRT.exe
2015-05-13 08:06 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 08:06 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 08:06 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 08:06 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 08:06 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 08:05 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 08:05 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 08:05 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 08:05 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 08:05 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 08:05 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 08:05 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 08:05 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 08:05 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 08:05 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 08:05 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 08:05 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 08:05 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 08:05 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 08:05 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 08:05 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 08:05 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 08:05 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 08:05 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 08:05 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 08:05 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 08:05 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 08:05 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 08:05 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 08:05 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 08:05 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 08:05 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 08:05 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 08:05 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 08:05 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 08:05 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 08:05 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 08:05 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 08:05 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 08:05 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 08:05 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 08:05 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 08:05 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 08:05 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 08:05 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 08:05 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 08:05 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 08:05 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 08:05 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 08:05 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 07:59 - 2015-05-13 07:59 - 00000000 ___RD () C:\Users\nomad81\OneDrive
2015-05-01 13:32 - 2015-05-01 13:32 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-05-01 13:32 - 2015-05-01 13:32 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-04-14 22:33 - 2015-04-14 22:33 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-14 21:17 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 21:17 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 21:17 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-14 21:17 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 21:17 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-14 21:17 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-14 21:17 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 21:17 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 21:17 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-14 21:17 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-14 21:17 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-14 21:17 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-14 21:17 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-14 21:17 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-14 21:17 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-14 21:17 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-14 21:17 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-14 21:16 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 21:16 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 21:16 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 21:16 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 21:16 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 21:16 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 21:16 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 21:16 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 21:16 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 21:16 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 21:16 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 21:16 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 21:16 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 21:16 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 21:16 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 21:16 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 21:16 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-14 21:16 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-14 21:16 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 21:16 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 21:16 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 21:16 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 21:16 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 21:16 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 21:16 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 21:16 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-14 21:16 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 21:16 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 21:16 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 21:16 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 14:46 - 2014-03-14 22:20 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-836943027-871465299-3026659436-1002
2015-05-14 14:42 - 2013-12-25 02:17 - 01915166 _____ () C:\Windows\WindowsUpdate.log
2015-05-14 14:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-14 13:47 - 2014-08-21 21:17 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-14 13:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-14 12:02 - 2014-01-21 21:56 - 00380416 _____ () C:\Users\nomad81\Desktop\gmer.exe
2015-05-14 11:42 - 2014-03-14 22:14 - 00000000 ____D () C:\Users\nomad81
2015-05-14 11:42 - 2013-11-24 21:37 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 11:42 - 2013-08-28 11:59 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-05-14 11:42 - 2013-08-28 11:59 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-05-14 11:35 - 2013-08-22 16:46 - 00020752 _____ () C:\Windows\setupact.log
2015-05-14 11:35 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 11:35 - 2013-08-22 16:44 - 00372760 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 11:32 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-14 11:30 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 10:19 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-14 10:10 - 2013-08-22 21:11 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 07:59 - 2014-03-23 21:04 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-836943027-871465299-3026659436-1002
2015-05-05 19:59 - 2015-03-12 21:43 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2015-03-12 21:43 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 13:34 - 2013-12-25 02:22 - 00085358 _____ () C:\Windows\DPINST.LOG
2015-05-01 13:34 - 2013-12-25 02:09 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-05-01 13:33 - 2013-12-25 02:27 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-01 13:33 - 2013-12-25 02:12 - 00000000 ____D () C:\ProgramData\Intel
2015-05-01 13:31 - 2013-12-25 02:12 - 00000000 ____D () C:\Program Files\Intel
2015-04-16 20:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-15 21:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-14 22:33 - 2015-03-11 23:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-14 21:25 - 2014-03-15 13:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 21:23 - 2014-03-15 13:01 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 21:16 - 2014-11-11 21:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll

Some content of TEMP:
====================
C:\Users\nomad81\AppData\Local\Temp\avira-eu-cleaner_de.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 21:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 01
Ran by nomad81 at 2015-05-14 14:56:17
Running from C:\Users\nomad81\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-836943027-871465299-3026659436-500 - Administrator - Disabled)
Gast (S-1-5-21-836943027-871465299-3026659436-501 - Limited - Disabled)
nomad81 (S-1-5-21-836943027-871465299-3026659436-1002 - Administrator - Enabled) => C:\Users\nomad81

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Canon CanoScan LiDE 120 On-screen Manual (HKLM-x32\...\Canon CanoScan LiDE 120 On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.11.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
CanoScan LiDE 120 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2415) (Version: 1.00 - Canon Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Evernote (HKLM-x32\...\Evernote) (Version: 1.0.0 - Evernote Launcher by Toshiba Europe GmbH)
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{182D4D1C-F9C5-4758-9B8C-157655C9F29B}) (Version: 17.1.1512.0771 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-836943027-871465299-3026659436-1002\...\OneDriveSetup.exe) (Version: 17.3.5849.0427 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 38.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 de)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Addendum (HKLM-x32\...\{C1569944-FAD6-4B3B-85E5-C213C2FF8EFC}) (Version: 1.00 - TOSHIBA)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{5F6AC07E-50EF-422E-B56E-6521E5B35139}) (Version: 1.1.12.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.346 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.00.6403 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-836943027-871465299-3026659436-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\nomad81\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-04-2015 19:18:46 Geplanter Prüfpunkt
01-05-2015 13:29:54 Intel® PROSet/Wireless Software
09-05-2015 16:16:28 Geplanter Prüfpunkt
14-05-2015 10:08:12 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0891751A-931E-416C-8A8B-6D582BF72D60} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {20C7A75C-5892-491E-A7EA-5107FFE81D9E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-14] (Microsoft Corporation)
Task: {4B7FBCC2-E3FF-406C-9966-6BCC7F8ADACD} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {4C051551-F4EA-4577-AC78-3A63521C4E47} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {574E0C2D-9361-4C88-9204-359ECDB885B2} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {5782365D-293A-4CBD-A951-A766A8CC2034} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {9EB471E0-9ED9-4EEC-A252-41E72DA1FF3D} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-07-19] (Toshiba Europe GmbH)
Task: {CC0CBF5D-461C-4EF2-A0B4-4863B49C57ED} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-03-01] (Microsoft Corporation)
Task: {CF644552-11BF-4D33-9350-541420CD0838} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D8616EA8-60E3-4711-8FBC-C93503051686} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-836943027-871465299-3026659436-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {E6AB9120-FECB-4102-9143-E2A79B60F88B} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-09] (TOSHIBA Corporation)

==================== Loaded Modules (whitelisted) ==============

2013-03-27 22:53 - 2013-03-27 22:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2006-12-04 02:26 - 2006-12-04 02:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2014-03-23 20:35 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-23 20:29 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-09-10 22:54 - 2013-09-10 22:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-12-25 02:17 - 2015-03-13 21:41 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-25 02:18 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2013-12-25 02:11 - 2013-09-04 02:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-12-25 02:17 - 2015-03-13 21:41 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2014-10-19 11:57 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-836943027-871465299-3026659436-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\nomad81\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "ThpSrv"
HKLM\...\StartupApproved\Run: => "TSSSrv"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run32: => "1.TPUReg"
HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run32: => "TSVU"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKU\S-1-5-21-836943027-871465299-3026659436-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{496633AD-07C0-404F-B6EC-480A49D04472}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{6F0BD13C-ACD8-4E64-90CE-2E0630AC0946}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{3AE7B92F-82FA-4408-94AD-F61F450695FE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C7E3F35B-6D2A-4436-BBA1-82BDC3FA6836}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{A0B41725-DAD4-4458-BB09-8A497E1F0459}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{53204D9B-1C62-42EF-BBDB-76FBE3F39793}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4597135B-D778-4A31-9406-84B8627B10DF}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{2887DEEB-6BDD-4CC2-9BDA-1E6A703776AA}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{85CA0095-B634-4F37-8155-5E692EBB0DE9}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{289E88DA-91A3-4EB2-9F1A-553749A93F81}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{A52AB26A-643D-42C1-9941-2C367DEB7B10}] => (Allow) C:\Users\nomad81\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{0976D828-ED81-410C-8647-DD25351FEC99}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CEFE0D73-D595-4491-BDDC-B38BB0397E1B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E091EA80-9C58-4217-BB93-CE18788BEEB3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4612757D-925A-437F-9413-9BB4B10ADC4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A1EC9AFA-DB72-4676-AA7F-1396C3C0E698}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5B95D7BE-7F02-4863-B134-74E3A7663D83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{05931F80-16B4-4BC2-8891-B42DECCB13B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D86FB50D-7278-4535-B611-ED43A45C8C3A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2015 10:26:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: tdsskiller.exe, Version: 3.0.0.44, Zeitstempel: 0x54c08a45
Name des fehlerhaften Moduls: tdsskiller.exe, Version: 3.0.0.44, Zeitstempel: 0x54c08a45
Ausnahmecode: 0x40000015
Fehleroffset: 0x0014348c
ID des fehlerhaften Prozesses: 0x1008
Startzeit der fehlerhaften Anwendung: 0xtdsskiller.exe0
Pfad der fehlerhaften Anwendung: tdsskiller.exe1
Pfad des fehlerhaften Moduls: tdsskiller.exe2
Berichtskennung: tdsskiller.exe3
Vollständiger Name des fehlerhaften Pakets: tdsskiller.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: tdsskiller.exe5

Error: (05/14/2015 10:06:33 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (05/01/2015 01:31:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "select * from CIntelWLANEvent" konnte im Namespace "//./ROOT/default" aufgrund des Fehlers "0x80041010" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (04/03/2015 11:17:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.5.0.0, Zeitstempel: 0x52179ea0
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.5.0.0, Zeitstempel: 0x52179d03
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0xaec
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5

Error: (03/28/2015 10:30:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GFExperience.exe, Version: 17.12.8.0, Zeitstempel: 0x54b8aef5
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001eef7
ID des fehlerhaften Prozesses: 0x10a4
Startzeit der fehlerhaften Anwendung: 0xGFExperience.exe0
Pfad der fehlerhaften Anwendung: GFExperience.exe1
Pfad des fehlerhaften Moduls: GFExperience.exe2
Berichtskennung: GFExperience.exe3
Vollständiger Name des fehlerhaften Pakets: GFExperience.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GFExperience.exe5

Error: (03/28/2015 10:30:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: GFExperience.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.AccessViolationException
Stapel:
   bei System.Runtime.Interop.UnsafeNativeMethods.EventUnregister(Int64)
   bei System.Runtime.Diagnostics.DiagnosticsEventProvider.Deregister()
   bei System.Runtime.Diagnostics.DiagnosticsEventProvider.Dispose(Boolean)
   bei System.Runtime.Diagnostics.DiagnosticsEventProvider.Finalize()

Error: (03/19/2015 11:45:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: xyz)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/12/2015 09:43:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "ProtectionManagement" wurde versucht, die Abfrage "select * from MSFT_MpEvent" zu registrieren, deren Zielklasse "MSFT_MpEvent" im Namespace "//./root/microsoft/protectionManagement" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (03/12/2015 09:43:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_MpEvent" zu registrieren, deren Zielklasse "MSFT_MpEvent" im Namespace "//./root/microsoft/protectionManagement" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (02/23/2015 10:33:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: sc.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215e1de
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec4a0
ID des fehlerhaften Prozesses: 0x4774
Startzeit der fehlerhaften Anwendung: 0xsc.exe0
Pfad der fehlerhaften Anwendung: sc.exe1
Pfad des fehlerhaften Moduls: sc.exe2
Berichtskennung: sc.exe3
Vollständiger Name des fehlerhaften Pakets: sc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: sc.exe5


System errors:
=============
Error: (05/14/2015 00:23:52 PM) (Source: DCOM) (EventID: 10010) (User: xyz)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/14/2015 11:30:21 AM) (Source: DCOM) (EventID: 10010) (User: xyz)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/14/2015 00:57:09 AM) (Source: DCOM) (EventID: 10010) (User: xyz)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/14/2015 00:57:09 AM) (Source: DCOM) (EventID: 10010) (User: xyz)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/14/2015 00:57:09 AM) (Source: DCOM) (EventID: 10010) (User: xyz)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/14/2015 00:57:07 AM) (Source: DCOM) (EventID: 10010) (User: xyz)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/12/2015 09:23:39 PM) (Source: DCOM) (EventID: 10010) (User: xyz)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/12/2015 09:23:09 PM) (Source: DCOM) (EventID: 10010) (User: xyz)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/11/2015 09:19:30 PM) (Source: DCOM) (EventID: 10010) (User: xyz)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/11/2015 09:19:00 PM) (Source: DCOM) (EventID: 10010) (User: xyz)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================
Error: (05/14/2015 10:26:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: tdsskiller.exe3.0.0.4454c08a45tdsskiller.exe3.0.0.4454c08a45400000150014348c100801d08e1f5bc4b278C:\Users\nomad81\Desktop\tdsskiller.exeC:\Users\nomad81\Desktop\tdsskiller.exee0241487-fa12-11e4-8299-a08869037590

Error: (05/14/2015 10:06:33 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (05/01/2015 01:31:53 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./ROOT/defaultselect * from CIntelWLANEvent0x80041010

Error: (04/03/2015 11:17:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.5.0.052179ea0MurocApi.dll16.5.0.052179d03c0000005000000000002bcd8aec01d06dee9f8b0745C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll3f59a177-d9e2-11e4-8295-0c54a5f2d6a9

Error: (03/28/2015 10:30:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GFExperience.exe17.12.8.054b8aef5ntdll.dll6.3.9600.1766854c846bbc00000050001eef710a401d0698518489b34C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exeC:\Windows\SYSTEM32\ntdll.dll3c7b1c49-d589-11e4-8294-a08869037590

Error: (03/28/2015 10:30:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: GFExperience.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.AccessViolationException
Stapel:
   bei System.Runtime.Interop.UnsafeNativeMethods.EventUnregister(Int64)
   bei System.Runtime.Diagnostics.DiagnosticsEventProvider.Deregister()
   bei System.Runtime.Diagnostics.DiagnosticsEventProvider.Dispose(Boolean)
   bei System.Runtime.Diagnostics.DiagnosticsEventProvider.Finalize()

Error: (03/19/2015 11:45:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: xyz)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (03/12/2015 09:43:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

Error: (03/12/2015 09:43:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

Error: (02/23/2015 10:33:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sc.exe6.3.9600.163845215e1deKERNELBASE.dll6.3.9600.1763054b0e17ac000014200000000000ec4a0477401d04fa7f60e55e8C:\Windows\system32\sc.exeKERNELBASE.dll33bffb53-bb9b-11e4-8290-a08869037590


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 8103.95 MB
Available physical RAM: 5922.77 MB
Total Pagefile: 9383.95 MB
Available Pagefile: 7102.25 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (TI31252400A) (Fixed) (Total:919.71 GB) (Free:882.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 14.05.2015, 21:54   #4
schrauber
/// the machine
/// TB-Ausbilder
 

DHL-Trojaner-EMail mit PDF-Anhang geöffnet - Standard

DHL-Trojaner-EMail mit PDF-Anhang geöffnet



genau


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.05.2015, 14:18   #5
rrm7
 
DHL-Trojaner-EMail mit PDF-Anhang geöffnet - Standard

DHL-Trojaner-EMail mit PDF-Anhang geöffnet



Hallo,

anbei die angeforderten Logs

TDSS

Code:
ATTFilter
13:47:39.0399 0x12ec  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:47:39.0399 0x12ec  UEFI system
13:47:42.0336 0x12ec  ============================================================
13:47:42.0336 0x12ec  Current date / time: 2015/05/15 13:47:42.0336
13:47:42.0336 0x12ec  SystemInfo:
13:47:42.0336 0x12ec  
13:47:42.0336 0x12ec  OS Version: 6.3.9600 ServicePack: 0.0
13:47:42.0336 0x12ec  Product type: Workstation
13:47:42.0336 0x12ec  ComputerName: XYZ
13:47:42.0336 0x12ec  UserName: ***
13:47:42.0336 0x12ec  Windows directory: C:\Windows
13:47:42.0336 0x12ec  System windows directory: C:\Windows
13:47:42.0336 0x12ec  Running under WOW64
13:47:42.0336 0x12ec  Processor architecture: Intel x64
13:47:42.0336 0x12ec  Number of processors: 8
13:47:42.0336 0x12ec  Page size: 0x1000
13:47:42.0336 0x12ec  Boot type: Normal boot
13:47:42.0336 0x12ec  ============================================================
13:47:42.0568 0x12ec  System UUID: {28A0D665-0AC1-297E-120D-068C282CEFD5}
13:47:43.0099 0x12ec  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:47:43.0099 0x12ec  ============================================================
13:47:43.0099 0x12ec  \Device\Harddisk0\DR0:
13:47:43.0130 0x12ec  GPT partitions:
13:47:43.0130 0x12ec  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {778E6269-6364-11E3-9FAA-0C54A54D3E5A}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x200000
13:47:43.0130 0x12ec  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {778E626F-6364-11E3-9FAA-0C54A54D3E5A}, Name: Basic data partition, StartLBA 0x200800, BlocksNum 0x32000
13:47:43.0130 0x12ec  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {778E6271-6364-11E3-9FAA-0C54A54D3E5A}, Name: Basic data partition, StartLBA 0x232800, BlocksNum 0x40000
13:47:43.0130 0x12ec  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {778E6277-6364-11E3-9FAA-0C54A54D3E5A}, Name: Basic data partition, StartLBA 0x272800, BlocksNum 0x72F69800
13:47:43.0130 0x12ec  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {FCCF060D-6D01-11E3-976A-0C54A5F2D6A9}, Name: Basic data partition, StartLBA 0x731DC000, BlocksNum 0x152AAFB
13:47:43.0130 0x12ec  MBR partitions:
13:47:43.0130 0x12ec  ============================================================
13:47:43.0177 0x12ec  C: <-> \Device\Harddisk0\DR0\Partition4
13:47:43.0177 0x12ec  ============================================================
13:47:43.0177 0x12ec  Initialize success
13:47:43.0177 0x12ec  ============================================================
13:47:54.0482 0x0bb4  ============================================================
13:47:54.0482 0x0bb4  Scan started
13:47:54.0482 0x0bb4  Mode: Manual; SigCheck; TDLFS; 
13:47:54.0482 0x0bb4  ============================================================
13:47:54.0482 0x0bb4  KSN ping started
13:47:57.0026 0x0bb4  KSN ping finished: true
13:47:57.0967 0x0bb4  ================ Scan system memory ========================
13:47:57.0967 0x0bb4  System memory - ok
13:47:57.0967 0x0bb4  ================ Scan services =============================
13:47:58.0155 0x0bb4  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
13:47:58.0233 0x0bb4  1394ohci - ok
13:47:58.0249 0x0bb4  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
13:47:58.0264 0x0bb4  3ware - ok
13:47:58.0296 0x0bb4  [ E656FE10D6D27794AFA08136685A69E8, 2D38603B546235B555978340A63E052D06CA7E7EF117CF148F9A002D423B2949 ] 59536739        C:\Windows\system32\DRIVERS\59536739.sys
13:47:58.0311 0x0bb4  59536739 - ok
13:47:58.0389 0x0bb4  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:47:58.0421 0x0bb4  ACPI - ok
13:47:58.0436 0x0bb4  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
13:47:58.0436 0x0bb4  acpiex - ok
13:47:58.0452 0x0bb4  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
13:47:58.0467 0x0bb4  acpipagr - ok
13:47:58.0483 0x0bb4  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
13:47:58.0483 0x0bb4  AcpiPmi - ok
13:47:58.0499 0x0bb4  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
13:47:58.0514 0x0bb4  acpitime - ok
13:47:58.0625 0x0bb4  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:47:58.0656 0x0bb4  AdobeFlashPlayerUpdateSvc - ok
13:47:58.0720 0x0bb4  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
13:47:58.0767 0x0bb4  ADP80XX - ok
13:47:58.0778 0x0bb4  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:47:58.0794 0x0bb4  AeLookupSvc - ok
13:47:58.0825 0x0bb4  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\Windows\system32\drivers\afd.sys
13:47:58.0856 0x0bb4  AFD - ok
13:47:58.0856 0x0bb4  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:47:58.0872 0x0bb4  agp440 - ok
13:47:58.0888 0x0bb4  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
13:47:58.0934 0x0bb4  ahcache - ok
13:47:58.0950 0x0bb4  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\Windows\System32\alg.exe
13:47:58.0981 0x0bb4  ALG - ok
13:47:59.0013 0x0bb4  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
13:47:59.0044 0x0bb4  AmdK8 - ok
13:47:59.0075 0x0bb4  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
13:47:59.0091 0x0bb4  AmdPPM - ok
13:47:59.0122 0x0bb4  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:47:59.0137 0x0bb4  amdsata - ok
13:47:59.0169 0x0bb4  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:47:59.0200 0x0bb4  amdsbs - ok
13:47:59.0216 0x0bb4  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:47:59.0231 0x0bb4  amdxata - ok
13:47:59.0262 0x0bb4  [ 4126D30992B26303E47E8981313FD6D6, 4C8DB2DDDB88FBEA87CDBFB93D9855B40043778878AF4A5571C174434F9C0D4C ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
13:47:59.0262 0x0bb4  AmUStor - ok
13:47:59.0294 0x0bb4  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\Windows\system32\drivers\appid.sys
13:47:59.0325 0x0bb4  AppID - ok
13:47:59.0341 0x0bb4  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:47:59.0356 0x0bb4  AppIDSvc - ok
13:47:59.0387 0x0bb4  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\Windows\System32\appinfo.dll
13:47:59.0403 0x0bb4  Appinfo - ok
13:47:59.0450 0x0bb4  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
13:47:59.0466 0x0bb4  AppReadiness - ok
13:47:59.0528 0x0bb4  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
13:47:59.0559 0x0bb4  AppXSvc - ok
13:47:59.0591 0x0bb4  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:47:59.0606 0x0bb4  arcsas - ok
13:47:59.0622 0x0bb4  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:47:59.0622 0x0bb4  atapi - ok
13:47:59.0653 0x0bb4  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
13:47:59.0669 0x0bb4  AudioEndpointBuilder - ok
13:47:59.0731 0x0bb4  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:47:59.0762 0x0bb4  Audiosrv - ok
13:47:59.0825 0x0bb4  [ 058734C95991F6BEBF3D3075B8776234, D94A0E5893723C0F30D8215F001039AE9D903BF8EC3782D9583DEFD9B304B0CA ] AVP15.0.0       C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
13:47:59.0872 0x0bb4  AVP15.0.0 - ok
13:47:59.0903 0x0bb4  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:47:59.0935 0x0bb4  AxInstSV - ok
13:47:59.0982 0x0bb4  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:48:00.0013 0x0bb4  b06bdrv - ok
13:48:00.0044 0x0bb4  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
13:48:00.0044 0x0bb4  BasicDisplay - ok
13:48:00.0075 0x0bb4  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
13:48:00.0091 0x0bb4  BasicRender - ok
13:48:00.0107 0x0bb4  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
13:48:00.0107 0x0bb4  bcmfn2 - ok
13:48:00.0153 0x0bb4  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\Windows\System32\bdesvc.dll
13:48:00.0185 0x0bb4  BDESVC - ok
13:48:00.0216 0x0bb4  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
13:48:00.0216 0x0bb4  Beep - ok
13:48:00.0294 0x0bb4  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\Windows\System32\bfe.dll
13:48:00.0325 0x0bb4  BFE - ok
13:48:00.0364 0x0bb4  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
13:48:00.0395 0x0bb4  BITS - ok
13:48:00.0411 0x0bb4  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:48:00.0411 0x0bb4  bowser - ok
13:48:00.0442 0x0bb4  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
13:48:00.0442 0x0bb4  BrokerInfrastructure - ok
13:48:00.0457 0x0bb4  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\Windows\System32\browser.dll
13:48:00.0473 0x0bb4  Browser - ok
13:48:00.0489 0x0bb4  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
13:48:00.0504 0x0bb4  BthAvrcpTg - ok
13:48:00.0520 0x0bb4  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
13:48:00.0536 0x0bb4  BthEnum - ok
13:48:00.0551 0x0bb4  [ 67343511D80BF3D6D9EEDB5BA8D0B06B, 28436B2E62762686C4FF4FA3F9E7ABB56DA9D6884B6C924ACC544161400593DD ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
13:48:00.0567 0x0bb4  BthHFEnum - ok
13:48:00.0582 0x0bb4  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
13:48:00.0582 0x0bb4  bthhfhid - ok
13:48:00.0614 0x0bb4  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
13:48:00.0629 0x0bb4  BthHFSrv - ok
13:48:00.0676 0x0bb4  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\Windows\System32\drivers\BthLEEnum.sys
13:48:00.0676 0x0bb4  BthLEEnum - ok
13:48:00.0707 0x0bb4  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
13:48:00.0707 0x0bb4  BTHMODEM - ok
13:48:00.0754 0x0bb4  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\Windows\System32\drivers\bthpan.sys
13:48:00.0786 0x0bb4  BthPan - ok
13:48:00.0848 0x0bb4  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
13:48:00.0947 0x0bb4  BTHPORT - ok
13:48:00.0978 0x0bb4  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\Windows\system32\bthserv.dll
13:48:01.0119 0x0bb4  bthserv - ok
13:48:01.0150 0x0bb4  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
13:48:01.0197 0x0bb4  BTHUSB - ok
13:48:01.0212 0x0bb4  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:48:01.0306 0x0bb4  cdfs - ok
13:48:01.0353 0x0bb4  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
13:48:01.0416 0x0bb4  cdrom - ok
13:48:01.0447 0x0bb4  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:48:01.0525 0x0bb4  CertPropSvc - ok
13:48:01.0541 0x0bb4  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
13:48:01.0572 0x0bb4  circlass - ok
13:48:01.0619 0x0bb4  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
13:48:01.0666 0x0bb4  CLFS - ok
13:48:01.0837 0x0bb4  [ 03F5F6B3FA0BACD7D385C5CE6D309F7A, 068CC6DBF3A9BB5AB59C3DA913BA198D160F32717F8E8D09ABCFC2FF405A09B4 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
13:48:01.0884 0x0bb4  ClickToRunSvc - ok
13:48:01.0916 0x0bb4  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
13:48:01.0994 0x0bb4  CmBatt - ok
13:48:02.0056 0x0bb4  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\Windows\system32\Drivers\cng.sys
13:48:02.0103 0x0bb4  CNG - ok
13:48:02.0119 0x0bb4  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
13:48:02.0150 0x0bb4  CompositeBus - ok
13:48:02.0150 0x0bb4  COMSysApp - ok
13:48:02.0166 0x0bb4  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
13:48:02.0244 0x0bb4  condrv - ok
13:48:02.0370 0x0bb4  [ 6344504D5A9D8ED299239FBC03AB5D35, 27299078C93E0CA9304B5F5624D801C66054A6CB277AB868B5DE9E6178EAEF52 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:48:02.0401 0x0bb4  cphs - ok
13:48:02.0432 0x0bb4  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:48:02.0541 0x0bb4  CryptSvc - ok
13:48:02.0573 0x0bb4  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\Windows\system32\drivers\dam.sys
13:48:02.0604 0x0bb4  dam - ok
13:48:02.0682 0x0bb4  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:48:02.0745 0x0bb4  DcomLaunch - ok
13:48:02.0807 0x0bb4  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\Windows\System32\defragsvc.dll
13:48:02.0916 0x0bb4  defragsvc - ok
13:48:02.0963 0x0bb4  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
13:48:03.0026 0x0bb4  DeviceAssociationService - ok
13:48:03.0073 0x0bb4  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
13:48:03.0463 0x0bb4  DeviceInstall - ok
13:48:03.0495 0x0bb4  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
13:48:03.0588 0x0bb4  Dfsc - ok
13:48:03.0635 0x0bb4  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:48:03.0729 0x0bb4  Dhcp - ok
13:48:03.0760 0x0bb4  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
13:48:03.0791 0x0bb4  disk - ok
13:48:03.0807 0x0bb4  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
13:48:03.0901 0x0bb4  dmvsc - ok
13:48:03.0948 0x0bb4  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:48:03.0979 0x0bb4  Dnscache - ok
13:48:03.0995 0x0bb4  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:48:04.0088 0x0bb4  dot3svc - ok
13:48:04.0135 0x0bb4  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\Windows\system32\dps.dll
13:48:04.0182 0x0bb4  DPS - ok
13:48:04.0213 0x0bb4  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:48:04.0229 0x0bb4  drmkaud - ok
13:48:04.0276 0x0bb4  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
13:48:04.0323 0x0bb4  DsmSvc - ok
13:48:04.0370 0x0bb4  [ 40CFC6671B2442D32E149FF1683212D1, ADC1743CDB98EAC736783156D659364DF8613BCC4C0B6D0AC0D8F05AF18E0BF7 ] dts_apo_service C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
13:48:04.0385 0x0bb4  dts_apo_service - ok
13:48:04.0495 0x0bb4  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:48:04.0604 0x0bb4  DXGKrnl - ok
13:48:04.0620 0x0bb4  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\Windows\System32\eapsvc.dll
13:48:04.0698 0x0bb4  Eaphost - ok
13:48:04.0854 0x0bb4  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:48:05.0011 0x0bb4  ebdrv - ok
13:48:05.0042 0x0bb4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\Windows\System32\lsass.exe
13:48:05.0042 0x0bb4  EFS - ok
13:48:05.0058 0x0bb4  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
13:48:05.0073 0x0bb4  EhStorClass - ok
13:48:05.0089 0x0bb4  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
13:48:05.0089 0x0bb4  EhStorTcgDrv - ok
13:48:05.0105 0x0bb4  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
13:48:05.0136 0x0bb4  ErrDev - ok
13:48:05.0176 0x0bb4  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\Windows\system32\es.dll
13:48:05.0254 0x0bb4  EventSystem - ok
13:48:05.0379 0x0bb4  [ 9D78D6D795393291029A587D25F65949, 76570673AA788A8F725EDA2A7B991F8E12D66ADE5F12E38D87E85C5E6CCD140E ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:48:05.0426 0x0bb4  EvtEng - ok
13:48:05.0519 0x0bb4  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:48:05.0629 0x0bb4  exfat - ok
13:48:05.0645 0x0bb4  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:48:05.0676 0x0bb4  fastfat - ok
13:48:05.0738 0x0bb4  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\Windows\system32\fxssvc.exe
13:48:05.0832 0x0bb4  Fax - ok
13:48:05.0863 0x0bb4  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
13:48:05.0894 0x0bb4  fdc - ok
13:48:05.0926 0x0bb4  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:48:06.0004 0x0bb4  fdPHost - ok
13:48:06.0020 0x0bb4  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:48:06.0051 0x0bb4  FDResPub - ok
13:48:06.0082 0x0bb4  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\Windows\system32\fhsvc.dll
13:48:06.0176 0x0bb4  fhsvc - ok
13:48:06.0207 0x0bb4  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:48:06.0238 0x0bb4  FileInfo - ok
13:48:06.0254 0x0bb4  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:48:06.0301 0x0bb4  Filetrace - ok
13:48:06.0316 0x0bb4  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
13:48:06.0363 0x0bb4  flpydisk - ok
13:48:06.0410 0x0bb4  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:48:06.0441 0x0bb4  FltMgr - ok
13:48:06.0535 0x0bb4  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\Windows\system32\FntCache.dll
13:48:06.0629 0x0bb4  FontCache - ok
13:48:06.0723 0x0bb4  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:48:06.0738 0x0bb4  FontCache3.0.0.0 - ok
13:48:06.0770 0x0bb4  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:48:06.0785 0x0bb4  FsDepends - ok
13:48:06.0801 0x0bb4  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:48:06.0816 0x0bb4  Fs_Rec - ok
13:48:06.0879 0x0bb4  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:48:06.0941 0x0bb4  fvevol - ok
13:48:06.0973 0x0bb4  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
13:48:07.0004 0x0bb4  FxPPM - ok
13:48:07.0020 0x0bb4  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:48:07.0035 0x0bb4  gagp30kx - ok
13:48:07.0051 0x0bb4  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
13:48:07.0082 0x0bb4  gencounter - ok
13:48:07.0191 0x0bb4  [ 4DF4ABCA09AF1530D712FA589CE3BE9F, 573C04358BBAEAEDFDC4F265627E8029295C31BB17C13B428D5694119AECEDAD ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
13:48:07.0238 0x0bb4  GfExperienceService - ok
13:48:07.0307 0x0bb4  [ 045AE8D818B2E74B839597BB9C19C13B, 5C46F86C16E7F9740FEA56D5153B8E438A87B6011AA2C589FF0C1BE21D4BA701 ] GFNEXSrv        C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
13:48:07.0323 0x0bb4  GFNEXSrv - ok
13:48:07.0370 0x0bb4  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
13:48:07.0401 0x0bb4  GPIOClx0101 - ok
13:48:07.0495 0x0bb4  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:48:07.0557 0x0bb4  gpsvc - ok
13:48:07.0604 0x0bb4  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:48:07.0621 0x0bb4  HdAudAddService - ok
13:48:07.0652 0x0bb4  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
13:48:07.0714 0x0bb4  HDAudBus - ok
13:48:07.0746 0x0bb4  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
13:48:07.0777 0x0bb4  HidBatt - ok
13:48:07.0808 0x0bb4  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
13:48:07.0855 0x0bb4  HidBth - ok
13:48:07.0871 0x0bb4  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
13:48:07.0902 0x0bb4  hidi2c - ok
13:48:07.0949 0x0bb4  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
13:48:07.0980 0x0bb4  HidIr - ok
13:48:08.0011 0x0bb4  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\Windows\system32\hidserv.dll
13:48:08.0089 0x0bb4  hidserv - ok
13:48:08.0121 0x0bb4  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
13:48:08.0200 0x0bb4  HidUsb - ok
13:48:08.0247 0x0bb4  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:48:08.0356 0x0bb4  hkmsvc - ok
13:48:08.0403 0x0bb4  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:48:08.0450 0x0bb4  HomeGroupListener - ok
13:48:08.0481 0x0bb4  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:48:08.0528 0x0bb4  HomeGroupProvider - ok
13:48:08.0559 0x0bb4  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:48:08.0575 0x0bb4  HpSAMD - ok
13:48:08.0637 0x0bb4  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:48:08.0684 0x0bb4  HTTP - ok
13:48:08.0700 0x0bb4  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:48:08.0700 0x0bb4  hwpolicy - ok
13:48:08.0716 0x0bb4  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
13:48:08.0731 0x0bb4  hyperkbd - ok
13:48:08.0747 0x0bb4  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
13:48:08.0747 0x0bb4  HyperVideo - ok
13:48:08.0778 0x0bb4  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
13:48:08.0881 0x0bb4  i8042prt - ok
13:48:08.0913 0x0bb4  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
13:48:08.0928 0x0bb4  iaLPSSi_GPIO - ok
13:48:08.0960 0x0bb4  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
13:48:08.0975 0x0bb4  iaLPSSi_I2C - ok
13:48:09.0053 0x0bb4  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
13:48:09.0085 0x0bb4  iaStorA - ok
13:48:09.0116 0x0bb4  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
13:48:09.0147 0x0bb4  iaStorAV - ok
13:48:09.0178 0x0bb4  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:48:09.0194 0x0bb4  iaStorV - ok
13:48:09.0256 0x0bb4  [ B1E9019A1A2573A112D6FA6FBD4E60AC, 8282A9830ACBC6407B4593A249F5AF3EEA745FE2842E72CB4014709B3ED8190E ] ibtsiva         C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
13:48:09.0288 0x0bb4  ibtsiva - ok
13:48:09.0335 0x0bb4  [ 78DC93872CF915831F98DD46DF6283EE, 084E6BF12835A6DABC8F6EB6A758866DE1C44396A9F5078262F89ECC27A9A1BD ] ibtusb          C:\Windows\system32\DRIVERS\ibtusb.sys
13:48:09.0366 0x0bb4  ibtusb - ok
13:48:09.0381 0x0bb4  IEEtwCollectorService - ok
13:48:09.0538 0x0bb4  [ 16D939A13CFB82DEE0B9DB12E45C7B4E, D09C57DE3EF7F6BEDD354FEEDB46260FDCF9F9A0F2D096FFD518509AD041AAC5 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:48:09.0794 0x0bb4  igfx - ok
13:48:09.0904 0x0bb4  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:48:09.0936 0x0bb4  IKEEXT - ok
13:48:09.0981 0x0bb4  [ DB65573521AB51941F4FA799D0968136, 418F5E3FE725B7B114F3DAEBDCEBCE7F4AD8ECAAFF572C02BA9ACCE86D55BFD8 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
13:48:09.0981 0x0bb4  intaud_WaveExtensible - ok
13:48:10.0024 0x0bb4  [ D6A22510D795928E8840619900D672B4, 296F232B0A6D42840A745E4706D2815F6D2E4279DBD90112CBFBFF8833B724AF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:48:10.0056 0x0bb4  IntcDAud - ok
13:48:10.0106 0x0bb4  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:48:10.0185 0x0bb4  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
13:48:12.0754 0x0bb4  Detect skipped due to KSN trusted
13:48:12.0754 0x0bb4  Intel(R) Capability Licensing Service Interface - ok
13:48:12.0832 0x0bb4  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
13:48:12.0910 0x0bb4  Intel(R) Capability Licensing Service TCP IP Interface - ok
13:48:12.0957 0x0bb4  [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
13:48:12.0973 0x0bb4  Intel(R) ME Service - ok
13:48:12.0989 0x0bb4  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:48:13.0004 0x0bb4  intelide - ok
13:48:13.0035 0x0bb4  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
13:48:13.0051 0x0bb4  intelpep - ok
13:48:13.0082 0x0bb4  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
13:48:13.0114 0x0bb4  intelppm - ok
13:48:13.0129 0x0bb4  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:48:13.0192 0x0bb4  IpFilterDriver - ok
13:48:13.0270 0x0bb4  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:48:13.0348 0x0bb4  iphlpsvc - ok
13:48:13.0379 0x0bb4  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
13:48:13.0520 0x0bb4  IPMIDRV - ok
13:48:13.0551 0x0bb4  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:48:13.0692 0x0bb4  IPNAT - ok
13:48:13.0707 0x0bb4  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:48:13.0754 0x0bb4  IRENUM - ok
13:48:13.0770 0x0bb4  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:48:13.0785 0x0bb4  isapnp - ok
13:48:13.0832 0x0bb4  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
13:48:13.0864 0x0bb4  iScsiPrt - ok
13:48:13.0895 0x0bb4  [ 2C04ACF9070282AC9AA837C52CA3C128, 2C68FE2E876E5089F27021038E868E21288F694F3ED0390AED5B4712CC7567EC ] iwdbus          C:\Windows\System32\drivers\iwdbus.sys
13:48:13.0910 0x0bb4  iwdbus - ok
13:48:13.0957 0x0bb4  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
13:48:13.0973 0x0bb4  jhi_service - ok
13:48:13.0989 0x0bb4  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
13:48:14.0020 0x0bb4  kbdclass - ok
13:48:14.0051 0x0bb4  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
13:48:14.0082 0x0bb4  kbdhid - ok
13:48:14.0114 0x0bb4  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
13:48:14.0207 0x0bb4  kdnic - ok
13:48:14.0223 0x0bb4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
13:48:14.0239 0x0bb4  KeyIso - ok
13:48:14.0287 0x0bb4  [ 67D1F7FA1DF9502DE12027D7C7782863, BCB92C1C11A7576FD7E91B160CBC3FB5A0C31FE028305021D7C10EC40C4D5013 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
13:48:14.0334 0x0bb4  kl1 - ok
13:48:14.0349 0x0bb4  [ F2EB9202FCCC81E0902D3C5A70037A44, 9554851BB68228500E69536B0C484B32FC92B85A76A7F1F268549212D0D5CFCA ] klelam          C:\Windows\system32\DRIVERS\klelam.sys
13:48:14.0365 0x0bb4  klelam - ok
13:48:14.0381 0x0bb4  [ C10F8065188403857CD3AE1397185877, 347BDA6371D25B6BE5FE1CB7FB7FBE2F469D74FCDBBD9BB25DD928D90D7BD235 ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
13:48:14.0396 0x0bb4  klflt - ok
13:48:14.0412 0x0bb4  [ AB9F0954450B132CCC1CAD40AC3190B5, 2C8F31B4C93F2F7CB78B1FE47A38FC924BF7D4B68E861035921AD79FC27A9BEF ] klhk            C:\Windows\system32\DRIVERS\klhk.sys
13:48:14.0428 0x0bb4  klhk - ok
13:48:14.0474 0x0bb4  [ 0620A7BE4C98C4B1DDFE2BCBE6B29D1D, 72C0516A09CB852BE63DA6C4F1A4EE2544D0FCCFA5D86FE2600101038B7802CE ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
13:48:14.0506 0x0bb4  KLIF - ok
13:48:14.0521 0x0bb4  [ 753BFA638ACE05983D4C64988CC13926, FE0D2604AE845D9AC35C793E1E0523BFF7FCA396183D7FED005E4CDF29381252 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
13:48:14.0537 0x0bb4  KLIM6 - ok
13:48:14.0537 0x0bb4  [ 37ADA02E498051A4D533F21096789597, 569D0D29C509695C5136D5039AACAF3CAD70FA92AB3F7FE92B6F58C0C691F3F6 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
13:48:14.0553 0x0bb4  klkbdflt - ok
13:48:14.0584 0x0bb4  [ 8849D8F6259D3494E8C5C9482EE40A08, 62C60FD28916407AEF3C4F8B8FF7E5FCDFAE261E772E672E3E06F0D0CA6D6729 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
13:48:14.0584 0x0bb4  klmouflt - ok
13:48:14.0599 0x0bb4  [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
13:48:14.0615 0x0bb4  klpd - ok
13:48:14.0631 0x0bb4  [ B14A25C9035DCE1108743CFE3340CB8E, 001E7FC5EB197D5863A00F0750E39FA94B2812BC975C721DFEA95F2A5396FB39 ] klwfp           C:\Windows\system32\DRIVERS\klwfp.sys
13:48:14.0631 0x0bb4  klwfp - ok
13:48:14.0646 0x0bb4  [ D043624FE4AE0A4894A785097C02EF09, 2259CA9BAC73902D291176AB689C101CACE115A8A1C2E6824CC66E928FA27552 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
13:48:14.0662 0x0bb4  kneps - ok
13:48:14.0678 0x0bb4  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:48:14.0693 0x0bb4  KSecDD - ok
13:48:14.0709 0x0bb4  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:48:14.0724 0x0bb4  KSecPkg - ok
13:48:14.0756 0x0bb4  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:48:14.0787 0x0bb4  ksthunk - ok
13:48:14.0834 0x0bb4  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:48:14.0881 0x0bb4  KtmRm - ok
13:48:14.0912 0x0bb4  [ 4E5EA006CFFB96E0BAFC767D659AAB9A, A24A334955FB98D0903971454FADAC639D535BD32BB48964BD95019C7F6C454E ] L1C             C:\Windows\system32\DRIVERS\L1C63x64.sys
13:48:14.0943 0x0bb4  L1C - ok
13:48:14.0990 0x0bb4  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:48:15.0053 0x0bb4  LanmanServer - ok
13:48:15.0099 0x0bb4  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:48:15.0162 0x0bb4  LanmanWorkstation - ok
13:48:15.0209 0x0bb4  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
13:48:15.0318 0x0bb4  lfsvc - ok
13:48:15.0349 0x0bb4  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:48:15.0381 0x0bb4  lltdio - ok
13:48:15.0412 0x0bb4  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:48:15.0459 0x0bb4  lltdsvc - ok
13:48:15.0490 0x0bb4  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:48:15.0537 0x0bb4  lmhosts - ok
13:48:15.0599 0x0bb4  [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:48:15.0615 0x0bb4  LMS - ok
13:48:15.0646 0x0bb4  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:48:15.0662 0x0bb4  LSI_SAS - ok
13:48:15.0678 0x0bb4  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:48:15.0693 0x0bb4  LSI_SAS2 - ok
13:48:15.0709 0x0bb4  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
13:48:15.0724 0x0bb4  LSI_SAS3 - ok
13:48:15.0740 0x0bb4  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
13:48:15.0756 0x0bb4  LSI_SSS - ok
13:48:15.0818 0x0bb4  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\Windows\System32\lsm.dll
13:48:15.0943 0x0bb4  LSM - ok
13:48:15.0974 0x0bb4  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:48:16.0068 0x0bb4  luafv - ok
13:48:16.0099 0x0bb4  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
13:48:16.0131 0x0bb4  megasas - ok
13:48:16.0178 0x0bb4  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
13:48:16.0256 0x0bb4  megasr - ok
13:48:16.0271 0x0bb4  [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
13:48:16.0287 0x0bb4  MEIx64 - ok
13:48:16.0318 0x0bb4  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\Windows\system32\mmcss.dll
13:48:16.0396 0x0bb4  MMCSS - ok
13:48:16.0412 0x0bb4  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
13:48:16.0443 0x0bb4  Modem - ok
13:48:16.0490 0x0bb4  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
13:48:16.0553 0x0bb4  monitor - ok
13:48:16.0584 0x0bb4  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
13:48:16.0615 0x0bb4  mouclass - ok
13:48:16.0631 0x0bb4  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
13:48:16.0678 0x0bb4  mouhid - ok
13:48:16.0709 0x0bb4  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:48:16.0740 0x0bb4  mountmgr - ok
13:48:16.0787 0x0bb4  [ 9F7A0C2775C9FF1EFD6892B165A95143, CCE6535E3693A08A599A5C1B4986411B89E2198ADBCB3A69F4536286B652AD5F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:48:16.0803 0x0bb4  MozillaMaintenance - ok
13:48:16.0834 0x0bb4  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:48:16.0896 0x0bb4  mpsdrv - ok
13:48:16.0959 0x0bb4  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:48:17.0068 0x0bb4  MpsSvc - ok
13:48:17.0099 0x0bb4  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:48:17.0146 0x0bb4  MRxDAV - ok
13:48:17.0193 0x0bb4  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:48:17.0303 0x0bb4  mrxsmb - ok
13:48:17.0349 0x0bb4  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:48:17.0459 0x0bb4  mrxsmb10 - ok
13:48:17.0501 0x0bb4  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:48:17.0548 0x0bb4  mrxsmb20 - ok
13:48:17.0579 0x0bb4  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
13:48:17.0626 0x0bb4  MsBridge - ok
13:48:17.0642 0x0bb4  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\Windows\System32\msdtc.exe
13:48:17.0689 0x0bb4  MSDTC - ok
13:48:17.0705 0x0bb4  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:48:17.0736 0x0bb4  Msfs - ok
13:48:17.0752 0x0bb4  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
13:48:17.0768 0x0bb4  msgpiowin32 - ok
13:48:17.0783 0x0bb4  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:48:17.0815 0x0bb4  mshidkmdf - ok
13:48:17.0830 0x0bb4  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
13:48:17.0861 0x0bb4  mshidumdf - ok
13:48:17.0877 0x0bb4  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:48:17.0908 0x0bb4  msisadrv - ok
13:48:17.0940 0x0bb4  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:48:17.0971 0x0bb4  MSiSCSI - ok
13:48:17.0986 0x0bb4  msiserver - ok
13:48:18.0002 0x0bb4  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:48:18.0018 0x0bb4  MSKSSRV - ok
13:48:18.0049 0x0bb4  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
13:48:18.0096 0x0bb4  MsLldp - ok
13:48:18.0127 0x0bb4  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:48:18.0158 0x0bb4  MSPCLOCK - ok
13:48:18.0174 0x0bb4  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:48:18.0205 0x0bb4  MSPQM - ok
13:48:18.0268 0x0bb4  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:48:18.0299 0x0bb4  MsRPC - ok
13:48:18.0315 0x0bb4  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
13:48:18.0330 0x0bb4  mssmbios - ok
13:48:18.0330 0x0bb4  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:48:18.0361 0x0bb4  MSTEE - ok
13:48:18.0377 0x0bb4  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
13:48:18.0393 0x0bb4  MTConfig - ok
13:48:18.0408 0x0bb4  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\Windows\system32\Drivers\mup.sys
13:48:18.0424 0x0bb4  Mup - ok
13:48:18.0455 0x0bb4  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
13:48:18.0486 0x0bb4  mvumis - ok
13:48:18.0518 0x0bb4  [ D7817027F42377B94F53A8F9CDF6A3D3, F7A707E383732A1F6283F0C79591C7D4CC32EAA58F071E7E930E57AC820F55D5 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:48:18.0549 0x0bb4  MyWiFiDHCPDNS - ok
13:48:18.0596 0x0bb4  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
13:48:18.0627 0x0bb4  napagent - ok
13:48:18.0674 0x0bb4  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:48:18.0752 0x0bb4  NativeWifiP - ok
13:48:18.0783 0x0bb4  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
13:48:18.0830 0x0bb4  NcaSvc - ok
13:48:18.0861 0x0bb4  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
13:48:18.0940 0x0bb4  NcbService - ok
13:48:18.0971 0x0bb4  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
13:48:19.0033 0x0bb4  NcdAutoSetup - ok
13:48:19.0127 0x0bb4  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:48:19.0190 0x0bb4  NDIS - ok
13:48:19.0221 0x0bb4  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:48:19.0237 0x0bb4  NdisCap - ok
13:48:19.0252 0x0bb4  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
13:48:19.0315 0x0bb4  NdisImPlatform - ok
13:48:19.0330 0x0bb4  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:48:19.0377 0x0bb4  NdisTapi - ok
13:48:19.0404 0x0bb4  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:48:19.0467 0x0bb4  Ndisuio - ok
13:48:19.0483 0x0bb4  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
13:48:19.0529 0x0bb4  NdisVirtualBus - ok
13:48:19.0561 0x0bb4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:48:19.0623 0x0bb4  NdisWan - ok
13:48:19.0639 0x0bb4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
13:48:19.0670 0x0bb4  NdisWanLegacy - ok
13:48:19.0689 0x0bb4  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:48:19.0704 0x0bb4  NDProxy - ok
13:48:19.0736 0x0bb4  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
13:48:19.0798 0x0bb4  Ndu - ok
13:48:19.0814 0x0bb4  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:48:19.0860 0x0bb4  NetBIOS - ok
13:48:19.0907 0x0bb4  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:48:19.0985 0x0bb4  NetBT - ok
13:48:20.0001 0x0bb4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
13:48:20.0032 0x0bb4  Netlogon - ok
13:48:20.0079 0x0bb4  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
13:48:20.0110 0x0bb4  Netman - ok
13:48:20.0142 0x0bb4  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
13:48:20.0189 0x0bb4  netprofm - ok
13:48:20.0251 0x0bb4  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:20.0282 0x0bb4  NetTcpPortSharing - ok
13:48:20.0314 0x0bb4  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
13:48:20.0392 0x0bb4  netvsc - ok
13:48:20.0548 0x0bb4  [ 014F50D0B439B9202DAD37AD2167D0D4, 6F5E799A5460DA285CB816D76A13851F0A243B6F2985A773E6CD5F09D44EA8BE ] NETwNb64        C:\Windows\system32\DRIVERS\NETwbw02.sys
13:48:20.0736 0x0bb4  NETwNb64 - ok
13:48:20.0767 0x0bb4  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:48:20.0845 0x0bb4  NlaSvc - ok
13:48:20.0876 0x0bb4  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:48:20.0923 0x0bb4  Npfs - ok
13:48:20.0939 0x0bb4  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
13:48:21.0001 0x0bb4  npsvctrig - ok
13:48:21.0033 0x0bb4  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\Windows\system32\nsisvc.dll
13:48:21.0095 0x0bb4  nsi - ok
13:48:21.0111 0x0bb4  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:48:21.0142 0x0bb4  nsiproxy - ok
13:48:21.0267 0x0bb4  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:48:21.0329 0x0bb4  Ntfs - ok
13:48:21.0345 0x0bb4  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
13:48:21.0361 0x0bb4  Null - ok
13:48:21.0673 0x0bb4  [ ECC732D5185408FCC323E56D30170848, 7A7A6C410B65DBB1D59653598D7E5414054588BB88505BE68BFFF0378FD555F3 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:48:22.0058 0x0bb4  nvlddmkm - ok
13:48:22.0230 0x0bb4  [ EC4F787905DC5753C46A4C05CEBADF45, 334E7E277A6FDABD91108DC4FE0D861DE6C00616CCFDC5E2D390CDDED62AF5D5 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
13:48:22.0276 0x0bb4  NvNetworkService - ok
13:48:22.0292 0x0bb4  [ F54C556FB7BE00CA0CC2E5C11194D2C5, 9956F5B3F37C545A20C005282F774D264CDBA3546AFFB942E69BDB24EDA1F6CD ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
13:48:22.0308 0x0bb4  nvpciflt - ok
13:48:22.0323 0x0bb4  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:48:22.0339 0x0bb4  nvraid - ok
13:48:22.0339 0x0bb4  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:48:22.0355 0x0bb4  nvstor - ok
13:48:22.0402 0x0bb4  [ D92F4ED189C8207D0274B8B6BB494892, 8F7656662D3F26BE51AED9B7368278B18915F98A627E70021F914016BF3E22DB ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
13:48:22.0417 0x0bb4  NvStreamKms - ok
13:48:22.0417 0x0bb4  NvStreamSvc - ok
13:48:22.0511 0x0bb4  [ 2AF7D8BCD8912FC16AA15268CDCF2454, 3A2E5ADFC6213A6EA83F78026518EC7EE0DD4BBA7C210CB7A41007BB57DC0636 ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:48:22.0542 0x0bb4  nvsvc - ok
13:48:22.0573 0x0bb4  [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
13:48:22.0573 0x0bb4  nvvad_WaveExtensible - ok
13:48:22.0605 0x0bb4  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:48:22.0620 0x0bb4  nv_agp - ok
13:48:22.0652 0x0bb4  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:48:22.0683 0x0bb4  ose - ok
13:48:22.0730 0x0bb4  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:48:22.0792 0x0bb4  p2pimsvc - ok
13:48:22.0823 0x0bb4  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
13:48:22.0870 0x0bb4  p2psvc - ok
13:48:22.0901 0x0bb4  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\Windows\System32\drivers\parport.sys
13:48:22.0917 0x0bb4  Parport - ok
13:48:22.0933 0x0bb4  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:48:22.0948 0x0bb4  partmgr - ok
13:48:23.0011 0x0bb4  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:48:23.0058 0x0bb4  PcaSvc - ok
13:48:23.0105 0x0bb4  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
13:48:23.0151 0x0bb4  pci - ok
13:48:23.0183 0x0bb4  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:48:23.0245 0x0bb4  pciide - ok
13:48:23.0261 0x0bb4  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:48:23.0308 0x0bb4  pcmcia - ok
13:48:23.0323 0x0bb4  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:48:23.0355 0x0bb4  pcw - ok
13:48:23.0386 0x0bb4  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\Windows\system32\drivers\pdc.sys
13:48:23.0417 0x0bb4  pdc - ok
13:48:23.0480 0x0bb4  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:48:23.0589 0x0bb4  PEAUTH - ok
13:48:23.0605 0x0bb4  [ EE926C59CBD4DC4DC9FBB85014A2F1A5, 777459BD30A480E03EA5D0BBA431C2CD573403687FAA0B29F172086A0304E230 ] PEGAGFN         C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys
13:48:23.0620 0x0bb4  PEGAGFN - ok
13:48:23.0696 0x0bb4  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:48:23.0771 0x0bb4  PerfHost - ok
13:48:23.0881 0x0bb4  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\Windows\system32\pla.dll
13:48:23.0959 0x0bb4  pla - ok
13:48:23.0974 0x0bb4  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:48:23.0990 0x0bb4  PlugPlay - ok
13:48:24.0006 0x0bb4  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:48:24.0053 0x0bb4  PNRPAutoReg - ok
13:48:24.0084 0x0bb4  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:48:24.0131 0x0bb4  PNRPsvc - ok
13:48:24.0178 0x0bb4  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:48:24.0209 0x0bb4  PolicyAgent - ok
13:48:24.0240 0x0bb4  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\Windows\system32\umpo.dll
13:48:24.0318 0x0bb4  Power - ok
13:48:24.0490 0x0bb4  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
13:48:24.0678 0x0bb4  PrintNotify - ok
13:48:24.0724 0x0bb4  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
13:48:24.0771 0x0bb4  Processor - ok
13:48:24.0803 0x0bb4  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:48:24.0896 0x0bb4  ProfSvc - ok
13:48:24.0928 0x0bb4  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:48:24.0959 0x0bb4  Psched - ok
13:48:24.0990 0x0bb4  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\Windows\system32\qwave.dll
13:48:25.0068 0x0bb4  QWAVE - ok
13:48:25.0099 0x0bb4  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:48:25.0131 0x0bb4  QWAVEdrv - ok
13:48:25.0162 0x0bb4  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:48:25.0193 0x0bb4  RasAcd - ok
13:48:25.0224 0x0bb4  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\Windows\System32\rasauto.dll
13:48:25.0256 0x0bb4  RasAuto - ok
13:48:25.0303 0x0bb4  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\Windows\System32\rasmans.dll
13:48:25.0349 0x0bb4  RasMan - ok
13:48:25.0365 0x0bb4  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:48:25.0412 0x0bb4  RasPppoe - ok
13:48:25.0459 0x0bb4  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:48:25.0584 0x0bb4  rdbss - ok
13:48:25.0615 0x0bb4  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
13:48:25.0678 0x0bb4  rdpbus - ok
13:48:25.0709 0x0bb4  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:48:25.0787 0x0bb4  RDPDR - ok
13:48:25.0834 0x0bb4  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:48:25.0849 0x0bb4  RdpVideoMiniport - ok
13:48:25.0881 0x0bb4  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:48:25.0928 0x0bb4  rdyboost - ok
13:48:25.0990 0x0bb4  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
13:48:26.0053 0x0bb4  ReFS - ok
13:48:26.0115 0x0bb4  [ A2F664C5556A37F60D9DE89A0AE3510C, 630AB93C1BC8EBF1EA9CAFF644EE09E41AD45695AA9AC09DDA67B4ADB23CC5BC ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:48:26.0146 0x0bb4  RegSrvc - ok
13:48:26.0178 0x0bb4  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:48:26.0224 0x0bb4  RemoteAccess - ok
13:48:26.0256 0x0bb4  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:48:26.0318 0x0bb4  RemoteRegistry - ok
13:48:26.0365 0x0bb4  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
13:48:26.0396 0x0bb4  RFCOMM - ok
13:48:26.0428 0x0bb4  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:48:26.0474 0x0bb4  RpcEptMapper - ok
13:48:26.0490 0x0bb4  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
13:48:26.0521 0x0bb4  RpcLocator - ok
13:48:26.0599 0x0bb4  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\Windows\system32\rpcss.dll
13:48:26.0646 0x0bb4  RpcSs - ok
13:48:26.0678 0x0bb4  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:48:26.0693 0x0bb4  rspndr - ok
13:48:26.0787 0x0bb4  [ A307450FE19F99CC8AC750EB13959F94, D74B054B116C8E4295AFE1826D3E560D7F6885980C711F692CCDF4D9A87978AB ] RTWlanE         C:\Windows\system32\DRIVERS\rtwlane.sys
13:48:26.0865 0x0bb4  RTWlanE - ok
13:48:26.0896 0x0bb4  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
13:48:26.0912 0x0bb4  s3cap - ok
13:48:26.0943 0x0bb4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\Windows\system32\lsass.exe
13:48:26.0943 0x0bb4  SamSs - ok
13:48:26.0959 0x0bb4  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:48:26.0974 0x0bb4  sbp2port - ok
13:48:27.0006 0x0bb4  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:48:27.0021 0x0bb4  SCardSvr - ok
13:48:27.0037 0x0bb4  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
13:48:27.0068 0x0bb4  ScDeviceEnum - ok
13:48:27.0068 0x0bb4  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:48:27.0099 0x0bb4  scfilter - ok
13:48:27.0146 0x0bb4  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\Windows\system32\schedsvc.dll
13:48:27.0224 0x0bb4  Schedule - ok
13:48:27.0224 0x0bb4  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:48:27.0240 0x0bb4  SCPolicySvc - ok
13:48:27.0271 0x0bb4  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
13:48:27.0287 0x0bb4  sdbus - ok
13:48:27.0318 0x0bb4  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
13:48:27.0334 0x0bb4  sdstor - ok
13:48:27.0349 0x0bb4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:48:27.0349 0x0bb4  secdrv - ok
13:48:27.0381 0x0bb4  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\Windows\system32\seclogon.dll
13:48:27.0381 0x0bb4  seclogon - ok
13:48:27.0412 0x0bb4  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
13:48:27.0443 0x0bb4  SENS - ok
13:48:27.0459 0x0bb4  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:48:27.0490 0x0bb4  SensrSvc - ok
13:48:27.0506 0x0bb4  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
13:48:27.0506 0x0bb4  SerCx - ok
13:48:27.0537 0x0bb4  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
13:48:27.0553 0x0bb4  SerCx2 - ok
13:48:27.0568 0x0bb4  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\Windows\System32\drivers\serenum.sys
13:48:27.0584 0x0bb4  Serenum - ok
13:48:27.0599 0x0bb4  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
13:48:27.0631 0x0bb4  Serial - ok
13:48:27.0662 0x0bb4  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
13:48:27.0693 0x0bb4  sermouse - ok
13:48:27.0756 0x0bb4  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\Windows\system32\sessenv.dll
13:48:27.0865 0x0bb4  SessionEnv - ok
13:48:27.0896 0x0bb4  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
13:48:27.0928 0x0bb4  sfloppy - ok
13:48:27.0974 0x0bb4  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:48:28.0021 0x0bb4  SharedAccess - ok
13:48:28.0068 0x0bb4  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:48:28.0146 0x0bb4  ShellHWDetection - ok
13:48:28.0162 0x0bb4  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:48:28.0193 0x0bb4  SiSRaid2 - ok
13:48:28.0209 0x0bb4  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:48:28.0240 0x0bb4  SiSRaid4 - ok
13:48:28.0256 0x0bb4  [ 4A233E3477FE43F6AEBBEE4FE157E05F, ADDC666E0C0891FA7DC4B98205E31546D5753537955D477722BF0BF350A5712C ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
13:48:28.0271 0x0bb4  SmbDrvI - ok
13:48:28.0318 0x0bb4  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\Windows\System32\smphost.dll
13:48:28.0350 0x0bb4  smphost - ok
13:48:28.0365 0x0bb4  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:48:28.0412 0x0bb4  SNMPTRAP - ok
13:48:28.0459 0x0bb4  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
13:48:28.0506 0x0bb4  spaceport - ok
13:48:28.0521 0x0bb4  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
13:48:28.0537 0x0bb4  SpbCx - ok
13:48:28.0615 0x0bb4  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\Windows\System32\spoolsv.exe
13:48:28.0756 0x0bb4  Spooler - ok
13:48:28.0991 0x0bb4  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
13:48:29.0257 0x0bb4  sppsvc - ok
13:48:29.0304 0x0bb4  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:48:29.0413 0x0bb4  srv - ok
13:48:29.0491 0x0bb4  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:48:29.0570 0x0bb4  srv2 - ok
13:48:29.0601 0x0bb4  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:48:29.0710 0x0bb4  srvnet - ok
13:48:29.0757 0x0bb4  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:48:29.0820 0x0bb4  SSDPSRV - ok
13:48:29.0866 0x0bb4  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:48:29.0898 0x0bb4  SstpSvc - ok
13:48:29.0960 0x0bb4  [ D67F951F6BA708812420195B8D0AB8B6, 6583DB22EB8AA5FF0134D2536C9A46BC0D7D8F8B2829D5719DD68968C22F5917 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
13:48:29.0991 0x0bb4  STacSV - detected UnsignedFile.Multi.Generic ( 1 )
13:48:33.0483 0x0bb4  Detect skipped due to KSN trusted
13:48:33.0483 0x0bb4  STacSV - ok
13:48:33.0530 0x0bb4  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:48:33.0561 0x0bb4  stexstor - ok
13:48:33.0608 0x0bb4  [ 71CB3BB20F08BB724769DAAAFD5AB26E, FC4B2BD03037EC07F4443BBE13A28859035F7229CA06D4E42AFB42ABF1A89F09 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
13:48:33.0718 0x0bb4  STHDA - ok
13:48:33.0796 0x0bb4  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
13:48:33.0936 0x0bb4  stisvc - ok
13:48:33.0968 0x0bb4  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
13:48:33.0999 0x0bb4  storahci - ok
13:48:34.0014 0x0bb4  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:48:34.0046 0x0bb4  storflt - ok
13:48:34.0061 0x0bb4  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
13:48:34.0077 0x0bb4  stornvme - ok
13:48:34.0108 0x0bb4  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\Windows\system32\storsvc.dll
13:48:34.0202 0x0bb4  StorSvc - ok
13:48:34.0233 0x0bb4  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:48:34.0249 0x0bb4  storvsc - ok
13:48:34.0280 0x0bb4  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\Windows\system32\svsvc.dll
13:48:34.0311 0x0bb4  svsvc - ok
13:48:34.0343 0x0bb4  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
13:48:34.0358 0x0bb4  swenum - ok
13:48:34.0436 0x0bb4  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\Windows\System32\swprv.dll
13:48:34.0530 0x0bb4  swprv - ok
13:48:34.0577 0x0bb4  [ 90AAE45676DDF13048FFB9D01FBE1669, 983FFA615E42B5E039DE5F1033F643D0E87C93A715043A9A642518FC66E3F9F5 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:48:34.0624 0x0bb4  SynTP - ok
13:48:34.0766 0x0bb4  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\Windows\system32\sysmain.dll
13:48:34.0844 0x0bb4  SysMain - ok
13:48:34.0891 0x0bb4  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
13:48:34.0922 0x0bb4  SystemEventsBroker - ok
13:48:34.0954 0x0bb4  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:48:35.0016 0x0bb4  TabletInputService - ok
13:48:35.0063 0x0bb4  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:48:35.0141 0x0bb4  TapiSrv - ok
13:48:35.0251 0x0bb4  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:48:35.0344 0x0bb4  Tcpip - ok
13:48:35.0425 0x0bb4  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:48:35.0488 0x0bb4  TCPIP6 - ok
13:48:35.0527 0x0bb4  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:48:35.0605 0x0bb4  tcpipreg - ok
13:48:35.0620 0x0bb4  [ 58480A57ACF2671C343FD1D4BA990E34, 24AD9C808D06FABFE8E81242CAC8B5A91829F7D951B245865EF77B79BB795E3D ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:48:35.0652 0x0bb4  tdcmdpst - ok
13:48:35.0667 0x0bb4  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:48:35.0699 0x0bb4  tdx - ok
13:48:35.0761 0x0bb4  [ E964837B2A702D82E51DE879FEFDF22B, 3C24E4E3486F4D6B4AB0E202BD45AF4D344123EB6467476A4317DB0CFA37EC86 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
13:48:35.0792 0x0bb4  TemproMonitoringService - ok
13:48:35.0808 0x0bb4  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
13:48:35.0839 0x0bb4  terminpt - ok
13:48:35.0933 0x0bb4  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\Windows\System32\termsrv.dll
13:48:35.0980 0x0bb4  TermService - ok
13:48:35.0995 0x0bb4  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
13:48:36.0011 0x0bb4  Themes - ok
13:48:36.0042 0x0bb4  [ 77CF0ECC1C2B5E616B650AB5D4931114, FFB54C264EE10AABA076B591196A98DA5F57E975A4A143AFB5424DFF726AF66F ] Thotkey         C:\Windows\System32\drivers\Thotkey.sys
13:48:36.0042 0x0bb4  Thotkey - ok
13:48:36.0074 0x0bb4  [ C543A60A5629BE336A5BF844A802F725, D29FE96B636A9C8AE06AC0F10CCDE57062BDA35C4FB707D4945B46662217C519 ] Thpdrv          C:\Windows\system32\DRIVERS\thpdrv.sys
13:48:36.0089 0x0bb4  Thpdrv - ok
13:48:36.0105 0x0bb4  [ 981FF023805AF650B8900DAA9C78B929, C78E8CFD20E5C90755DA0E29B222902EC9C2A061006FE1015FC3F64A2DC81CF4 ] Thpevm          C:\Windows\system32\drivers\Thpevm.SYS
13:48:36.0120 0x0bb4  Thpevm - ok
13:48:36.0136 0x0bb4  [ 7255A83AC83413F827088EDBF943F65C, F7BEBB0109D2147EC95C382D3150754AC76C9934E2F238BC98F57198FAE2BD8B ] Thpsrv          C:\Windows\system32\ThpSrv.exe
13:48:36.0167 0x0bb4  Thpsrv - ok
13:48:36.0183 0x0bb4  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:48:36.0199 0x0bb4  THREADORDER - ok
13:48:36.0245 0x0bb4  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
13:48:36.0308 0x0bb4  TimeBroker - ok
13:48:36.0370 0x0bb4  [ 6C4F5CD42074DB52AE88FC4BAB2C54F7, B4E3B6A23C99A11186F4EE875871D459A7A03EF4565CA114B41FB3C982841A45 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:48:36.0386 0x0bb4  TMachInfo - ok
13:48:36.0417 0x0bb4  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
13:48:36.0449 0x0bb4  TODDSrv - ok
13:48:36.0527 0x0bb4  [ AEAAB8C7EDD5981CA422617C6B612EEC, 543A15DF7011A5BC70AB6AFFC901F663E7121B7DEA90CEC308BFA54866F81625 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
13:48:36.0574 0x0bb4  TOSHIBA Bluetooth Service - ok
13:48:36.0620 0x0bb4  [ 380192EE4C9FA50A083C14522E6240C8, 539EF29B97E552F655F73EFB54AE300587F3C6FCE9AF89C81B838997E9E0CD43 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\Teco\TecoService.exe
13:48:36.0652 0x0bb4  TOSHIBA eco Utility Service - ok
13:48:36.0683 0x0bb4  [ E4C35827E0830E5ECBA77F4DC6ABF37F, 8270B34A361EE6EC054B2D1C482B0BDF7EC8949D82B6E8E0D5F44CECF9296D71 ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
13:48:36.0699 0x0bb4  tosrfbd - ok
13:48:36.0714 0x0bb4  Tosrfcom - ok
13:48:36.0730 0x0bb4  [ 8E5E4DAB54D20CA50D9B7B45F9D46F10, EF20D91E7AB0A8B4DF25D11CFEF10431A28DEF1384FD53A161E8C81DC5A536F6 ] tosrfec         C:\Windows\System32\drivers\tosrfec.sys
13:48:36.0745 0x0bb4  tosrfec - ok
13:48:36.0745 0x0bb4  [ 3D0D685F520CE2ED0B4D15AFE38362F8, AE133CEAF1477832551DB4520C9D39A188A7B387F5955D6CBB674C77288F1A91 ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
13:48:36.0761 0x0bb4  Tosrfhid - ok
13:48:36.0777 0x0bb4  [ F121F588D901563BBCE1D828679F1432, 2A294A9A5ED7CD55909149FFA6043A6F7056285CBD4D3BFD0EA6023B9E1EB9EF ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
13:48:36.0792 0x0bb4  Tosrfusb - ok
13:48:36.0839 0x0bb4  [ 36391C3953D191A2AF4556D5D706C641, 5191A35C86B6C98F2CBDDC23B5311ED62310345CEDE084A54BBF70CCF0F84C50 ] tos_sps64       C:\Windows\system32\drivers\tos_sps64.sys
13:48:36.0870 0x0bb4  tos_sps64 - ok
13:48:36.0933 0x0bb4  [ 67F2A8FCD91A06E445C374C9E6BB0DD3, 3087D762421A265A0E4BB41496284B092F7F71476CC7BEC5334E3FB6414B4F41 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
13:48:36.0980 0x0bb4  TPCHSrv - ok
13:48:37.0011 0x0bb4  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\Windows\system32\drivers\tpm.sys
13:48:37.0027 0x0bb4  TPM - ok
13:48:37.0058 0x0bb4  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
13:48:37.0089 0x0bb4  TrkWks - ok
13:48:37.0136 0x0bb4  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:48:37.0199 0x0bb4  TrustedInstaller - ok
13:48:37.0214 0x0bb4  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:48:37.0277 0x0bb4  TsUsbFlt - ok
13:48:37.0308 0x0bb4  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
13:48:37.0370 0x0bb4  TsUsbGD - ok
13:48:37.0402 0x0bb4  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:48:37.0433 0x0bb4  tunnel - ok
13:48:37.0449 0x0bb4  [ 54BDBF3D4DED58DA78B702471C68D4CA, D12F9F09FFE7D38A5EE6BF79DB74D775A9861C3C87E06D7C23259E47247B1782 ] TVALZ           C:\Windows\system32\drivers\TVALZ_O.SYS
13:48:37.0449 0x0bb4  TVALZ - ok
13:48:37.0464 0x0bb4  [ 55A9A23DD64EB7781FCAB565B028CD0E, 44CE0C8244F9AE6CCCDB49C29F6D35FE4CE8C92DE5B5D44D22DBD088DE83AA10 ] TVALZFL         C:\Windows\system32\Drivers\TVALZFL.sys
13:48:37.0480 0x0bb4  TVALZFL - ok
13:48:37.0495 0x0bb4  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:48:37.0527 0x0bb4  uagp35 - ok
13:48:37.0558 0x0bb4  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
13:48:37.0574 0x0bb4  UASPStor - ok
13:48:37.0636 0x0bb4  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
13:48:37.0667 0x0bb4  UCX01000 - ok
13:48:37.0683 0x0bb4  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:48:37.0730 0x0bb4  udfs - ok
13:48:37.0745 0x0bb4  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
13:48:37.0761 0x0bb4  UEFI - ok
13:48:37.0792 0x0bb4  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:48:37.0824 0x0bb4  UI0Detect - ok
13:48:37.0862 0x0bb4  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:48:37.0878 0x0bb4  uliagpkx - ok
13:48:37.0894 0x0bb4  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
13:48:37.0925 0x0bb4  umbus - ok
13:48:37.0925 0x0bb4  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
13:48:37.0956 0x0bb4  UmPass - ok
13:48:37.0987 0x0bb4  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:48:38.0050 0x0bb4  UmRdpService - ok
13:48:38.0112 0x0bb4  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
13:48:38.0190 0x0bb4  upnphost - ok
13:48:38.0268 0x0bb4  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
13:48:38.0300 0x0bb4  usbccgp - ok
13:48:38.0362 0x0bb4  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
13:48:38.0409 0x0bb4  usbcir - ok
13:48:38.0456 0x0bb4  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
13:48:38.0472 0x0bb4  usbehci - ok
13:48:38.0518 0x0bb4  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
13:48:38.0565 0x0bb4  usbhub - ok
13:48:38.0612 0x0bb4  [ FAA564A13576F9284546BF016D27B551, 1D2CD13DC0B02DD40657EE4F93F4A13C78D2F2EF91685E563D78E217C96DF544 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
13:48:38.0628 0x0bb4  USBHUB3 - ok
13:48:38.0675 0x0bb4  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
13:48:38.0815 0x0bb4  usbohci - ok
13:48:38.0831 0x0bb4  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
13:48:38.0909 0x0bb4  usbprint - ok
13:48:38.0925 0x0bb4  [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan         C:\Windows\System32\drivers\usbscan.sys
13:48:38.0987 0x0bb4  usbscan - ok
13:48:39.0019 0x0bb4  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
13:48:39.0065 0x0bb4  USBSTOR - ok
13:48:39.0081 0x0bb4  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
13:48:39.0128 0x0bb4  usbuhci - ok
13:48:39.0159 0x0bb4  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:48:39.0222 0x0bb4  usbvideo - ok
13:48:39.0237 0x0bb4  [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
13:48:39.0268 0x0bb4  USBXHCI - ok
13:48:39.0284 0x0bb4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
13:48:39.0300 0x0bb4  VaultSvc - ok
13:48:39.0331 0x0bb4  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:48:39.0347 0x0bb4  vdrvroot - ok
13:48:39.0440 0x0bb4  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\Windows\System32\vds.exe
13:48:39.0518 0x0bb4  vds - ok
13:48:39.0534 0x0bb4  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
13:48:39.0550 0x0bb4  VerifierExt - ok
13:48:39.0581 0x0bb4  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
13:48:39.0612 0x0bb4  vhdmp - ok
13:48:39.0628 0x0bb4  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:48:39.0643 0x0bb4  viaide - ok
13:48:39.0675 0x0bb4  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:48:39.0675 0x0bb4  vmbus - ok
13:48:39.0690 0x0bb4  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
13:48:39.0706 0x0bb4  VMBusHID - ok
13:48:39.0753 0x0bb4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
13:48:39.0800 0x0bb4  vmicguestinterface - ok
13:48:39.0831 0x0bb4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
13:48:39.0847 0x0bb4  vmicheartbeat - ok
13:48:39.0878 0x0bb4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
13:48:39.0893 0x0bb4  vmickvpexchange - ok
13:48:39.0925 0x0bb4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\Windows\System32\ICSvc.dll
13:48:39.0940 0x0bb4  vmicrdv - ok
13:48:39.0956 0x0bb4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
13:48:39.0987 0x0bb4  vmicshutdown - ok
13:48:40.0003 0x0bb4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
13:48:40.0034 0x0bb4  vmictimesync - ok
13:48:40.0050 0x0bb4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\Windows\System32\ICSvc.dll
13:48:40.0065 0x0bb4  vmicvss - ok
13:48:40.0097 0x0bb4  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:48:40.0112 0x0bb4  volmgr - ok
13:48:40.0112 0x0bb4  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:48:40.0143 0x0bb4  volmgrx - ok
13:48:40.0190 0x0bb4  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:48:40.0222 0x0bb4  volsnap - ok
13:48:40.0284 0x0bb4  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\Windows\System32\drivers\vpci.sys
13:48:40.0315 0x0bb4  vpci - ok
13:48:40.0347 0x0bb4  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:48:40.0378 0x0bb4  vsmraid - ok
13:48:40.0456 0x0bb4  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\Windows\system32\vssvc.exe
13:48:40.0565 0x0bb4  VSS - ok
13:48:40.0612 0x0bb4  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
13:48:40.0659 0x0bb4  VSTXRAID - ok
13:48:40.0675 0x0bb4  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:48:40.0737 0x0bb4  vwifibus - ok
13:48:40.0769 0x0bb4  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:48:40.0831 0x0bb4  vwififlt - ok
13:48:40.0847 0x0bb4  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
13:48:40.0878 0x0bb4  vwifimp - ok
13:48:40.0940 0x0bb4  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\Windows\system32\w32time.dll
13:48:41.0034 0x0bb4  W32Time - ok
13:48:41.0065 0x0bb4  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
13:48:41.0097 0x0bb4  WacomPen - ok
13:48:41.0206 0x0bb4  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\Windows\system32\wbengine.exe
13:48:41.0347 0x0bb4  wbengine - ok
13:48:41.0409 0x0bb4  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:48:41.0487 0x0bb4  WbioSrvc - ok
13:48:41.0518 0x0bb4  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
13:48:41.0565 0x0bb4  Wcmsvc - ok
13:48:41.0597 0x0bb4  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:48:41.0628 0x0bb4  wcncsvc - ok
13:48:41.0644 0x0bb4  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:48:41.0737 0x0bb4  WcsPlugInService - ok
13:48:41.0753 0x0bb4  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
13:48:41.0784 0x0bb4  WdBoot - ok
13:48:41.0862 0x0bb4  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:48:41.0909 0x0bb4  Wdf01000 - ok
13:48:41.0925 0x0bb4  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
13:48:41.0940 0x0bb4  WdFilter - ok
13:48:41.0972 0x0bb4  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:48:42.0018 0x0bb4  WdiServiceHost - ok
13:48:42.0034 0x0bb4  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:48:42.0050 0x0bb4  WdiSystemHost - ok
13:48:42.0081 0x0bb4  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
13:48:42.0097 0x0bb4  WdNisDrv - ok
13:48:42.0112 0x0bb4  WdNisSvc - ok
13:48:42.0159 0x0bb4  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\Windows\System32\webclnt.dll
13:48:42.0237 0x0bb4  WebClient - ok
13:48:42.0284 0x0bb4  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:48:42.0347 0x0bb4  Wecsvc - ok
13:48:42.0378 0x0bb4  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
13:48:42.0409 0x0bb4  WEPHOSTSVC - ok
13:48:42.0425 0x0bb4  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:48:42.0487 0x0bb4  wercplsupport - ok
13:48:42.0518 0x0bb4  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
13:48:42.0550 0x0bb4  WerSvc - ok
13:48:42.0581 0x0bb4  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
13:48:42.0612 0x0bb4  WFPLWFS - ok
13:48:42.0643 0x0bb4  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
13:48:42.0675 0x0bb4  WiaRpc - ok
13:48:42.0706 0x0bb4  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:48:42.0722 0x0bb4  WIMMount - ok
13:48:42.0722 0x0bb4  WinDefend - ok
13:48:42.0800 0x0bb4  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
13:48:42.0862 0x0bb4  WinHttpAutoProxySvc - ok
13:48:42.0910 0x0bb4  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:48:42.0989 0x0bb4  Winmgmt - ok
13:48:43.0131 0x0bb4  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:48:43.0225 0x0bb4  WinRM - ok
13:48:43.0334 0x0bb4  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\Windows\System32\wlansvc.dll
13:48:43.0412 0x0bb4  WlanSvc - ok
13:48:43.0506 0x0bb4  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
13:48:43.0584 0x0bb4  wlidsvc - ok
13:48:43.0615 0x0bb4  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
13:48:43.0615 0x0bb4  WmiAcpi - ok
13:48:43.0647 0x0bb4  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:48:43.0693 0x0bb4  wmiApSrv - ok
13:48:43.0709 0x0bb4  WMPNetworkSvc - ok
13:48:43.0756 0x0bb4  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
13:48:43.0771 0x0bb4  Wof - ok
13:48:43.0881 0x0bb4  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
13:48:44.0006 0x0bb4  workfolderssvc - ok
13:48:44.0037 0x0bb4  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
13:48:44.0053 0x0bb4  wpcfltr - ok
13:48:44.0084 0x0bb4  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:48:44.0131 0x0bb4  WPCSvc - ok
13:48:44.0162 0x0bb4  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:48:44.0225 0x0bb4  WPDBusEnum - ok
13:48:44.0256 0x0bb4  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
13:48:44.0287 0x0bb4  WpdUpFltr - ok
13:48:44.0303 0x0bb4  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:48:44.0350 0x0bb4  ws2ifsl - ok
13:48:44.0381 0x0bb4  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:48:44.0443 0x0bb4  wscsvc - ok
13:48:44.0443 0x0bb4  WSearch - ok
13:48:44.0615 0x0bb4  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\Windows\System32\WSService.dll
13:48:44.0803 0x0bb4  WSService - ok
13:48:44.0975 0x0bb4  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:48:45.0179 0x0bb4  wuauserv - ok
13:48:45.0210 0x0bb4  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:48:45.0288 0x0bb4  WudfPf - ok
13:48:45.0319 0x0bb4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
13:48:45.0366 0x0bb4  WUDFRd - ok
13:48:45.0382 0x0bb4  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:48:45.0398 0x0bb4  wudfsvc - ok
13:48:45.0413 0x0bb4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\Windows\System32\drivers\WUDFRd.sys
13:48:45.0429 0x0bb4  WUDFWpdFs - ok
13:48:45.0460 0x0bb4  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:48:45.0491 0x0bb4  WwanSvc - ok
13:48:45.0711 0x0bb4  [ 51842449D6076C512D626C77E2665167, 2409BDEE5F607DE651A190C3DFAAB8EE0EEF18F04E6B2F34A7FF855021D5ED66 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
13:48:45.0789 0x0bb4  ZeroConfigService - ok
13:48:45.0789 0x0bb4  ================ Scan global ===============================
13:48:45.0867 0x0bb4  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\Windows\system32\basesrv.dll
13:48:45.0914 0x0bb4  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
13:48:45.0945 0x0bb4  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
13:48:45.0992 0x0bb4  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
13:48:46.0023 0x0bb4  [ Global ] - ok
13:48:46.0023 0x0bb4  ================ Scan MBR ==================================
13:48:46.0039 0x0bb4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:48:46.0305 0x0bb4  \Device\Harddisk0\DR0 - ok
13:48:46.0305 0x0bb4  ================ Scan VBR ==================================
13:48:46.0340 0x0bb4  [ DB1510D0CB12BFD9A1B1EEA144C719A5 ] \Device\Harddisk0\DR0\Partition1
13:48:46.0402 0x0bb4  \Device\Harddisk0\DR0\Partition1 - ok
13:48:46.0418 0x0bb4  [ B9F2CB3153FB24A1743524889B5DD4B2 ] \Device\Harddisk0\DR0\Partition2
13:48:46.0481 0x0bb4  \Device\Harddisk0\DR0\Partition2 - ok
13:48:46.0496 0x0bb4  [ A93F8866A00C69ECA1CFB4AD9BF0C715 ] \Device\Harddisk0\DR0\Partition3
13:48:46.0559 0x0bb4  \Device\Harddisk0\DR0\Partition3 - ok
13:48:46.0574 0x0bb4  [ B71986B774443F78EA280ED860C6DB37 ] \Device\Harddisk0\DR0\Partition4
13:48:46.0637 0x0bb4  \Device\Harddisk0\DR0\Partition4 - ok
13:48:46.0668 0x0bb4  [ 808750EA8123E1F9D616F50FEB6546AF ] \Device\Harddisk0\DR0\Partition5
13:48:46.0684 0x0bb4  \Device\Harddisk0\DR0\Partition5 - ok
13:48:46.0684 0x0bb4  ================ Scan generic autorun ======================
13:48:46.0762 0x0bb4  [ AC698132EDEA96B022FCB48E180EA567, 06F3BFC5FCFF1577399EF3D9C53B00D481AEBA8BA36930AF11F9AFD334A1C70D ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
13:48:46.0793 0x0bb4  AmIcoSinglun64 - ok
13:48:46.0904 0x0bb4  [ 9C1BDB837A2DA4FFC60CB61CEEA3E334, 31007C53EC7E077A6B9518FAF4D2566376C6F23FCE614AE29F2DA78DBF6BF564 ] C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
13:48:46.0966 0x0bb4  1.TPUReg - ok
13:48:47.0013 0x0bb4  [ 18DBA177BD009B91D1884C9DB62BB039, 74777A7B69BB2886920B6F1A1039A90FCA8DC2DAA1D6F985ED7F49A35C2E0D42 ] c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe
13:48:47.0029 0x0bb4  TSVU - ok
13:48:47.0154 0x0bb4  [ AABD3E439647167142FFA5567512B3A4, 9C90D4638B072BE1E49FE1704127F62FA1A98D4A7D8A17A4DE2F797FDFB85FAE ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
13:48:47.0201 0x0bb4  CanonQuickMenu - ok
13:48:47.0216 0x0bb4  [ C8AEBDDAAD605E68DBCCD41CD58FC841, 97243EB73BD358D23E74AEEA8998A45B2DF23637282E892D39FDA0EFCB2EFB69 ] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
13:48:47.0216 0x0bb4  ITSecMng - ok
13:48:47.0232 0x0bb4  Waiting for KSN requests completion. In queue: 144
13:48:48.0248 0x0bb4  Waiting for KSN requests completion. In queue: 144
13:48:49.0248 0x0bb4  Waiting for KSN requests completion. In queue: 144
13:48:50.0326 0x0bb4  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\wmiav.exe ( 15.0.0.463 ), 0x41000 ( enabled : updated )
13:48:50.0342 0x0bb4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
13:48:50.0342 0x0bb4  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\wmifw.exe ( 15.0.0.463 ), 0x41010 ( enabled )
13:48:52.0831 0x0bb4  ============================================================
13:48:52.0831 0x0bb4  Scan finished
13:48:52.0831 0x0bb4  ============================================================
13:48:52.0847 0x1fc8  Detected object count: 0
13:48:52.0847 0x1fc8  Actual detected object count: 0
         
und der Rest:

MBAR

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.15.02
  rootkit: v2015.05.14.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17801
*** :: XYZ [administrator]

15.05.2015 13:19:20
mbar-log-2015-05-15 (13-19-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 346860
Time elapsed: 25 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Alt 16.05.2015, 07:26   #6
schrauber
/// the machine
/// TB-Ausbilder
 

DHL-Trojaner-EMail mit PDF-Anhang geöffnet - Standard

DHL-Trojaner-EMail mit PDF-Anhang geöffnet



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> DHL-Trojaner-EMail mit PDF-Anhang geöffnet

Alt 16.05.2015, 14:16   #7
rrm7
 
DHL-Trojaner-EMail mit PDF-Anhang geöffnet - Standard

DHL-Trojaner-EMail mit PDF-Anhang geöffnet



eine Frage hätte ich noch:

auf der Homepage von ComboFix findet sich folgende Info zur Version 15.5.13.1:
This program does not work on Windows 8.1 at this time!

Und ich habe Windows 8.1...D.h. mit Combofix würde es nicht funktionieren?!

Gruß, rrm7

Alt 17.05.2015, 08:33   #8
schrauber
/// the machine
/// TB-Ausbilder
 

DHL-Trojaner-EMail mit PDF-Anhang geöffnet - Standard

DHL-Trojaner-EMail mit PDF-Anhang geöffnet



mein Fehler


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu DHL-Trojaner-EMail mit PDF-Anhang geöffnet
angeklickt, bleibe, dasselbe, defogger, e-mail, freue, gefunde, geklickt, gestern, gmer, hilfe, kaspersky, link, nicht mehr, nichts, ordnung, pdf-anhang, pdf-datei, runtergeladen, schnell, system, würde



Ähnliche Themen: DHL-Trojaner-EMail mit PDF-Anhang geöffnet


  1. Fake-Email mit Zip Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 21.06.2015 (21)
  2. Anhang (zip) von gefälschter Email geöffnet - Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 13.05.2015 (1)
  3. Anhang von falscher Zalando-Email geöffnet, Virus oder Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 18.11.2014 (11)
  4. Anhang in einer Email geöffnet, Zip-Datei ausversehen ausgeführt, jetzt deutliche Leistungseinbußen, Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (13)
  5. Windows 8.1 32bit Email der Anwalt Ebay GmbH Anhang geöffnet -> Trojaner?
    Log-Analyse und Auswertung - 09.07.2014 (13)
  6. eMail Anhang geöffnet - Virus auf dem iPhone?
    Smartphone, Tablet & Handy Security - 20.03.2014 (5)
  7. TR/Matsnu.A.66 im Email Anhang (geöffnet)
    Log-Analyse und Auswertung - 07.10.2013 (19)
  8. MAC OSX 10.7.5 Trojaner.GenericKD. Email-ZIP-Anhang geöffnet.
    Plagegeister aller Art und deren Bekämpfung - 03.10.2013 (3)
  9. verseuchte email mit zip anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 01.09.2013 (29)
  10. Ominöser Email-Anhang geöffnet
    Log-Analyse und Auswertung - 26.08.2013 (9)
  11. Spam-Email-Anhang (Zip) geöffnet
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (9)
  12. Email-Anhang (ZIP) geöffnet
    Log-Analyse und Auswertung - 18.04.2013 (1)
  13. Email Anhang mit TR/Matsnu.EB.132 geöffnet
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (16)
  14. Groupon Email-Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (7)
  15. Anhang von Fake-Groupon-Email geöffnet - Trojaner
    Log-Analyse und Auswertung - 11.03.2013 (11)
  16. Email Anhang geöffnet!
    Log-Analyse und Auswertung - 11.03.2013 (44)
  17. Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren
    Log-Analyse und Auswertung - 25.02.2013 (19)

Zum Thema DHL-Trojaner-EMail mit PDF-Anhang geöffnet - Hallo, ich habe gestern eine DHL-Trojaner-Mail bekommen und den PDF-Anhang zur E-Mail geöffnet. Ich bin mir allerdings nicht mehr sicher, ob die PDF-Datei einen Link beinhaltete oder nicht bzw. ob - DHL-Trojaner-EMail mit PDF-Anhang geöffnet...
Archiv
Du betrachtest: DHL-Trojaner-EMail mit PDF-Anhang geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.