Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: netstat russische ip syn_sent

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.06.2016, 18:08   #1
sodium
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent



Habe mal wieder den "netstat -ban" Befehl in meiner Cmd eingegeben (wonach ich alle auffälligen Prozesse wie z.B. Chrome welche nur noch weitere Verbindungen aufbauen würden geschlossen hatte.) und dort ist mir aufgefallen, dass ich zu einer russischen Ip (" 46.161.24.222 ") (über den Port "16296") eine Verbindung mit dem Status "syn_sent" habe. Dies kommt mir sehr merkwürdig vor, aber da ich keine wirkliche Ahnung habe, ob das nun auf Malware hinweist oder nicht, wende ich mich an dieses Forum.
(hier noch die anderen externen Ip's (+ ports) welche durch den Befehl angezeigt wurden)

45.58.70.6:443
216.58.213.206:443
104.20.64.56:80
216.58.210.35:443
216.58.213.206:443
46.161.24.222:16296

25.132.97.94:2170 # diese ip gehört laut cqcounter zu UK Ministry of Defence (hxxp://prntscr.com/bicblk)

Alt 19.06.2016, 20:37   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 19.06.2016, 21:10   #3
sodium
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent



Danke für die schnelle Antwort
frst.txt :

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016 01
Ran by root (administrator) on BATTLESTATION (19-06-2016 21:57:31)
Running from C:\Users\root\Desktop
Loaded Profiles: root (Available Profiles: root)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Hi-Rez Studios) E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Tanuki Software, Ltd.) E:\i2p\I2Psvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\root\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\root\AppData\Roaming\Spotify\Spotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(MagicISO, Inc.) E:\MagicDisc\MagicDisc.exe
(Sharkoon Technologies) E:\SkillerPro\Monitor.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(Spotify Ltd) C:\Users\root\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\root\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\root\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Valve Corporation) E:\steam\Steam.exe
(Valve Corporation) E:\steam\bin\steamwebhelper.exe
(Valve Corporation) E:\steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Electronic Arts) E:\New folder\Origin\Origin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6603520 2016-06-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [Skiller PRO] => E:\SkillerPro\Monitor.exe [475136 2015-07-17] (Sharkoon Technologies)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\Run: [Steam] => E:\steam\steam.exe [2917456 2016-06-15] (Valve Corporation)
HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\Run: [Spotify Web Helper] => C:\Users\root\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-17] (Spotify Ltd)
HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\Run: [Spotify] => C:\Users\root\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-17] (Spotify Ltd)
HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\MountPoints2: {c530b6ca-dcba-11e5-b9ae-806e6f6e6963} - D:\ASRSetup.exe
Startup: C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2016-06-07]
ShortcutTarget: MagicDisc.lnk -> E:\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{C926664C-AAB9-4E7B-8850-D2F4CDAB3CCA}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-3648149182-1190501675-731794431-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3648149182-1190501675-731794431-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2016-02-27] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-3648149182-1190501675-731794431-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\root\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-02-19] (Unity Technologies ApS)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://events.ccc.de/"
CHR Profile: C:\Users\root\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (uBlock Origin) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-05-06]
CHR Extension: (WebRTC Leak Prevent) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiadekoaikejlgdbkbdfeijglgfdalml [2016-03-14]
CHR Extension: (ScriptBlock) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2016-02-28]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajfgnegopeedndeahkdjedjkjcmnpb [2016-06-11]
CHR Extension: (YouTube Plus) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkdalpbojfdilmiboaiedicdbigdabpb [2016-06-19]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2016-06-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-03-10] (Adobe Systems) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-06-02] (Advanced Micro Devices) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-06-01] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2519904 2016-05-22] (ESET)
S4 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
U2 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-05-20] (Hi-Rez Studios) [File not signed]
R4 i2p; E:\i2p\I2Psvc.exe [389632 2016-04-21] (Tanuki Software, Ltd.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-01-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-05-27] (IObit)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S4 MlPatch; C:\Windows\system32\MlPatch.exe [2244912 2014-08-22] ()
S3 Origin Client Service; E:\New folder\Origin\OriginClientService.exe [2122248 2016-06-13] (Electronic Arts)
S4 PAExec; C:\Windows\PAExec.exe [189112 2016-06-11] (Power Admin LLC)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-04-05] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-04-04] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 U2VSvr; C:\Windows\system32\U2VSvr.exe [270200 2009-08-26] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [297216 2016-06-02] (Advanced Micro Devices)
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-01-27] (Asmedia Technology)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-03] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-02-23] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2016-02-23] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [170792 2016-02-23] (ESET)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [172752 2016-01-12] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 T1PExGrp64; C:\Windows\System32\DRIVERS\T1PExGrp64.sys [29824 2009-09-01] (Magic Control Technology Corp.)
R3 T1PMrGrp64; C:\Windows\System32\DRIVERS\T1PMrGrp64.sys [31360 2009-09-01] (Magic Control Technology Corp.)
S3 t1pusb64; C:\Windows\System32\drivers\t1pusb64.sys [156424 2016-01-19] (Magic Control Technology Corp.)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-19 21:57 - 2016-06-19 21:57 - 00016748 _____ C:\Users\root\Desktop\FRST.txt
2016-06-19 21:56 - 2016-06-19 21:57 - 00000000 ____D C:\FRST
2016-06-19 21:55 - 2016-06-19 21:55 - 02387456 _____ (Farbar) C:\Users\root\Desktop\FRST64.exe
2016-06-19 19:09 - 2016-06-19 19:09 - 00000132 _____ C:\Users\root\Desktop\netstat-Ban.txt
2016-06-19 18:06 - 2016-06-19 18:06 - 00000049 _____ C:\Users\root\Desktop\scammer.txt
2016-06-18 13:29 - 2016-06-18 13:29 - 00000523 _____ C:\Users\Public\Desktop\Cygwin64 Terminal.lnk
2016-06-16 18:53 - 2016-06-16 18:53 - 01156748 _____ C:\Users\root\Desktop\phpProjektMaxSotscheck.zip
2016-06-15 14:11 - 2016-06-06 18:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 14:11 - 2016-06-06 18:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 14:11 - 2016-06-03 15:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 14:11 - 2016-05-27 15:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 14:11 - 2016-05-27 15:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 14:11 - 2016-05-27 15:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 14:11 - 2016-05-27 15:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 14:11 - 2016-05-22 15:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 14:11 - 2016-05-18 18:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 14:11 - 2016-05-18 18:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 14:11 - 2016-05-14 00:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 14:11 - 2016-05-14 00:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 14:11 - 2016-05-14 00:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 14:11 - 2016-05-14 00:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 14:11 - 2016-05-14 00:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 14:11 - 2016-05-13 23:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 14:11 - 2016-05-13 23:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 14:11 - 2016-05-13 23:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 14:11 - 2016-05-13 23:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 14:11 - 2016-05-13 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 14:11 - 2016-05-12 19:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 14:11 - 2016-05-12 19:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 14:11 - 2016-05-12 19:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 14:11 - 2016-05-12 19:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 14:11 - 2016-05-12 19:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 14:11 - 2016-05-12 19:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 14:11 - 2016-05-12 19:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 14:11 - 2016-05-12 19:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 14:11 - 2016-05-12 19:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 14:11 - 2016-05-12 19:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 14:11 - 2016-05-12 17:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 14:11 - 2016-05-12 17:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 14:11 - 2016-05-12 17:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 14:11 - 2016-05-12 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 14:11 - 2016-05-12 16:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 14:11 - 2016-05-12 16:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 14:11 - 2016-05-12 16:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 14:11 - 2016-05-12 16:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 14:11 - 2016-05-12 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 14:11 - 2016-05-12 16:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 14:11 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 14:11 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 14:11 - 2016-05-12 16:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-15 14:11 - 2016-05-12 16:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 14:11 - 2016-05-12 16:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 14:11 - 2016-05-12 15:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 14:11 - 2016-05-12 15:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 14:11 - 2016-05-12 15:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 14:11 - 2016-05-11 19:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 14:11 - 2016-05-11 19:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 14:11 - 2016-05-11 19:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 14:11 - 2016-05-11 19:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 14:11 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 14:11 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 14:11 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 14:11 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 14:11 - 2016-05-11 17:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 14:11 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 14:11 - 2016-05-11 16:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 14:11 - 2016-04-14 18:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 14:11 - 2016-04-14 18:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 14:11 - 2016-04-14 18:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 14:11 - 2016-04-14 18:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-15 14:11 - 2016-04-14 18:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 14:11 - 2016-04-14 18:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-15 14:11 - 2016-04-14 17:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-15 14:11 - 2016-04-14 17:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 14:11 - 2016-04-14 17:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-15 14:11 - 2016-04-14 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-15 14:11 - 2016-04-14 17:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-15 14:11 - 2016-04-14 17:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-15 14:11 - 2016-04-09 08:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 14:11 - 2016-04-09 08:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-15 14:11 - 2016-04-09 08:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 14:11 - 2016-04-09 08:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-15 14:11 - 2016-04-09 07:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 14:11 - 2016-04-09 07:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-15 14:11 - 2016-03-09 21:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-15 14:11 - 2016-03-09 20:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-15 14:10 - 2016-05-24 01:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 14:10 - 2016-05-24 00:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 14:10 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 14:10 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 14:10 - 2016-05-21 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 14:10 - 2016-05-21 00:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 14:10 - 2016-05-21 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 14:10 - 2016-05-21 00:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 14:10 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 14:10 - 2016-05-21 00:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 14:10 - 2016-05-21 00:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 14:10 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 14:10 - 2016-05-21 00:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 14:10 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 14:10 - 2016-05-21 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 14:10 - 2016-05-20 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 14:10 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 14:10 - 2016-05-20 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 14:10 - 2016-05-20 23:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 14:10 - 2016-05-20 23:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 14:10 - 2016-05-20 23:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 14:10 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 14:10 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 14:10 - 2016-05-20 23:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 14:10 - 2016-05-20 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 14:10 - 2016-05-20 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 14:10 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 14:10 - 2016-05-20 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 14:10 - 2016-05-20 23:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 14:10 - 2016-05-20 23:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 14:10 - 2016-05-20 23:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 14:10 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 14:10 - 2016-05-20 23:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 14:10 - 2016-05-20 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 14:10 - 2016-05-20 23:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 14:10 - 2016-05-20 23:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 14:10 - 2016-05-20 23:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 14:10 - 2016-05-20 23:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 14:10 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 14:10 - 2016-05-20 23:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 14:10 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 14:10 - 2016-05-20 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 14:10 - 2016-05-20 23:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 14:10 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 14:10 - 2016-05-20 23:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 14:10 - 2016-05-20 23:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 14:10 - 2016-05-20 23:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 14:10 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 14:10 - 2016-05-20 23:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 14:10 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 14:10 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 14:10 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 14:10 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 14:10 - 2016-05-20 23:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 14:10 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 14:10 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 14:10 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 14:10 - 2016-05-20 23:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 14:10 - 2016-05-20 23:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 14:10 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 14:10 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 14:10 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 14:10 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 14:10 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 14:10 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 14:10 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-13 19:47 - 2016-06-13 19:47 - 00000000 ____D C:\Users\root\AppData\Roaming\MMFApplications
2016-06-13 19:46 - 2016-06-13 20:04 - 00000000 ____D C:\Users\root\Documents\The Escapists
2016-06-13 19:46 - 2016-06-13 19:46 - 00000000 ____D C:\Users\root\AppData\Roaming\Steam
2016-06-12 18:53 - 2016-06-15 16:43 - 00002244 ____H C:\Users\root\Documents\Default.rdp
2016-06-12 18:49 - 2016-06-18 15:05 - 00000600 _____ C:\Users\root\AppData\Local\PUTTY.RND
2016-06-12 18:23 - 2016-06-12 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2016-06-12 16:20 - 2016-06-13 00:52 - 00000600 _____ C:\Users\root\AppData\Roaming\winscp.rnd
2016-06-12 04:24 - 2016-06-12 04:24 - 00000000 ____D C:\ProgramData\Steam
2016-06-12 04:24 - 2016-06-12 04:24 - 00000000 ____D C:\ProgramData\Codemasters
2016-06-11 23:41 - 2016-06-11 23:41 - 00000000 ____D C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-06-11 23:08 - 2016-06-19 10:42 - 00000000 ____D C:\ProgramData\ProductData
2016-06-11 23:08 - 2016-06-11 23:39 - 00000000 ____D C:\Users\root\IObit Uninstaller
2016-06-11 23:08 - 2016-06-11 23:09 - 00000000 ____D C:\Users\root\AppData\Roaming\IObit
2016-06-11 23:08 - 2016-06-11 23:08 - 00000000 ____D C:\Users\root\AppData\Roaming\ProductData
2016-06-11 23:08 - 2016-06-11 23:08 - 00000000 ____D C:\Users\root\AppData\LocalLow\IObit
2016-06-11 23:08 - 2016-06-11 23:08 - 00000000 ____D C:\ProgramData\IObit
2016-06-11 23:08 - 2016-06-11 23:08 - 00000000 ____D C:\Program Files (x86)\IObit
2016-06-11 22:03 - 2016-06-11 22:03 - 00000000 ____D C:\Users\root\Documents\ComroeStudios
2016-06-11 21:03 - 2016-06-11 21:03 - 00000000 ____D C:\Users\root\AppData\Roaming\ATI
2016-06-11 21:03 - 2016-06-11 21:03 - 00000000 ____D C:\Users\root\AppData\Local\ATI
2016-06-11 21:03 - 2016-06-11 21:03 - 00000000 ____D C:\ProgramData\ATI
2016-06-11 20:59 - 2016-06-12 01:15 - 00000000 ____D C:\Users\root\AppData\Local\AMD
2016-06-11 20:58 - 2016-06-11 20:58 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-06-11 20:57 - 2016-04-27 22:59 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-06-11 20:57 - 2016-04-27 22:58 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-06-11 20:57 - 2016-04-27 22:58 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-06-11 20:57 - 2016-04-27 22:58 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-06-11 20:56 - 2016-06-11 21:03 - 00000000 ____D C:\Program Files\AMD
2016-06-11 20:56 - 2016-06-11 20:56 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-06-11 20:56 - 2016-06-11 20:56 - 00000000 ____D C:\Program Files (x86)\AMD
2016-06-11 20:48 - 2016-06-11 20:48 - 00189112 _____ (Power Admin LLC) C:\Windows\PAExec.exe
2016-06-11 20:47 - 2016-06-11 20:47 - 00003168 _____ C:\Windows\System32\Tasks\{8B62FC96-393C-4437-8255-A589AC139FB7}
2016-06-11 19:53 - 2016-06-11 19:53 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-06-11 19:53 - 2016-06-11 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by Decepticon
2016-06-11 17:19 - 2016-06-11 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max und Mario
2016-06-11 12:47 - 2016-06-11 19:00 - 00000000 ____D C:\Users\root\AppData\Roaming\PeaZip
2016-06-11 12:47 - 2016-06-11 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2016-06-09 18:25 - 2016-06-09 18:25 - 00000000 ____D C:\Users\root\AppData\Local\Skyrim
2016-06-07 16:29 - 2016-06-07 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ballance
2016-06-07 16:28 - 2009-02-24 18:35 - 00255552 _____ (MagicISO, Inc.) C:\Windows\system32\Drivers\mcdbus.sys
2016-06-07 16:26 - 2016-06-07 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2016-06-07 16:24 - 2016-06-07 16:24 - 00000000 ____D C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
2016-06-07 16:24 - 2016-06-07 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2016-06-07 16:24 - 2009-02-24 18:35 - 00255552 _____ (MagicISO, Inc.) C:\Windows\SysWOW64\Drivers\mcdbus.sys
2016-06-07 15:11 - 2016-06-07 15:11 - 00000000 ____D C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2016-06-06 21:32 - 2016-06-06 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2016-06-06 17:14 - 2016-06-06 17:14 - 00000000 ____D C:\Users\root\AppData\Local\Daedalic Entertainment
2016-06-06 16:52 - 2016-06-06 16:52 - 00000000 ____D C:\Users\root\AppData\Local\ManyCam
2016-06-06 16:49 - 2016-06-06 16:49 - 00000000 ____D C:\ProgramData\ManyCam
2016-06-06 16:48 - 2016-06-11 16:57 - 00000000 ____D C:\Users\root\AppData\Roaming\ManyCam
2016-06-03 20:36 - 2016-06-04 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-06-02 23:14 - 2016-06-02 23:14 - 00150544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00141280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00137136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-06-02 23:14 - 2016-06-02 23:14 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-06-02 23:13 - 2016-06-02 23:13 - 09798560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-06-02 23:13 - 2016-06-02 23:13 - 08883384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-06-02 23:13 - 2016-06-02 23:13 - 08577456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-06-02 23:11 - 2016-06-02 23:11 - 00297216 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-06-02 23:08 - 2016-06-02 23:08 - 26990080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-06-02 23:02 - 2016-06-02 23:02 - 48616960 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-06-02 23:02 - 2016-06-02 23:02 - 00252928 _____ C:\Windows\system32\clinfo.exe
2016-06-02 23:01 - 2016-06-02 23:01 - 38098432 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-06-02 23:00 - 2016-06-02 23:00 - 00096256 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-06-02 23:00 - 2016-06-02 23:00 - 00087040 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-06-02 22:58 - 2016-06-02 22:58 - 27433472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-06-02 22:58 - 2016-06-02 22:58 - 21600768 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-06-02 22:58 - 2016-06-02 22:58 - 08699904 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-06-02 22:54 - 2016-06-02 22:54 - 06952448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-06-02 22:45 - 2016-06-02 22:45 - 00096256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2016-06-02 22:43 - 2016-06-02 22:43 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2016-06-02 22:42 - 2016-06-02 22:42 - 30188032 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-06-02 22:42 - 2016-06-02 22:42 - 00732160 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2016-06-02 22:42 - 2016-06-02 22:42 - 00607744 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2016-06-02 22:42 - 2016-06-02 22:42 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-06-02 22:42 - 2016-06-02 22:42 - 00117760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-06-02 22:41 - 2016-06-02 22:41 - 06965248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-06-02 22:39 - 2016-06-02 22:39 - 00865280 _____ (AMD) C:\Windows\system32\coinst_16.20.dll
2016-06-02 22:38 - 2016-06-02 22:38 - 05643776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-06-02 22:38 - 2016-06-02 22:38 - 00717520 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-06-02 22:38 - 2016-06-02 22:38 - 00717520 _____ C:\Windows\system32\atiapfxx.blb
2016-06-02 22:37 - 2016-06-02 22:37 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-06-02 22:37 - 2016-06-02 22:37 - 00385536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-06-02 22:37 - 2016-06-02 22:37 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-06-02 22:37 - 2016-06-02 22:37 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-06-02 22:37 - 2016-06-02 22:37 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-06-02 22:37 - 2016-06-02 22:37 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-06-02 22:36 - 2016-06-02 22:36 - 14302720 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-06-02 22:35 - 2016-06-02 22:35 - 24836096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-06-02 22:35 - 2016-06-02 22:35 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-06-02 22:35 - 2016-06-02 22:35 - 00038400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-06-02 22:34 - 2016-06-02 22:34 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-06-02 22:34 - 2016-06-02 22:34 - 00092160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-06-02 22:32 - 2016-06-02 22:32 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2016-06-02 22:31 - 2016-06-02 22:31 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-06-02 22:31 - 2016-06-02 22:31 - 00274432 _____ C:\Windows\system32\dgtrayicon.exe
2016-06-02 22:31 - 2016-06-02 22:31 - 00258560 _____ C:\Windows\system32\GameManager64.dll
2016-06-02 22:31 - 2016-06-02 22:31 - 00212480 _____ C:\Windows\system32\atieah64.exe
2016-06-02 22:30 - 2016-06-02 22:30 - 00588288 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-06-02 22:30 - 2016-06-02 22:30 - 00306688 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-06-02 22:30 - 2016-06-02 22:30 - 00270336 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-06-02 22:30 - 2016-06-02 22:30 - 00230912 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-06-02 22:30 - 2016-06-02 22:30 - 00202752 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-06-02 22:30 - 2016-06-02 22:30 - 00190464 _____ C:\Windows\SysWOW64\atieah32.exe
2016-06-02 22:30 - 2016-06-02 22:30 - 00093696 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-06-02 22:28 - 2016-06-02 22:28 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2016-06-02 22:26 - 2016-06-02 22:26 - 01304576 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-06-02 22:26 - 2016-06-02 22:26 - 00973824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-06-02 22:26 - 2016-06-02 22:26 - 00973824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-06-02 22:26 - 2016-06-02 22:26 - 00185344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-06-02 22:26 - 2016-06-02 22:26 - 00159232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-06-02 22:26 - 2016-06-02 22:26 - 00106496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-06-02 22:26 - 2016-06-02 22:26 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-06-02 22:26 - 2016-06-02 22:26 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-06-02 22:25 - 2016-06-02 22:25 - 00497664 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-06-02 22:25 - 2016-06-02 22:25 - 00119808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2016-06-02 22:25 - 2016-06-02 22:25 - 00101376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2016-06-02 22:25 - 2016-06-02 22:25 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-06-02 22:23 - 2016-06-02 22:23 - 00251392 _____ C:\Windows\system32\hsa-thunk64.dll
2016-06-02 22:23 - 2016-06-02 22:23 - 00217088 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-06-02 16:50 - 2016-06-02 16:50 - 02412544 _____ C:\Windows\system32\amdacpusl.pdb
2016-06-02 16:41 - 2016-06-02 16:41 - 00364544 _____ (Advanced Micro Devices) C:\Windows\system32\amdacpusl.dll
2016-06-02 16:41 - 2016-06-02 16:41 - 00306176 _____ C:\Windows\system32\amdacpusl.pdb.pub
2016-06-02 16:41 - 2016-06-02 16:41 - 00248832 _____ (Advanced Micro Devices) C:\Windows\SysWOW64\amdacpusl.dll
2016-06-01 15:47 - 2016-06-17 23:34 - 00000000 ____D C:\Users\root\AppData\Local\DayZ
2016-06-01 15:47 - 2016-06-16 00:07 - 00000000 ____D C:\Users\root\Documents\DayZ
2016-06-01 13:20 - 2016-06-01 13:28 - 00000000 ____D C:\Users\root\Documents\Ableton
2016-06-01 13:20 - 2016-06-01 13:24 - 00000000 ____D C:\Users\root\AppData\Roaming\Ableton
2016-06-01 13:20 - 2016-06-01 13:20 - 00000398 __RSH C:\ProgramData\ntuser.pol
2016-06-01 13:19 - 2016-06-01 13:19 - 00000509 _____ C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Trial.lnk
2016-06-01 13:01 - 2016-06-01 13:01 - 00003132 _____ C:\Windows\System32\Tasks\{22C96BDC-3654-402C-B43C-043533256BEC}
2016-05-29 03:38 - 2016-05-29 03:38 - 00000692 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-05-29 03:38 - 2016-05-29 03:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-05-29 03:38 - 2016-05-29 03:38 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-05-29 03:37 - 2016-05-29 03:37 - 00000565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-05-28 22:31 - 2016-05-28 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2016-05-28 22:23 - 2016-05-28 22:36 - 00000000 ____D C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2016-05-28 22:22 - 2016-05-28 22:22 - 00000000 ____D C:\ProgramData\ByteFence
2016-05-28 20:49 - 2016-05-28 20:49 - 00000000 __RHD C:\ESD
2016-05-28 17:45 - 2016-05-28 17:45 - 00000000 ____D C:\Users\root\AppData\Roaming\Immunity Debugger
2016-05-28 17:44 - 2016-05-28 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-05-28 17:43 - 2016-05-28 17:44 - 00000000 ____D C:\Python27
2016-05-28 17:43 - 2016-05-28 17:43 - 00000000 ____D C:\Program Files (x86)\Immunity Inc
2016-05-28 17:30 - 2016-05-28 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immunity Inc
2016-05-28 12:59 - 2016-05-28 12:59 - 00000730 _____ C:\Users\root\AppData\Local\recently-used.xbel
2016-05-22 01:28 - 2016-06-02 15:47 - 00007603 _____ C:\Users\root\AppData\Local\Resmon.ResmonCfg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-19 21:48 - 2016-02-27 04:04 - 00000000 ____D C:\Users\root\AppData\Roaming\Skype
2016-06-19 21:39 - 2016-04-04 20:30 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-06-19 21:39 - 2016-04-04 20:30 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-06-19 21:32 - 2016-04-04 18:11 - 00000000 ____D C:\ProgramData\Origin
2016-06-19 21:20 - 2016-02-26 21:11 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-19 20:56 - 2009-07-14 06:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-19 20:56 - 2009-07-14 06:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-19 20:55 - 2009-07-14 07:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-19 20:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-19 20:53 - 2016-02-27 00:31 - 00000000 ____D C:\Users\root\AppData\Roaming\Spotify
2016-06-19 20:49 - 2016-04-21 23:20 - 00000000 ____D C:\ProgramData\i2p
2016-06-19 20:48 - 2016-02-27 14:26 - 00000000 ____D C:\Users\root\AppData\Local\Spotify
2016-06-19 20:48 - 2016-02-26 21:11 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-19 20:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-19 19:41 - 2016-02-26 21:47 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-06-19 19:33 - 2016-02-28 16:58 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F0F7625D-3792-4D15-8C8E-F102AEAB3563}
2016-06-19 19:33 - 2016-02-27 01:23 - 00000000 ____D C:\Users\root\AppData\Roaming\vlc
2016-06-19 19:31 - 2016-02-28 03:53 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2016-06-19 18:34 - 2016-02-28 03:53 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-3648149182-1190501675-731794431-1000.job
2016-06-19 18:22 - 2016-03-07 01:24 - 00000000 ____D C:\Users\root\AppData\Roaming\OBS
2016-06-19 18:05 - 2016-03-17 02:32 - 00000000 ____D C:\Users\root\.VirtualBox
2016-06-18 19:09 - 2016-02-27 00:47 - 00000000 ____D C:\Users\root\AppData\Roaming\TS3Client
2016-06-18 19:08 - 2016-02-27 22:31 - 00000000 ____D C:\Users\root\AppData\Roaming\HexChat
2016-06-18 16:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2016-06-16 20:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-06-16 19:22 - 2016-02-26 21:11 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-16 15:11 - 2016-02-27 14:52 - 00000000 ____D C:\Users\root\AppData\Local\CrashDumps
2016-06-15 19:21 - 2016-02-27 14:40 - 00000000 ___RD C:\Users\root\Virtual Machines
2016-06-15 19:21 - 2009-07-14 06:45 - 00330632 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 19:19 - 2016-05-12 14:40 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 15:08 - 2016-02-27 13:08 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 15:05 - 2016-02-27 13:07 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 14:14 - 2016-03-14 17:01 - 00000000 ___RD C:\Users\root\Desktop\Programme
2016-06-13 21:22 - 2016-02-27 13:01 - 00000000 ____D C:\Users\root\Desktop\Games
2016-06-13 19:31 - 2010-11-21 05:27 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-13 18:44 - 2016-02-27 18:48 - 00000000 ____D C:\Users\root\Desktop\chan
2016-06-12 04:24 - 2016-02-27 14:30 - 00000000 ____D C:\Users\root\Documents\My Games
2016-06-12 00:54 - 2016-02-26 21:24 - 00074032 _____ C:\Users\root\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-11 23:11 - 2016-03-10 21:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-06-11 23:08 - 2016-02-26 21:07 - 00000000 ____D C:\Users\root
2016-06-11 21:05 - 2016-04-25 15:49 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-11 21:05 - 2016-02-28 16:51 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2016-06-11 21:05 - 2016-02-28 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-06-11 21:02 - 2016-02-28 16:29 - 00000000 ____D C:\AMD
2016-06-09 15:46 - 2016-05-10 21:49 - 00000000 ____D C:\Users\root\AppData\Local\Windows Live
2016-06-08 15:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-07 16:29 - 2016-02-26 21:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-07 15:11 - 2016-03-17 02:33 - 00000000 ____D C:\Program Files (x86)\Image-Line
2016-06-07 15:10 - 2016-03-17 02:35 - 00000000 ____D C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-06-07 15:10 - 2016-03-17 02:35 - 00000000 ____D C:\Program Files\Image-Line
2016-06-06 18:16 - 2016-02-27 13:44 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-06-06 16:40 - 2016-05-05 23:14 - 00000000 ____D C:\Users\root\AppData\Local\osu!
2016-06-05 21:20 - 2016-02-26 21:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-05 00:08 - 2016-02-27 15:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-02 23:14 - 2016-03-21 16:45 - 00122704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2016-06-02 23:14 - 2016-03-21 16:44 - 00166488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-06-02 23:14 - 2016-03-21 16:43 - 01512192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-06-02 23:14 - 2016-03-21 16:43 - 01243344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2016-06-02 23:14 - 2016-03-21 16:43 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-06-02 23:13 - 2016-03-21 16:43 - 10700864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-06-02 23:13 - 2016-03-21 16:42 - 08865344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-06-02 23:13 - 2016-03-21 16:42 - 06999496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-06-02 22:31 - 2016-02-23 17:04 - 00223744 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-06-01 15:15 - 2016-02-27 00:30 - 00000000 ____D C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-01 13:20 - 2016-03-17 02:36 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-06-01 13:20 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-31 17:34 - 2016-04-03 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2016-05-28 22:05 - 2016-03-17 03:19 - 00000000 ____D C:\Users\root\VirtualBox VMs
2016-05-28 17:45 - 2016-02-26 21:07 - 00000000 ____D C:\Users\root\AppData\Local\VirtualStore
2016-05-26 17:04 - 2016-02-27 13:37 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-26 17:04 - 2016-02-27 13:37 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-26 07:50 - 2016-02-27 04:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-26 07:50 - 2016-02-27 04:04 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2016-06-12 16:20 - 2016-06-13 00:52 - 0000600 _____ () C:\Users\root\AppData\Roaming\winscp.rnd
2016-05-10 21:58 - 2016-05-10 21:58 - 0004608 _____ () C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-12 18:49 - 2016-06-18 15:05 - 0000600 _____ () C:\Users\root\AppData\Local\PUTTY.RND
2016-05-28 12:59 - 2016-05-28 12:59 - 0000730 _____ () C:\Users\root\AppData\Local\recently-used.xbel
2016-05-22 01:28 - 2016-06-02 15:47 - 0007603 _____ () C:\Users\root\AppData\Local\Resmon.ResmonCfg
2016-02-28 03:53 - 2016-02-28 03:53 - 0000003 _____ () C:\Users\root\AppData\Local\updater.log
2016-02-28 03:53 - 2016-02-28 03:53 - 0000424 _____ () C:\Users\root\AppData\Local\UserProducts.xml
2016-02-26 21:24 - 2016-02-26 21:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\root\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\root\AppData\Local\Temp\playstv_patch.exe
C:\Users\root\AppData\Local\Temp\radeon-crimson-16.3.2-without-dotnet45-win7-64bit.exe
C:\Users\root\AppData\Local\Temp\raptrpatch.exe
C:\Users\root\AppData\Local\Temp\raptr_stub.exe
C:\Users\root\AppData\Local\Temp\_isB700.exe
C:\Users\root\AppData\Local\Temp\_isCC44.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-17 17:04

==================== End of FRST.txt ============================
         
--- --- ---
__________________

Alt 19.06.2016, 21:11   #4
sodium
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent



addition.txt :
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
Ran by root (2016-06-19 21:57:44)
Running from C:\Users\root\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-02-26 19:07:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3648149182-1190501675-731794431-500 - Administrator - Disabled)
Guest (S-1-5-21-3648149182-1190501675-731794431-501 - Limited - Disabled)
root (S-1-5-21-3648149182-1190501675-731794431-1000 - Administrator - Enabled) => C:\Users\root

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 9.0.375.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 9.0.381.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Ableton Live 9 Trial (HKLM\...\{D85562BD-24D2-415D-8E77-8E3C19A51FE8}) (Version: 9.0.0.0 - Ableton)
ACP Application (Version: 2016.0602.1640.44 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Skybox Labs)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Amnesia: The Dark Descent (HKLM\...\Steam App 57300) (Version:  - Frictional Games)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.15.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
Assassin's Creed® III (HKLM\...\Steam App 208480) (Version:  - Ubisoft Montreal)
Ballance (HKLM-x32\...\{42E0783D-3BA4-454B-B58A-BF26E49EB7DE}) (Version:  - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
BlazBlue: Calamity Trigger (HKLM\...\Steam App 263300) (Version:  - Arc System Works)
Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version:  - Treyarch)
Call of Duty: Black Ops II - Zombies (HKLM\...\Steam App 212910) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM\...\Steam App 42690) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version:  - Infinity Ward)
Catalyst Control Center Next Localization BR (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
Cubetractor (HKLM\...\Steam App 235720) (Version:  - Ludochip)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM\...\Steam App 221100) (Version:  - Bohemia Interactive)
DeepSound 2.0 (HKLM-x32\...\{805FED7C-06CB-4E90-BE39-490044BD80BB}) (Version: 2.0.0 - Jpinsoft)
Dia (remove only) (HKLM-x32\...\Dia) (Version:  - )
Die Rache des Dr. Düster (HKLM-x32\...\DRDD) (Version:  - )
DiRT Rally (HKLM\...\ZGlydHJhbGx5_is1) (Version: 1 - )
Discord (HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\Discord) (Version: 0.0.290 - Hammer & Chisel, Inc.)
Disney Interactive Compatibility Update December 2002 (HKLM\...\{70af630e-2e1b-470f-b600-9ae48f0b94d0}.sdb) (Version:  - )
Disneys Donald Duck (HKLM-x32\...\Donald Duck) (Version:  - )
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
ESET NOD32 Antivirus (HKLM\...\{19388080-5457-4309-A768-8215FCF55DC4}) (Version: 9.0.375.1 - ESET, spol. s r.o.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fistful of Frags (HKLM\...\Steam App 265630) (Version:  - Fistful of Frags Team)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Harveys Neue Augen (HKLM-x32\...\Harvey) (Version: 1.1 - Daedalic Entertainment)
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.0 - HexChat)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{94A137EA-92EF-441C-A7E2-6757CC08EA82}) (Version: 5.0.10.2907 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Journey To The Center Of The Earth (HKLM\...\Steam App 382120) (Version:  - insayn)
Käpt'n Blaubär (HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\Blaubär) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 5.0.5.2 (HKLM-x32\...\{43D862C3-739D-4FF6-91C0-25612368CC81}) (Version: 5.0.5.2 - The Document Foundation)
LiEat (HKLM\...\Steam App 373770) (Version:  - △○□× (Miwashiba))
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Lovely Planet (HKLM\...\Steam App 298600) (Version:  - QUICKTEQUILA)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
ManyCam 5.3.0 (HKLM-x32\...\ManyCam) (Version: 5.3.0 - Visicom Media Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1.5990 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.6.18139 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{e4eb1ff1-304b-4f3b-886c-9700f85aaafe}) (Version: latest - ppy Pty Ltd)
Outlast (HKLM\...\Steam App 238320) (Version:  - Red Barrels)
PeaZip 6.0.2 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.0.2 - Giorgio Tani)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Please, Don’t Touch Anything (HKLM-x32\...\Steam App 354240) (Version:  - Four Quarters)
Prison Architect (HKLM\...\Steam App 233450) (Version:  - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PuTTY (HKLM-x32\...\{ED9EF59B-0799-428E-823D-6D2B7B4FE2E0}) (Version: 0.67.0.0 - Simon Tatham)
Python 2.7.1 (HKLM-x32\...\{32939827-d8e5-470a-b126-870db3c69fdf}) (Version: 2.7.1150 - Python Software Foundation)
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version:  - Croteam)
Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version:  - Croteam)
Skiller PRO (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 2.1.15.6 - Sharkoon Technologies)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SMITE (HKLM-x32\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Sniper Ghost Warrior 2 (HKLM\...\Steam App 34870) (Version:  - City Interactive)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Slaughtering Grounds (HKLM\...\Steam App 329950) (Version:  - Digital Homicide Studios)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
Trigger External Graphics Family 16.01.0113.0179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 16.01.0113.0179 - MCT Corp)
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\UnityWebPlayer) (Version: 5.3.3f1 - Unity Technologies ApS)
Unknown Battle (HKLM\...\Steam App 443940) (Version:  - Nikolai Patrakov)
Urizen Shadows of the Cold (HKLM\...\Steam App 397700) (Version:  - Bloodshadow Games)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.0 (HKLM\...\VulkanRT1.0.11.0) (Version: 1.0.11.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Watch Dogs (HKLM-x32\...\Watch Dogs_is1) (Version: 1.06.329 - Decepticon)
Willi wills wissen - Polizei (HKLM-x32\...\Willi wills wissen - Polizei_is1) (Version:  - FWU/USM)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.21-0 - Bitnami)
Yet Another Zombie Defense (HKLM\...\Steam App 270550) (Version:  - Awesome Games Studio)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0352650D-5F3B-4956-8DD8-25DD6BC7F330} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {086D987B-9DFD-49B1-B845-B83D1C98C6D7} - System32\Tasks\{BD0EBB41-1435-4DE2-B7E3-70711D288A49} => pcalua.exe -a D:\Utilities\GoogleChrome\Google\(v1.0.1)\ASRock_Chrome_Installer.exe -d D:\Utilities\GoogleChrome\Google\(v1.0.1)\ -c /r:ASRM /b /q
Task: {2218B0A4-F060-4310-9810-244DE01074A9} - System32\Tasks\{0AF2F348-7BDB-4AF5-B5D2-45CFE291BB08} => pcalua.exe -a C:\Users\root\Downloads\i2pinstall_0.9.25_windows.exe -d C:\Users\root\Downloads
Task: {3368F755-EF34-4A9E-BCF3-91D4F4B4D8DD} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {4172DEFB-90CE-4642-9C2C-3BC344BFD985} - System32\Tasks\{51F4BB0C-C2BE-48A0-A107-763C4FB39792} => E:\DonaldDuck\Donald.exe [2000-10-16] ()
Task: {41FD4ADA-7701-40B0-8452-56451D29D414} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-27] (Google Inc.)
Task: {4DB1412B-B556-46CD-8EB2-DE48F374159F} - System32\Tasks\{608546AC-4062-4C7F-AC68-A5234B368EB3} => E:\DonaldDuck\Donald.exe [2000-10-16] ()
Task: {64265A70-FBA5-4F6C-ABE2-68E22E91A325} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-27] (Google Inc.)
Task: {76C46C69-1A63-41D5-B121-671605C84F67} - System32\Tasks\{B3AFE717-1BD2-48C9-A779-4B51B4E454E5} => E:\DonaldDuck\Donald.exe [2000-10-16] ()
Task: {93D16B5E-9B10-4590-B70B-EC30DAC087A3} - System32\Tasks\{8B62FC96-393C-4437-8255-A589AC139FB7} => pcalua.exe -a "C:\Users\root\Downloads\Display Driver Uninstaller.exe" -d C:\Users\root\Downloads
Task: {A3DC2797-652E-4A3E-8DBA-07F666F5A059} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-06-02] (Advanced Micro Devices, Inc.)
Task: {A91B09B1-40BE-44F0-B5AA-27D4D7C3E22F} - System32\Tasks\update-S-1-5-21-3648149182-1190501675-731794431-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {ADF299A7-AE96-4C47-9E93-4FE5B1A1B2A6} - System32\Tasks\{22C96BDC-3654-402C-B43C-043533256BEC} => pcalua.exe -a C:\Users\root\Downloads\mobius-2-5.exe -d C:\Users\root\Downloads
Task: {B5104298-223C-4C57-9B4C-56E9C98E02FB} - System32\Tasks\{82B2E1FD-E292-41E3-83FF-47D526AF2E32} => E:\DonaldDuck\Donald.exe [2000-10-16] ()
Task: {B7F8A6B8-ABE0-47C3-84D3-280DA47D6AD2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {CB9F759F-2723-4073-AA61-6861BB035341} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {DAFD4F6E-CADF-443C-9C8D-5BD3D4CCB224} - System32\Tasks\{A99CA3F6-8A51-4F55-A391-9FD61E35F49A} => E:\DonaldDuck\Donald.exe [2000-10-16] ()
Task: {E69C4DC0-708D-4175-A01E-074E8D02BFC3} - System32\Tasks\{BB1D1906-C6B3-452A-B138-933A93ED81D8} => pcalua.exe -a D:\Setup.exe -d D:\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3648149182-1190501675-731794431-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hotspot Shield Free VPN Proxy – Unblock Sites.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=heajfgnegopeedndeahkdjedjkjcmnpb

==================== Loaded Modules (Whitelisted) ==============

2016-04-05 21:50 - 2016-04-05 21:50 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2016-03-28 20:07 - 2016-03-28 20:07 - 00230064 _____ () E:\notepad++\NppShell_06.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-03-04 21:06 - 2013-10-29 14:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2016-03-04 21:06 - 2012-12-11 12:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2016-04-21 23:20 - 2016-04-21 23:20 - 00008704 _____ () E:\i2p\jcpuid.dll
2016-04-21 23:20 - 2016-04-21 23:20 - 00176640 _____ () E:\i2p\jbigi.dll
2016-02-27 14:26 - 2016-06-17 15:52 - 47503472 _____ () C:\Users\root\AppData\Roaming\Spotify\libcef.dll
2016-03-04 21:06 - 2013-01-15 18:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2016-03-20 15:29 - 2015-07-20 18:15 - 00057344 _____ () E:\SkillerPro\lan.dll
2016-03-20 15:29 - 2012-08-14 23:41 - 00061440 _____ () E:\SkillerPro\hiddriver.dll
2016-02-27 14:26 - 2016-06-17 15:52 - 01584240 _____ () C:\Users\root\AppData\Roaming\Spotify\libglesv2.dll
2016-02-27 14:26 - 2016-06-17 15:52 - 00082032 _____ () C:\Users\root\AppData\Roaming\Spotify\libegl.dll
2016-02-26 21:52 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2016-02-23 17:04 - 2016-06-02 22:31 - 00223744 _____ () C:\Windows\SysWOW64\GameManager32.dll
2016-02-27 00:24 - 2016-04-29 22:10 - 00785920 _____ () E:\steam\SDL2.dll
2016-02-27 00:24 - 2015-07-03 18:12 - 04962816 _____ () E:\steam\v8.dll
2016-02-27 00:24 - 2015-07-03 18:12 - 01556992 _____ () E:\steam\icui18n.dll
2016-02-27 00:24 - 2015-07-03 18:12 - 01187840 _____ () E:\steam\icuuc.dll
2016-02-27 00:24 - 2016-06-15 02:47 - 02387024 _____ () E:\steam\video.dll
2016-02-27 00:24 - 2016-02-09 01:14 - 02549760 _____ () E:\steam\libavcodec-56.dll
2016-02-27 00:24 - 2016-02-09 01:14 - 00442880 _____ () E:\steam\libavutil-54.dll
2016-02-27 00:24 - 2016-02-09 01:14 - 00491008 _____ () E:\steam\libavformat-56.dll
2016-02-27 00:24 - 2016-02-09 01:14 - 00332800 _____ () E:\steam\libavresample-2.dll
2016-02-27 00:24 - 2016-02-09 01:14 - 00485888 _____ () E:\steam\libswscale-3.dll
2016-02-27 00:24 - 2016-06-15 02:47 - 00829008 _____ () E:\steam\bin\chromehtml.DLL
2016-03-10 01:08 - 2016-02-18 00:25 - 00281088 _____ () E:\steam\openvr_api.dll
2016-02-27 00:24 - 2016-06-14 21:14 - 49826080 _____ () E:\steam\bin\libcef.dll
2016-02-27 00:24 - 2015-09-25 01:56 - 00119208 _____ () E:\steam\winh264.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-06-16 19:21 - 2016-06-15 11:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-16 19:21 - 2016-06-15 11:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-04-04 18:12 - 2016-06-13 17:23 - 01016832 _____ () E:\New folder\Origin\platforms\qwindows.dll
2016-04-04 18:12 - 2016-06-13 17:23 - 00028160 _____ () E:\New folder\Origin\imageformats\qgif.dll
2016-04-04 18:12 - 2016-06-13 17:23 - 00029696 _____ () E:\New folder\Origin\imageformats\qico.dll
2016-04-04 18:12 - 2016-06-13 17:23 - 00256000 _____ () E:\New folder\Origin\imageformats\qjpeg.dll
2016-04-04 18:12 - 2016-06-13 17:23 - 00266240 _____ () E:\New folder\Origin\imageformats\qmng.dll
2016-04-04 18:12 - 2016-06-13 17:23 - 00023552 _____ () E:\New folder\Origin\imageformats\qtga.dll
2016-04-04 18:12 - 2016-06-13 17:23 - 00346112 _____ () E:\New folder\Origin\imageformats\qtiff.dll
2016-04-04 18:12 - 2016-06-13 17:23 - 00023552 _____ () E:\New folder\Origin\imageformats\qwbmp.dll
2016-04-04 18:12 - 2016-06-13 17:23 - 00243200 _____ () E:\New folder\Origin\mediaservice\wmfengine.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3648149182-1190501675-731794431-1000\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3648149182-1190501675-731794431-1000\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-05-28 22:23 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 15461 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3648149182-1190501675-731794431-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\root\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: GManager => 2
MSCONFIG\Services: i2p => 2
MSCONFIG\Services: ISCTAgent => 2
MSCONFIG\Services: iumsvc => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MlPatch => 2
MSCONFIG\Services: PAExec => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: U2VSvr => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: Discord => C:\Users\root\AppData\Local\Discord\app-0.0.290\Discord.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: TUCCDUtil => C:\PROGRA~2\MCTCOR~1\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
MSCONFIG\startupreg: Util => C:\Windows\system32\Util.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0C1AA64F-4967-4F4A-B247-1B1CB33C3A42}] => (Allow) E:\steam\Steam.exe
FirewallRules: [{C4390D3A-1604-4F69-9AC4-55EB5F2C5CFE}] => (Allow) E:\steam\Steam.exe
FirewallRules: [{4974EBC2-C29C-4C38-8E53-395C92C83134}] => (Allow) E:\steam\bin\steamwebhelper.exe
FirewallRules: [{A7973FB5-866C-4624-81DA-1D7ECA12A4AC}] => (Allow) E:\steam\bin\steamwebhelper.exe
FirewallRules: [{0EB8BC0B-71B5-4811-A505-B6F93C0AEBE5}] => (Allow) E:\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E11C3FF6-F880-4307-9403-B2226720111E}] => (Allow) E:\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AE119F81-3AA3-4858-AF96-ABAD3E3719E7}] => (Allow) E:\steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{2A94CC12-E697-4A8D-9B6A-6448C5507FC7}] => (Allow) E:\steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{F7C1F7F3-23BE-485C-BB8B-9E4D82902D13}] => (Allow) E:\steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{BAED70EE-E07F-4501-83B9-D9995C94757E}] => (Allow) E:\steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{52BE8F56-7858-4CE1-9C9C-3F96571EB590}] => (Allow) E:\steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{7378BCFF-C6E0-4385-AE16-2B30800026A0}] => (Allow) E:\steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe
FirewallRules: [{B0249E68-565E-4FC2-B7CC-718B21F95CBD}] => (Allow) E:\steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{0791D6E5-C666-4029-95ED-B26E273B7ECA}] => (Allow) E:\steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{48782515-96CB-4A0C-B451-AE10ED5328FC}] => (Allow) E:\steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{9D328C90-DF35-4255-8738-5223FFDD1AD3}] => (Allow) E:\steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{9ACDC0C8-F356-46E7-AE79-0E0443C6C7F5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4FA27C23-26A9-47A0-80EF-0DFA3F4AEF9E}] => (Allow) E:\steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{F9168B80-0E70-41C7-9EA8-E15D86F71685}] => (Allow) E:\steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{1A74AD8C-58AC-4251-964B-9B758773E142}] => (Allow) E:\steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{F05F14FC-79B7-4B68-8192-864EC77BDCF0}] => (Allow) E:\steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{7DCBC655-87B7-448C-A861-46ACB6AFB4FB}C:\users\root\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\root\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FF8C3671-AEEA-42F9-8811-596D5F55AFDA}C:\users\root\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\root\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{553F9105-A126-425B-BA93-89D7D95FEE52}E:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) E:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{B7A4FB21-98B5-4F0B-99EB-2F274E8442E4}E:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) E:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{8040CC83-0FA6-4270-9809-8CF73DE4A548}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D846B1D6-CD5D-4A5C-BB31-3744805A82F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{40B4A21F-3EB7-4C84-8D8D-02BE65547E3B}] => (Allow) E:\steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{99A8A3E2-8457-413C-8159-A95F76127229}] => (Allow) E:\steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [TCP Query User{F96F129F-E820-4402-B152-C4D560F4FC9C}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{33E26157-9889-4F5F-AC46-9FFEE337D6DB}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [{FDD82D75-C646-490F-8F6F-C87E4FDEE089}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{D8205DDF-7357-4C8F-8454-5D46AE297B45}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5D5A0514-C0B5-4276-A6DC-8E5AC90D62F4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{7A8F9EA9-7627-46C8-96D5-0E4F6B017BD7}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{7563BC23-4321-4254-9873-488762B6F428}E:\gta5\gta5.exe] => (Allow) E:\gta5\gta5.exe
FirewallRules: [UDP Query User{65FB57EA-BDCF-4507-A9FC-4A5EEB44AA27}E:\gta5\gta5.exe] => (Allow) E:\gta5\gta5.exe
FirewallRules: [{DE8AB698-C880-4A2D-A558-8F96D86B1A21}] => (Allow) E:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{B3215CC0-295B-42BD-8E8D-91D884DE8E5A}] => (Allow) E:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [TCP Query User{64048B76-C844-46D2-A21F-2381B174F24D}C:\users\root\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\root\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{71AB2E19-3DE2-41CE-A88A-E88C0C7EA392}C:\users\root\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\root\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A94B1C08-857D-4EB1-84F3-31B1ADA7CD08}] => (Allow) E:\steam\steamapps\common\Please, Don’t Touch Anything\DontTouchAnything.exe
FirewallRules: [{4EF55B55-8575-4236-A7D6-13216BDF56E0}] => (Allow) E:\steam\steamapps\common\Please, Don’t Touch Anything\DontTouchAnything.exe
FirewallRules: [TCP Query User{0F4ACEDC-8A1B-4F3D-855F-5231305879E4}E:\steam\steamapps\common\cry of fear\cof.exe] => (Allow) E:\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{6841DC14-DEEC-44E5-AB13-653E7245499A}E:\steam\steamapps\common\cry of fear\cof.exe] => (Allow) E:\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{3A9FB279-799C-4767-8541-999E12947686}] => (Block) E:\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{66BF661C-6C03-46A8-A79D-B75DC219298B}] => (Block) E:\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{0F47D14F-126E-4569-A3B1-DAD1EF22897B}] => (Allow) E:\steam\steamapps\common\Yet Another Zombie Defense\YetAnotherZombieDefense.exe
FirewallRules: [{D4C4704B-016D-437B-A3D0-79D523F208A8}] => (Allow) E:\steam\steamapps\common\Yet Another Zombie Defense\YetAnotherZombieDefense.exe
FirewallRules: [{D7CBB16F-335D-4A75-9D68-3E14FDEF3B72}] => (Allow) E:\steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{BE557370-5AC1-449F-903F-850DC4713308}] => (Allow) E:\steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{25821B89-9673-4F5D-A218-4EB4F741FC8B}] => (Allow) E:\steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{ADE297DB-0467-4D17-ABEB-BEFF916AA30F}] => (Allow) E:\steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{0ACBBDDD-020C-4AD0-971C-E0196C9944F4}] => (Allow) E:\steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8B0B7770-7482-4E00-AF05-CAAF49119353}] => (Allow) E:\steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{4242250E-45B1-4242-BC38-16EAAE02404C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{5785AB1F-516F-49A1-AF98-7569E98D6FD7}] => (Allow) E:\steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{C016AC0B-9726-400F-9B76-C10D43CFFCBE}] => (Allow) E:\steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{D8165C44-FBFC-4868-88D9-49698F512519}] => (Allow) E:\steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{E79296D9-5353-4EB1-A9E0-5F66946AEA2C}] => (Allow) E:\steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{56FD9E47-691E-4785-87D5-0955B6DF44F0}] => (Allow) E:\steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{61DD7C0B-FEED-438E-94DE-983C5AA17EC2}] => (Allow) E:\steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{8AD1897B-6FCB-4A01-B97E-B25B2F95CC99}] => (Allow) E:\steam\steamapps\common\Assassin's Creed 3\AC3SP.exe
FirewallRules: [{CC527FA5-920E-4B08-9FB6-804DB4EB292C}] => (Allow) E:\steam\steamapps\common\Assassin's Creed 3\AC3SP.exe
FirewallRules: [{81C2C359-2599-4E61-9D92-DE07B58E97BB}] => (Allow) E:\steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{52CA968A-416C-4FEA-A9EC-8BE412D26806}] => (Allow) E:\steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{7354ED9B-014F-46C9-A38B-560D688E452A}] => (Allow) E:\steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{D9261E54-64BB-4ABF-A06A-9031F056A0F7}] => (Allow) E:\steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{FECAF83C-4013-4C1C-A4B1-6DE380902A0D}] => (Allow) E:\steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{07843F7E-C0ED-4EF1-AC49-7B3B1E8DB770}] => (Allow) E:\steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{4AC75F89-221E-4C81-B458-3467EC1B0084}] => (Allow) E:\steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{25CB3712-E943-470C-A99D-4F3AD7A787D6}] => (Allow) E:\steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{47EA76AF-0D9C-4241-91C1-93F2B4DEA77D}] => (Allow) E:\steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{2634528B-21A2-4324-AD8B-D0D4423FA0C7}] => (Allow) E:\steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{68A10ABD-E9C5-4BE4-B055-D15C0E440378}] => (Allow) E:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{8D8FB4C2-9D91-4962-AE69-8CA9A62ABE1C}] => (Allow) E:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{FDEB1725-18E4-45A4-96E8-CD4D4CF332BF}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{DA5DBEC9-221E-4145-BE12-6B2891702A43}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{D25DC2B8-E7DE-460C-984B-6F46EE8FFF05}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{27E5D316-EC9D-495A-96D9-ED0191093CAC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3FC08449-28B9-4823-86E8-38100A4C3170}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FB03C84C-7DD5-4E2E-AE2A-4C52A0726954}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C7B17627-3DEB-429F-AD09-19A733C6F871}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{CCEF796F-2DC1-4EF6-8C50-798DCE22B534}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{361D5349-7B1D-42C4-9102-E857628C1F99}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{17AE18F1-200A-4A29-9D6B-4F4CB46CBDF5}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{3E207AE6-189E-47C9-859E-FAE01B31F221}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{4EC28762-5DCB-43DD-91FD-2DA6BA622968}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{84409B18-6CAF-4B25-8329-BDA34B54A81E}E:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) E:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{0D4BFF96-3AC1-42B8-9159-5B12FEA23EF6}E:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) E:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{DBDAEC85-51DF-49CD-B746-86CF7078CB2C}] => (Block) E:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{0B1DAB99-DA27-45E1-AD85-3325C021B296}] => (Block) E:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{F8C6F571-33C1-4549-B04F-FE54A2785FD7}] => (Allow) E:\steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [{36ADAE7E-0871-41D7-8841-94F4E7B4AEE9}] => (Allow) E:\steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
FirewallRules: [TCP Query User{83146363-38D8-414B-AB9E-3205D6A101F6}E:\xamp\apache\bin\httpd.exe] => (Allow) E:\xamp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{8BEA9048-C4B2-4672-8736-D077153BDC0A}E:\xamp\apache\bin\httpd.exe] => (Allow) E:\xamp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{11389CE5-556B-4F98-B624-E46064CFBD33}E:\xamp\mysql\bin\mysqld.exe] => (Allow) E:\xamp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{B3ABD712-1E48-4A9D-BFC2-285C38F05EAF}E:\xamp\mysql\bin\mysqld.exe] => (Allow) E:\xamp\mysql\bin\mysqld.exe
FirewallRules: [{335945A1-13D1-48D4-8EF7-70D17F1BFA7A}] => (Block) E:\xamp\mysql\bin\mysqld.exe
FirewallRules: [{DA464EEE-4A32-4E5A-BEA5-D1F45C1C40BE}] => (Block) E:\xamp\mysql\bin\mysqld.exe
FirewallRules: [{4B42431D-E18C-4E84-9175-B2A0381F8681}] => (Block) E:\xamp\apache\bin\httpd.exe
FirewallRules: [{92837C34-2AAE-4E8E-9FD8-8F6409579826}] => (Block) E:\xamp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{FBB54E19-DB1A-4586-A342-AB668C3400A7}C:\program files (x86)\resolume arena 5.0.2\arena.exe] => (Block) C:\program files (x86)\resolume arena 5.0.2\arena.exe
FirewallRules: [UDP Query User{29AD43E6-C9D9-4993-8BF4-B2ACAC773DBC}C:\program files (x86)\resolume arena 5.0.2\arena.exe] => (Block) C:\program files (x86)\resolume arena 5.0.2\arena.exe
FirewallRules: [{AA81F782-8003-45B8-ADF8-469821C0B64E}] => (Allow) E:\steam\steamapps\common\Cubetractor\Cubetractor.exe
FirewallRules: [{8CA08902-01D0-434E-B21E-E16A90BB82C0}] => (Allow) E:\steam\steamapps\common\Cubetractor\Cubetractor.exe
FirewallRules: [{A097B949-C838-4754-8A2E-9D3F15041556}] => (Allow) E:\steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe
FirewallRules: [{689F3E99-C8FB-4CEC-9409-9693ABECD50D}] => (Allow) E:\steam\steamapps\common\Journey To The Center Of The Earth\journey to the center of the earth.exe
FirewallRules: [{C81EBB36-0539-456D-A68B-0CB044A0EE58}] => (Allow) E:\steam\steamapps\common\Unknown Battle\Unknown Battle.exe
FirewallRules: [{F13700D8-31C7-4A64-A770-A4094B1583C8}] => (Allow) E:\steam\steamapps\common\Unknown Battle\Unknown Battle.exe
FirewallRules: [{7917105F-7097-476C-9F10-4B504F2DC371}] => (Allow) E:\steam\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{8937F4E7-DF90-43B4-95D3-A0403E117688}] => (Allow) E:\steam\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{1B4BC8DA-B145-4E6B-BCBF-74681E99CE2F}] => (Allow) E:\steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{B028E2D7-7880-4C10-8B85-A8495185849E}] => (Allow) E:\steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{3049E2AD-57B9-4E05-A381-4A1585EAA945}] => (Allow) E:\steam\steamapps\common\Call of Duty Modern Warfare 3\iw5sp.exe
FirewallRules: [{FFBA4F32-6E59-41C8-ACA9-82231E3D679A}] => (Allow) E:\steam\steamapps\common\Call of Duty Modern Warfare 3\iw5sp.exe
FirewallRules: [TCP Query User{76B0E5A3-CC25-4D7A-AAD4-AB431634B878}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{2DE847F1-4C58-4BE2-B865-FEEC9166BFDE}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{D7000688-D392-482E-8D36-075D297879A7}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{4F529384-24D6-4C3E-978E-7B31B62D3F72}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{5F536F6B-AA39-41A4-A66A-4ECF5F81F205}] => (Allow) E:\steam\steamapps\common\URIZEN SHADOWS OF THE COLD\URIZEN SHADOWS OF THE COLD.exe
FirewallRules: [{30524C32-4E0D-4C7B-A38B-D2270E1F3216}] => (Allow) E:\steam\steamapps\common\URIZEN SHADOWS OF THE COLD\URIZEN SHADOWS OF THE COLD.exe
FirewallRules: [{5748CF27-FE56-4D76-9E13-8A1743A5F15D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D08DB320-3C1E-42A7-AF8E-6AE40B7A48EB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{192F6CA6-91AE-427B-A9C8-442455C64A56}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{CABE5C56-D8E7-451D-B884-7B49896C17B5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0D3DF5D1-F95D-4DE1-8B3B-63E4A0A2F891}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{C1882092-DF96-4AC6-8C77-F2E1DFE02B14}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{74628DB1-DC8D-42AA-8DE4-574F99607FA1}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{620F6326-09B2-4AFF-9D04-02CBF7364CA7}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{18D6DC51-56C9-4FD4-B878-94A3C6D32349}] => (Block) E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{76F25C30-C160-4792-BD39-8A970CE78DBF}] => (Block) E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{671FBF91-2256-4994-8828-05608FA342D9}] => (Allow) E:\steam\steamapps\common\Lovely Planet\LovelyPlanet.exe
FirewallRules: [{96151BEA-EBE2-4F86-B87F-E2799E3D8FEE}] => (Allow) E:\steam\steamapps\common\Lovely Planet\LovelyPlanet.exe
FirewallRules: [{33147413-0B06-43B9-B057-3E6F0BA4D88F}] => (Allow) E:\steam\steamapps\common\LiEat\LiEat_Launcher.exe
FirewallRules: [{11A9B804-600E-4A82-928F-76289DF4C578}] => (Allow) E:\steam\steamapps\common\LiEat\LiEat_Launcher.exe
FirewallRules: [{DFE296CF-8A1B-4084-A071-85309F0FD269}] => (Allow) E:\steam\steamapps\common\BlazBlue Calamity Trigger\BBCT.exe
FirewallRules: [{F20833AA-9F2E-40F2-A788-F7BC1E629BD3}] => (Allow) E:\steam\steamapps\common\BlazBlue Calamity Trigger\BBCT.exe
FirewallRules: [{788C1AB1-3DF3-4AA1-9C6D-AEE982EFF6A4}] => (Allow) E:\steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{2BCDEC7B-A1BE-488E-9ACC-FA786188BB5D}] => (Allow) E:\steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{3F341E9B-72F1-4539-B2D9-2756B77F47D7}] => (Allow) E:\steam\steamapps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe
FirewallRules: [{AAD87E95-7F42-4580-A9F3-D9BE0E64F5A1}] => (Allow) E:\steam\steamapps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe
FirewallRules: [{E87E1A57-C095-4027-879F-4C87C94A5B22}] => (Allow) E:\steam\steamapps\common\The Slaughtering Grounds\slaughter.exe
FirewallRules: [{2BCA9C9E-A186-44D9-B9F4-8D29D2E1F5FA}] => (Allow) E:\steam\steamapps\common\The Slaughtering Grounds\slaughter.exe
FirewallRules: [{8BB22777-6DDC-44B7-9CEA-C0BE832E8C55}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1627C81B-1344-4F43-AFBA-19D47A78F7FC}] => (Allow) LPort=2869
FirewallRules: [{35E57DCD-C4CC-4BE2-8293-7768935807A3}] => (Allow) LPort=1900
FirewallRules: [{C93B8C9A-6257-4CA8-A05C-EF00AA3351F8}] => (Allow) E:\steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{268B50B9-E162-4A41-9366-6D916069CE44}] => (Allow) E:\steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{FC2F0B63-35E0-42BC-A431-1064C1D4058B}E:\steam\steamapps\common\dayz\dayz.exe] => (Allow) E:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{073579ED-1801-491E-B37B-3F4D75DF08FF}E:\steam\steamapps\common\dayz\dayz.exe] => (Allow) E:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{232916DE-07D2-44FC-A60F-AE4185C927EB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{E2DE0677-A9B8-4EE1-A732-8ECA1FCDB8A4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D540730A-8884-43A7-A4F6-E939A362728D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{993FF87C-4F71-4640-98C5-891A4660B4EB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{1575F2ED-DB7E-4FAC-A19C-7F25C9EEB436}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{80C80775-DF34-44E4-9899-8DBCC80DF562}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{BA04428A-A3D2-495F-BE1E-84BFEE163491}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-06-2016 18:23:29 Installed PuTTY
14-06-2016 14:36:07 Windows Update
15-06-2016 15:03:06 Windows Update
16-06-2016 03:00:10 Windows Update

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2016 08:53:50 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')

Error: (06/19/2016 08:50:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2016 08:48:41 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (06/19/2016 05:17:09 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')

Error: (06/19/2016 10:46:57 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')

Error: (06/19/2016 10:43:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2016 10:41:49 AM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (06/18/2016 05:17:05 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')

Error: (06/18/2016 01:11:46 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')

Error: (06/18/2016 12:34:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/19/2016 08:48:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
VBoxNetAdp

Error: (06/19/2016 07:41:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (06/19/2016 10:41:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
VBoxNetAdp

Error: (06/18/2016 08:22:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/18/2016 12:32:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
VBoxNetAdp

Error: (06/18/2016 01:04:27 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/17/2016 11:03:00 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MIKE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C926664C-AAB9-4E7B-8850-D2F4CDAB3CCA}.
The master browser is stopping or an election is being forced.

Error: (06/17/2016 09:12:54 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MIKE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C926664C-AAB9-4E7B-8850-D2F4CDAB3CCA}.
The master browser is stopping or an election is being forced.

Error: (06/17/2016 04:46:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
VBoxNetAdp

Error: (06/17/2016 04:35:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


CodeIntegrity:
===================================
  Date: 2016-02-26 23:02:10.148
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-26 23:02:10.148
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-26 21:05:41.258
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-26 21:05:41.258
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-26 20:47:48.601
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-26 20:47:48.601
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-26 20:46:23.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-26 20:46:23.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 30%
Total physical RAM: 16332.09 MB
Available physical RAM: 11342.11 MB
Total Virtual: 32662.36 MB
Available Virtual: 27104.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:38.95 GB) NTFS
Drive e: (Purple) (Fixed) (Total:931.51 GB) (Free:548.6 GB) NTFS
Drive f: (Blue) (Fixed) (Total:931.51 GB) (Free:753.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BF1A4A06)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BF1A4A6A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 394CEDA5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
PS: ich habe noch 2 weitere festplatten (d:\ und e:\, ich bin mir nicht sicher von welcher Relevanz diese für diesen Test sind.)

MfG Sodium

Alt 19.06.2016, 21:21   #5
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent



Schritt 1
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 20.06.2016, 20:09   #6
sodium
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent



vielen dank für die antwort
Code:
ATTFilter
21:05:15.0123 0x1528  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
21:05:26.0071 0x1528  ============================================================
21:05:26.0071 0x1528  Current date / time: 2016/06/20 21:05:26.0071
21:05:26.0071 0x1528  SystemInfo:
21:05:26.0071 0x1528  
21:05:26.0071 0x1528  OS Version: 6.1.7601 ServicePack: 1.0
21:05:26.0071 0x1528  Product type: Workstation
21:05:26.0071 0x1528  ComputerName: BATTLESTATION
21:05:26.0071 0x1528  UserName: root
21:05:26.0071 0x1528  Windows directory: C:\Windows
21:05:26.0071 0x1528  System windows directory: C:\Windows
21:05:26.0071 0x1528  Running under WOW64
21:05:26.0071 0x1528  Processor architecture: Intel x64
21:05:26.0071 0x1528  Number of processors: 8
21:05:26.0071 0x1528  Page size: 0x1000
21:05:26.0071 0x1528  Boot type: Normal boot
21:05:26.0071 0x1528  ============================================================
21:05:27.0935 0x1528  KLMD registered as C:\Windows\system32\drivers\21929521.sys
21:05:28.0113 0x1528  System UUID: {DBC415C3-E981-384A-7C9E-5B930B1AAF51}
21:05:28.0423 0x1528  Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:05:28.0433 0x1528  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:05:28.0433 0x1528  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:05:28.0545 0x1528  ============================================================
21:05:28.0545 0x1528  \Device\Harddisk2\DR2:
21:05:28.0545 0x1528  MBR partitions:
21:05:28.0545 0x1528  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:05:28.0545 0x1528  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
21:05:28.0545 0x1528  \Device\Harddisk0\DR0:
21:05:28.0546 0x1528  MBR partitions:
21:05:28.0546 0x1528  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:05:28.0546 0x1528  \Device\Harddisk1\DR1:
21:05:28.0546 0x1528  MBR partitions:
21:05:28.0546 0x1528  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:05:28.0546 0x1528  ============================================================
21:05:28.0546 0x1528  C: <-> \Device\Harddisk2\DR2\Partition2
21:05:28.0579 0x1528  E: <-> \Device\Harddisk0\DR0\Partition1
21:05:29.0022 0x1528  F: <-> \Device\Harddisk1\DR1\Partition1
21:05:29.0022 0x1528  ============================================================
21:05:29.0022 0x1528  Initialize success
21:05:29.0022 0x1528  ============================================================
21:06:34.0882 0x15e4  ============================================================
21:06:34.0882 0x15e4  Scan started
21:06:34.0882 0x15e4  Mode: Manual; SigCheck; TDLFS; 
21:06:34.0882 0x15e4  ============================================================
21:06:34.0882 0x15e4  KSN ping started
21:06:35.0037 0x15e4  KSN ping finished: true
21:06:35.0897 0x15e4  ================ Scan system memory ========================
21:06:35.0898 0x15e4  System memory - ok
21:06:35.0898 0x15e4  ================ Scan services =============================
21:06:35.0919 0x15e4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:06:35.0946 0x15e4  1394ohci - ok
21:06:35.0955 0x15e4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:06:35.0965 0x15e4  ACPI - ok
21:06:35.0967 0x15e4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:06:35.0975 0x15e4  AcpiPmi - ok
21:06:35.0979 0x15e4  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:06:35.0983 0x15e4  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
21:06:36.0113 0x15e4  Detect skipped due to KSN trusted
21:06:36.0113 0x15e4  Adobe LM Service - ok
21:06:36.0124 0x15e4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:06:36.0136 0x15e4  adp94xx - ok
21:06:36.0143 0x15e4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:06:36.0153 0x15e4  adpahci - ok
21:06:36.0158 0x15e4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:06:36.0166 0x15e4  adpu320 - ok
21:06:36.0170 0x15e4  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:06:36.0178 0x15e4  AeLookupSvc - ok
21:06:36.0188 0x15e4  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
21:06:36.0201 0x15e4  AFD - ok
21:06:36.0204 0x15e4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:06:36.0210 0x15e4  agp440 - ok
21:06:36.0213 0x15e4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:06:36.0223 0x15e4  ALG - ok
21:06:36.0225 0x15e4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:06:36.0230 0x15e4  aliide - ok
21:06:36.0236 0x15e4  [ 8F00AFF1E0E57F71A7EB33437ABC1D54, 1A91BADFB0F6CE2D0ED4405C9409F910C94B032170C3E0530FE65CB7134F3C9D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:06:36.0252 0x15e4  AMD External Events Utility - ok
21:06:36.0259 0x15e4  [ B5F984B4D7C0BAF1FC02C3043E94B99E, 83E961B9A14BA904168C2A85C7568FAE44B6CD61FF8FC323A939F2F36C7ED964 ] amdacpksd       C:\Windows\system32\drivers\amdacpksd.sys
21:06:36.0271 0x15e4  amdacpksd - ok
21:06:36.0275 0x15e4  [ 5556901F250C05311E30D811186AD6D6, B322EBED7320FD294E9BA45B17B0B7BD35A13F1FA361E8C946EC6EDE29D5A123 ] amdacpusrsvc    C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
21:06:36.0279 0x15e4  amdacpusrsvc - detected UnsignedFile.Multi.Generic ( 1 )
21:06:36.0537 0x15e4  amdacpusrsvc ( UnsignedFile.Multi.Generic ) - warning
21:06:36.0682 0x15e4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:06:36.0688 0x15e4  amdide - ok
21:06:36.0690 0x15e4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:06:36.0698 0x15e4  AmdK8 - ok
21:06:36.0699 0x15e4  amdkmdag - ok
21:06:36.0709 0x15e4  [ 15405DCCC66146E61A72DBFDDE67A922, E1D8B8BF39A160353422B294B316895130BCC43058665850436A9FBFD9C7A2F6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:06:36.0723 0x15e4  amdkmdap - ok
21:06:36.0726 0x15e4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:06:36.0733 0x15e4  AmdPPM - ok
21:06:36.0737 0x15e4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:06:36.0744 0x15e4  amdsata - ok
21:06:36.0748 0x15e4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:06:36.0756 0x15e4  amdsbs - ok
21:06:36.0759 0x15e4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:06:36.0763 0x15e4  amdxata - ok
21:06:36.0766 0x15e4  [ 6474F8823C7188D2DA579F01FB6CED6B, 81D4E9D026CA60FB8840D520D151B8C2F4745A75DF90A4D6C80641F1A23AB605 ] AppID           C:\Windows\system32\drivers\appid.sys
21:06:36.0773 0x15e4  AppID - ok
21:06:36.0776 0x15e4  [ 8F58BA1F7772D6D7CE45F03309608001, CDB109E0DD241042C058F7D81A1BDEBC34435CB2DC4A7A7A3692193DD5806097 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:06:36.0781 0x15e4  AppIDSvc - ok
21:06:36.0784 0x15e4  [ B62867835B41BCD839D9896AB4D7DF09, 98036D0202DB6171E90485898175833AC44873A85E6453EBE928E433B364CE07 ] Appinfo         C:\Windows\System32\appinfo.dll
21:06:36.0792 0x15e4  Appinfo - ok
21:06:36.0796 0x15e4  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:06:36.0806 0x15e4  AppMgmt - ok
21:06:36.0809 0x15e4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:06:36.0815 0x15e4  arc - ok
21:06:36.0818 0x15e4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:06:36.0824 0x15e4  arcsas - ok
21:06:36.0828 0x15e4  [ 30284361A316A61306D3494953B72BF8, 169B7E1439A506C8E827988DAD796B37CE81A32B5EB2DEBDD5032AC6C9845380 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
21:06:36.0835 0x15e4  asmthub3 - ok
21:06:36.0843 0x15e4  [ 7E75F23151F893E9B6620784994BFCE1, 53D4F655FC29B182A58A482E3199C322D1466D12841E5087159C937AEE14C6E4 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
21:06:36.0853 0x15e4  asmtxhci - ok
21:06:36.0860 0x15e4  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:06:36.0867 0x15e4  aspnet_state - ok
21:06:36.0869 0x15e4  [ E1AFEE1584C74050DE0DD16DE2A54BF3, 77C8D98159D8BCDC7917B04977949823D50C49D0D13587310E060A4B8893AE42 ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
21:06:36.0874 0x15e4  AsrAppCharger - ok
21:06:36.0877 0x15e4  [ 7F31020C06C8EC1B7013F8A8EF6B0C7E, BE94C92127FE88D5512D8C128CC7FFB2DF62285FE315319FF45E132FD3B6D47D ] asstor64        C:\Windows\system32\DRIVERS\asstor64.sys
21:06:36.0883 0x15e4  asstor64 - ok
21:06:36.0884 0x15e4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:36.0917 0x15e4  AsyncMac - ok
21:06:36.0919 0x15e4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:06:36.0924 0x15e4  atapi - ok
21:06:36.0928 0x15e4  [ 7405228DEA13CBD65080E548EA01A8C7, 91894BD53982A6D63601B58FF71CC5A44046770FA9B74093D4FCBFEC78B1AB57 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:06:36.0935 0x15e4  AtiHDAudioService - ok
21:06:36.0946 0x15e4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:06:36.0965 0x15e4  AudioEndpointBuilder - ok
21:06:36.0977 0x15e4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:06:36.0992 0x15e4  AudioSrv - ok
21:06:36.0997 0x15e4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:06:37.0012 0x15e4  AxInstSV - ok
21:06:37.0021 0x15e4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:06:37.0035 0x15e4  b06bdrv - ok
21:06:37.0041 0x15e4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:06:37.0052 0x15e4  b57nd60a - ok
21:06:37.0056 0x15e4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:06:37.0064 0x15e4  BDESVC - ok
21:06:37.0066 0x15e4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:06:37.0084 0x15e4  Beep - ok
21:06:37.0112 0x15e4  [ CE4DEB0464915A50371D1FCDD22BE6D0, 8CFDC981605DE5ED22DC07E892108445BDAE84FCACFAF2EB5E4417E0757B623D ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
21:06:37.0149 0x15e4  BEService - ok
21:06:37.0164 0x15e4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:06:37.0183 0x15e4  BFE - ok
21:06:37.0198 0x15e4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
21:06:37.0230 0x15e4  BITS - ok
21:06:37.0234 0x15e4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:06:37.0240 0x15e4  blbdrive - ok
21:06:37.0243 0x15e4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:06:37.0250 0x15e4  bowser - ok
21:06:37.0252 0x15e4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:06:37.0260 0x15e4  BrFiltLo - ok
21:06:37.0262 0x15e4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:06:37.0269 0x15e4  BrFiltUp - ok
21:06:37.0273 0x15e4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:06:37.0282 0x15e4  Browser - ok
21:06:37.0288 0x15e4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:06:37.0299 0x15e4  Brserid - ok
21:06:37.0301 0x15e4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:06:37.0309 0x15e4  BrSerWdm - ok
21:06:37.0310 0x15e4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:06:37.0318 0x15e4  BrUsbMdm - ok
21:06:37.0319 0x15e4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:06:37.0325 0x15e4  BrUsbSer - ok
21:06:37.0328 0x15e4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:06:37.0335 0x15e4  BTHMODEM - ok
21:06:37.0339 0x15e4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:06:37.0358 0x15e4  bthserv - ok
21:06:37.0361 0x15e4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:06:37.0380 0x15e4  cdfs - ok
21:06:37.0384 0x15e4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:06:37.0391 0x15e4  cdrom - ok
21:06:37.0394 0x15e4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:06:37.0412 0x15e4  CertPropSvc - ok
21:06:37.0415 0x15e4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:06:37.0423 0x15e4  circlass - ok
21:06:37.0430 0x15e4  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
21:06:37.0440 0x15e4  CLFS - ok
21:06:37.0444 0x15e4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:06:37.0452 0x15e4  clr_optimization_v2.0.50727_32 - ok
21:06:37.0456 0x15e4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:06:37.0463 0x15e4  clr_optimization_v2.0.50727_64 - ok
21:06:37.0469 0x15e4  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:06:37.0477 0x15e4  clr_optimization_v4.0.30319_32 - ok
21:06:37.0480 0x15e4  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:06:37.0488 0x15e4  clr_optimization_v4.0.30319_64 - ok
21:06:37.0490 0x15e4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:06:37.0496 0x15e4  CmBatt - ok
21:06:37.0498 0x15e4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:06:37.0504 0x15e4  cmdide - ok
21:06:37.0512 0x15e4  [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:06:37.0526 0x15e4  CNG - ok
21:06:37.0529 0x15e4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:06:37.0534 0x15e4  Compbatt - ok
21:06:37.0536 0x15e4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:06:37.0544 0x15e4  CompositeBus - ok
21:06:37.0545 0x15e4  COMSysApp - ok
21:06:37.0548 0x15e4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:06:37.0553 0x15e4  crcdisk - ok
21:06:37.0558 0x15e4  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:06:37.0568 0x15e4  CryptSvc - ok
21:06:37.0577 0x15e4  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
21:06:37.0591 0x15e4  CSC - ok
21:06:37.0603 0x15e4  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
21:06:37.0621 0x15e4  CscService - ok
21:06:37.0632 0x15e4  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:06:37.0647 0x15e4  DcomLaunch - ok
21:06:37.0653 0x15e4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:06:37.0676 0x15e4  defragsvc - ok
21:06:37.0679 0x15e4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:06:37.0698 0x15e4  DfsC - ok
21:06:37.0704 0x15e4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:06:37.0717 0x15e4  Dhcp - ok
21:06:37.0740 0x15e4  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
21:06:37.0771 0x15e4  DiagTrack - ok
21:06:37.0775 0x15e4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:06:37.0792 0x15e4  discache - ok
21:06:37.0795 0x15e4  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
21:06:37.0801 0x15e4  Disk - ok
21:06:37.0804 0x15e4  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
21:06:37.0811 0x15e4  dmvsc - ok
21:06:37.0815 0x15e4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:06:37.0825 0x15e4  Dnscache - ok
21:06:37.0830 0x15e4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:06:37.0852 0x15e4  dot3svc - ok
21:06:37.0856 0x15e4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:06:37.0875 0x15e4  DPS - ok
21:06:37.0877 0x15e4  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:06:37.0883 0x15e4  drmkaud - ok
21:06:37.0899 0x15e4  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:06:37.0918 0x15e4  DXGKrnl - ok
21:06:37.0927 0x15e4  [ A030FD04470A8BD8044567D2E915AFAA, 5EF4CA03F121AA9296A52C1C9B1852087A347002B2CC664D3972AF44A2E5365F ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
21:06:37.0940 0x15e4  e1dexpress - ok
21:06:37.0946 0x15e4  [ B4B52D2D4976FB06C53DCC6F476EAE2F, 2D48A3A6DC4E19840543A2F22CA45D3F6C0C989E00CBCA65F7B4B7222E6D69ED ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
21:06:37.0955 0x15e4  eamonm - ok
21:06:37.0959 0x15e4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:06:37.0979 0x15e4  EapHost - ok
21:06:38.0025 0x15e4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:06:38.0079 0x15e4  ebdrv - ok
21:06:38.0086 0x15e4  [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] EFS             C:\Windows\System32\lsass.exe
21:06:38.0093 0x15e4  EFS - ok
21:06:38.0098 0x15e4  [ 2072E5C612C0C178A1E725433EB4E7EB, FA99355AE119FFEB1C9C2DB1349ABCF59F87AB113C9D91186F59829FFFBA1286 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
21:06:38.0106 0x15e4  ehdrv - ok
21:06:38.0119 0x15e4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:06:38.0139 0x15e4  ehRecvr - ok
21:06:38.0143 0x15e4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:06:38.0151 0x15e4  ehSched - ok
21:06:38.0188 0x15e4  [ 287D7C125CCCBA0D2111181F44BE2C2A, 7D9892BB0CAF30AC90E5CE7D93FF85ED7B5D95418D13475CF7D2E66BEDDD574E ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:06:38.0233 0x15e4  ekrn - ok
21:06:38.0245 0x15e4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:06:38.0258 0x15e4  elxstor - ok
21:06:38.0263 0x15e4  [ FEBED910ADE0997D2AD10BE6456DE92A, 89A8AA6528E9A53329E34257E693214B33B7F77612159CF73D3D5C80DBA81FBA ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
21:06:38.0271 0x15e4  epfwwfpr - ok
21:06:38.0273 0x15e4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:06:38.0279 0x15e4  ErrDev - ok
21:06:38.0288 0x15e4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:06:38.0313 0x15e4  EventSystem - ok
21:06:38.0318 0x15e4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:06:38.0339 0x15e4  exfat - ok
21:06:38.0344 0x15e4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:06:38.0365 0x15e4  fastfat - ok
21:06:38.0377 0x15e4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:06:38.0396 0x15e4  Fax - ok
21:06:38.0399 0x15e4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
21:06:38.0405 0x15e4  fdc - ok
21:06:38.0408 0x15e4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:06:38.0426 0x15e4  fdPHost - ok
21:06:38.0428 0x15e4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:06:38.0446 0x15e4  FDResPub - ok
21:06:38.0449 0x15e4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:06:38.0455 0x15e4  FileInfo - ok
21:06:38.0458 0x15e4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:06:38.0476 0x15e4  Filetrace - ok
21:06:38.0478 0x15e4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:06:38.0484 0x15e4  flpydisk - ok
21:06:38.0489 0x15e4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:06:38.0498 0x15e4  FltMgr - ok
21:06:38.0517 0x15e4  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
21:06:38.0544 0x15e4  FontCache - ok
21:06:38.0547 0x15e4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:06:38.0553 0x15e4  FontCache3.0.0.0 - ok
21:06:38.0555 0x15e4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:06:38.0560 0x15e4  FsDepends - ok
21:06:38.0563 0x15e4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:06:38.0568 0x15e4  Fs_Rec - ok
21:06:38.0573 0x15e4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:06:38.0582 0x15e4  fvevol - ok
21:06:38.0585 0x15e4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:06:38.0591 0x15e4  gagp30kx - ok
21:06:38.0597 0x15e4  [ 57888A823873B256786D88C8E5999093, 560C1088E2BB1E99B9C4E2FBFAB2B7824B4727E1EFD6889E4C5B6E7BCB77ED6D ] GManager        C:\Windows\system32\GManager.exe
21:06:38.0607 0x15e4  GManager - ok
21:06:38.0620 0x15e4  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
21:06:38.0640 0x15e4  gpsvc - ok
21:06:38.0645 0x15e4  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:06:38.0652 0x15e4  gupdate - ok
21:06:38.0657 0x15e4  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:06:38.0663 0x15e4  gupdatem - ok
21:06:38.0666 0x15e4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:06:38.0672 0x15e4  hcw85cir - ok
21:06:38.0679 0x15e4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:06:38.0691 0x15e4  HdAudAddService - ok
21:06:38.0695 0x15e4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:06:38.0704 0x15e4  HDAudBus - ok
21:06:38.0706 0x15e4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:06:38.0712 0x15e4  HidBatt - ok
21:06:38.0715 0x15e4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:06:38.0723 0x15e4  HidBth - ok
21:06:38.0725 0x15e4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:06:38.0733 0x15e4  HidIr - ok
21:06:38.0735 0x15e4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
21:06:38.0753 0x15e4  hidserv - ok
21:06:38.0755 0x15e4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:06:38.0761 0x15e4  HidUsb - ok
21:06:38.0792 0x15e4  [ 5BE6FE53D1C031A61AF6C22E216F399D, 9D7C6746C373E512CBF10A8F452B65A4F8CDA9BB77C5B9636569CDF7BCD081DD ] HiPatchService  E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
21:06:38.0794 0x15e4  HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
21:06:38.0982 0x15e4  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
21:06:38.0982 0x15e4  Force sending object to P2P due to detect: HiPatchService
21:06:39.0199 0x15e4  Object send P2P result: true
21:06:39.0345 0x15e4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:06:39.0365 0x15e4  hkmsvc - ok
21:06:39.0371 0x15e4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:06:39.0382 0x15e4  HomeGroupListener - ok
21:06:39.0387 0x15e4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:06:39.0397 0x15e4  HomeGroupProvider - ok
21:06:39.0400 0x15e4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:06:39.0407 0x15e4  HpSAMD - ok
21:06:39.0420 0x15e4  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:06:39.0436 0x15e4  HTTP - ok
21:06:39.0439 0x15e4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:06:39.0444 0x15e4  hwpolicy - ok
21:06:39.0471 0x15e4  i2p - ok
21:06:39.0474 0x15e4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:06:39.0481 0x15e4  i8042prt - ok
21:06:39.0493 0x15e4  [ 9EBE1AE8B3DA91D06BE1971EB37F7DA0, 55B0E66139C966AF0D4955B44363123198C559968C864DA85F6610CF1C844E8D ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
21:06:39.0507 0x15e4  iaStorA - ok
21:06:39.0510 0x15e4  [ D524B034148F14C60F1CA66D267EE56A, 18045270C5CA718501285EE05EDED8B0EF998A881ACF19D9602F91A2A30E40AB ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:06:39.0515 0x15e4  IAStorDataMgrSvc - ok
21:06:39.0517 0x15e4  [ C018747131B4E90E9267BA5B31EB43A7, 0FA045B63500D6AA98CADD72BA8052BD2631387FD1270A9FD5A77EB7A7A14536 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
21:06:39.0522 0x15e4  iaStorF - ok
21:06:39.0530 0x15e4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:06:39.0540 0x15e4  iaStorV - ok
21:06:39.0555 0x15e4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:06:39.0575 0x15e4  idsvc - ok
21:06:39.0577 0x15e4  IEEtwCollectorService - ok
21:06:39.0579 0x15e4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:06:39.0585 0x15e4  iirsp - ok
21:06:39.0599 0x15e4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:06:39.0620 0x15e4  IKEEXT - ok
21:06:39.0624 0x15e4  [ 0BBE196EED750C18E5D4B3CB55EB097C, 6A67BF6CD9BBC77034AD1BBDE6FD1DE78440825E317DB7C517BD4D773FEBDA39 ] INETMON         C:\Windows\System32\Drivers\INETMON.sys
21:06:39.0629 0x15e4  INETMON - ok
21:06:39.0680 0x15e4  [ E9740A3BC0AE6EA035FF7ECE3A1B27B6, 4CA3E094B0057E143955DE5D41C3344688B6D2C4FFC0417235FF46312B600F99 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:06:39.0737 0x15e4  IntcAzAudAddService - ok
21:06:39.0755 0x15e4  [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:06:39.0775 0x15e4  Intel(R) Capability Licensing Service TCP IP Interface - ok
21:06:39.0779 0x15e4  [ 9417DBC88A3A80F6177BCA204B16A016, A1CAEEDB634C5858D6C448F38BB1464F555D9AC1EC4340DFD0E10E69B4F3CF07 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
21:06:39.0786 0x15e4  Intel(R) ME Service - ok
21:06:39.0792 0x15e4  [ DD73746062EAF2767EC84D995B50C977, FC06F843A400CDBC64ED2DC73A15DF4348D52D8D058A490E07363A8F4E9F6F7C ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
21:06:39.0801 0x15e4  Intel(R) PROSet Monitoring Service - ok
21:06:39.0804 0x15e4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:06:39.0809 0x15e4  intelide - ok
21:06:39.0812 0x15e4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:06:39.0819 0x15e4  intelppm - ok
21:06:39.0822 0x15e4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:06:39.0842 0x15e4  IPBusEnum - ok
21:06:39.0844 0x15e4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:06:39.0862 0x15e4  IpFilterDriver - ok
21:06:39.0871 0x15e4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:06:39.0888 0x15e4  iphlpsvc - ok
21:06:39.0891 0x15e4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:06:39.0897 0x15e4  IPMIDRV - ok
21:06:39.0901 0x15e4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:06:39.0919 0x15e4  IPNAT - ok
21:06:39.0921 0x15e4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:06:39.0930 0x15e4  IRENUM - ok
21:06:39.0932 0x15e4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:06:39.0937 0x15e4  isapnp - ok
21:06:39.0943 0x15e4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:06:39.0952 0x15e4  iScsiPrt - ok
21:06:39.0954 0x15e4  [ 35C0995BCDB0E45D1EEBE4FB582D1563, 67B44EE25B8FF5778AC58255265536EC4CC444A5A8368D6311DEDAF58357E5ED ] ISCT            C:\Windows\system32\DRIVERS\ISCTD.sys
21:06:39.0960 0x15e4  ISCT - ok
21:06:39.0965 0x15e4  [ 796A8DFCB3609C61E6AD43E551F55D9A, 20A0FF8E72238DAC64A65DEEAA84BD8D7AD45249FC87DEA11B715D0CD0DBDCBC ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
21:06:39.0974 0x15e4  ISCTAgent - ok
21:06:39.0979 0x15e4  [ 8B9EB2DD362921E91A254CF0D00CF263, BA63C7D1C259DF7FCCFBA8901FF02D6E6002EA809EEE1C3D281185A799B7319A ] iumsvc          C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
21:06:39.0986 0x15e4  iumsvc - ok
21:06:39.0988 0x15e4  [ 45392E76EE30DC9C8F0181C785F0BA48, 7FB522E1AA9B877B9FB1A29C2ADC42EA794E8864AD2411AD275F00F00547F8F3 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:06:39.0993 0x15e4  iusb3hcs - ok
21:06:40.0000 0x15e4  [ C6E8FB7FF41877378CCB30DE6E9941DF, CA808A00C0CC21C1C7BE54F0D1E5D3F24C0032BE821C064E0A63901F20F3C6BC ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
21:06:40.0010 0x15e4  iusb3hub - ok
21:06:40.0023 0x15e4  [ 6FBA980433B2B21604CE990FBF542D3F, ACB35A5558DD9EF9A339C9D061207AF5527D3AEFC9AC99AB6CFBA1CE92F8B62D ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:06:40.0039 0x15e4  iusb3xhc - ok
21:06:40.0043 0x15e4  [ 0B93A01F786F37A4B1EDE84E639FFF10, 8747109A2FA2B80C8C5F5B6D2372C1B0DA4F4BF9DC1D551195ADF0715C260223 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:06:40.0051 0x15e4  jhi_service - ok
21:06:40.0053 0x15e4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:06:40.0059 0x15e4  kbdclass - ok
21:06:40.0061 0x15e4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:06:40.0067 0x15e4  kbdhid - ok
21:06:40.0069 0x15e4  [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] KeyIso          C:\Windows\system32\lsass.exe
21:06:40.0075 0x15e4  KeyIso - ok
21:06:40.0077 0x15e4  [ 3974E5264A0481600370C5BEED061DDF, 6365DC2B3ECAF462F98481103F47B7550688D1A3AE96C88FDBCB3ED3BBB76EB6 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:06:40.0084 0x15e4  KSecDD - ok
21:06:40.0087 0x15e4  [ 6E85615A86FE86E76DAE49BF9F227483, 825F9906910C33A36D04D805402A8C0C8E09232407E077B85282E3208A9BFC25 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:06:40.0094 0x15e4  KSecPkg - ok
21:06:40.0097 0x15e4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:06:40.0114 0x15e4  ksthunk - ok
21:06:40.0121 0x15e4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:06:40.0145 0x15e4  KtmRm - ok
21:06:40.0150 0x15e4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:06:40.0171 0x15e4  LanmanServer - ok
21:06:40.0175 0x15e4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:06:40.0194 0x15e4  LanmanWorkstation - ok
21:06:40.0236 0x15e4  [ DCE4D6B8A07E18E719A10311E4FA3125, B4E1BB7C9924E12B87A41188D8A3095FED3D4B22DA706CBB964DA39AD46F7F30 ] LiveUpdateSvc   C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
21:06:40.0283 0x15e4  LiveUpdateSvc - ok
21:06:40.0290 0x15e4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:06:40.0307 0x15e4  lltdio - ok
21:06:40.0314 0x15e4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:06:40.0336 0x15e4  lltdsvc - ok
21:06:40.0339 0x15e4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:06:40.0356 0x15e4  lmhosts - ok
21:06:40.0364 0x15e4  [ C31139E0907170E2A3FA8D19DCC23D35, C504E93D2018E9E487A428483C646C67B4ECE122560CF0FA49A1626E1509EEAE ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:06:40.0375 0x15e4  LMS - ok
21:06:40.0379 0x15e4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:06:40.0385 0x15e4  LSI_FC - ok
21:06:40.0389 0x15e4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:06:40.0395 0x15e4  LSI_SAS - ok
21:06:40.0398 0x15e4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:06:40.0404 0x15e4  LSI_SAS2 - ok
21:06:40.0407 0x15e4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:06:40.0414 0x15e4  LSI_SCSI - ok
21:06:40.0417 0x15e4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:06:40.0435 0x15e4  luafv - ok
21:06:40.0438 0x15e4  [ C06234DCDB1BFC0CF7E25CFAC5B7F5FE, 149A3880E1D58CC0768A174DF4E884F3A4432F935D134B5AE536B7020788F5D5 ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv.sys
21:06:40.0443 0x15e4  ManyCam - ok
21:06:40.0453 0x15e4  [ F0DB70EA6B32DA9E8D3DFE50206CF9C4, F2CE20E7019C029388A24326B149B0FBF17649F2BA805C96E9F6FB27EB4CB3CD ] ManyCam Service C:\ProgramData\ManyCam\Service\ManyCamService.exe
21:06:40.0466 0x15e4  ManyCam Service - ok
21:06:40.0470 0x15e4  [ 88B3BADFB02BE4471655EAF88DDC7EBD, F38D69B80A7670F85A9692A01D2D71A54BB413346C3523726E59D1282D349B83 ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv_x64.sys
21:06:40.0475 0x15e4  mcaudrv_simple - ok
21:06:40.0540 0x15e4  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
21:06:40.0549 0x15e4  mcdbus - ok
21:06:40.0561 0x15e4  [ 5703F23BBC29B538B79D71B6DC8FD204, 1C5071989F14667F82A6E3EBD84FCFE2F8DD19C839ACEB8B7CC5D854250292FE ] mctkmd          C:\Windows\system32\drivers\mctkmd64.sys
21:06:40.0568 0x15e4  mctkmd - ok
21:06:40.0570 0x15e4  [ 7E622C16CA2798B352C0B31DBB208CBD, 226D877CC86526BDA361557ED2506743CA05E9532C6DD9F60870F50C9505E8CC ] mctkmdldr       C:\Windows\system32\drivers\mctkmdldr64.sys
21:06:40.0575 0x15e4  mctkmdldr - ok
21:06:40.0579 0x15e4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:06:40.0587 0x15e4  Mcx2Svc - ok
21:06:40.0589 0x15e4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:06:40.0595 0x15e4  megasas - ok
21:06:40.0601 0x15e4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:06:40.0611 0x15e4  MegaSR - ok
21:06:40.0615 0x15e4  [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
21:06:40.0623 0x15e4  MEIx64 - ok
21:06:40.0655 0x15e4  [ 5EED5CAA1BF6B4F2D345BB0F1827D266, 8E684E1023864DFDEEBF7A5B2E31179062D38CE142A4BFF8A321F6DA993001C4 ] MlPatch         C:\Windows\system32\MlPatch.exe
21:06:40.0699 0x15e4  MlPatch - ok
21:06:40.0703 0x15e4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:06:40.0722 0x15e4  MMCSS - ok
21:06:40.0724 0x15e4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:06:40.0742 0x15e4  Modem - ok
21:06:40.0744 0x15e4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:06:40.0751 0x15e4  monitor - ok
21:06:40.0754 0x15e4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:06:40.0760 0x15e4  mouclass - ok
21:06:40.0762 0x15e4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:06:40.0768 0x15e4  mouhid - ok
21:06:40.0771 0x15e4  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:06:40.0777 0x15e4  mountmgr - ok
21:06:40.0781 0x15e4  [ C410158EAB38FC64D026830B2E509ED0, 7BBF004CC78CDD763413268A1A2E151B6F1E8010827097B5C454CE8FFBD21974 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:06:40.0788 0x15e4  MozillaMaintenance - ok
21:06:40.0792 0x15e4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:06:40.0799 0x15e4  mpio - ok
21:06:40.0802 0x15e4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:06:40.0821 0x15e4  mpsdrv - ok
21:06:40.0834 0x15e4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:06:40.0866 0x15e4  MpsSvc - ok
21:06:40.0870 0x15e4  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:06:40.0878 0x15e4  MRxDAV - ok
21:06:40.0882 0x15e4  [ 10112D850C844606419C79EE24EE6016, 1668F47ED9C31D805542646A0AD6E572C3547FF822F5BCDF1BB3F521714F8B85 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:06:40.0891 0x15e4  mrxsmb - ok
21:06:40.0897 0x15e4  [ DCC4343B422A13B42C7678998449CE8A, 9C143543DC9B21A15C5E86640464A3A78C5E820857D0A6BE05D4FBC20D0BF866 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:06:40.0906 0x15e4  mrxsmb10 - ok
21:06:40.0910 0x15e4  [ 46C4F5BEE8D98BB1688752EAD0ABB7C0, C744F39E462798DC98D1C4603758AC43DB4A7961F3BAF9E5ABA22AD905E012F8 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:06:40.0917 0x15e4  mrxsmb20 - ok
21:06:40.0919 0x15e4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:06:40.0925 0x15e4  msahci - ok
21:06:40.0928 0x15e4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:06:40.0935 0x15e4  msdsm - ok
21:06:40.0939 0x15e4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:06:40.0948 0x15e4  MSDTC - ok
21:06:40.0952 0x15e4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:06:40.0969 0x15e4  Msfs - ok
21:06:40.0971 0x15e4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:06:41.0024 0x15e4  mshidkmdf - ok
21:06:41.0044 0x15e4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:06:41.0049 0x15e4  msisadrv - ok
21:06:41.0085 0x15e4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:06:41.0106 0x15e4  MSiSCSI - ok
21:06:41.0108 0x15e4  msiserver - ok
21:06:41.0110 0x15e4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:06:41.0127 0x15e4  MSKSSRV - ok
21:06:41.0129 0x15e4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:06:41.0147 0x15e4  MSPCLOCK - ok
21:06:41.0149 0x15e4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:06:41.0167 0x15e4  MSPQM - ok
21:06:41.0174 0x15e4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:06:41.0185 0x15e4  MsRPC - ok
21:06:41.0189 0x15e4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:06:41.0194 0x15e4  mssmbios - ok
21:06:41.0196 0x15e4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:06:41.0214 0x15e4  MSTEE - ok
21:06:41.0216 0x15e4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:06:41.0222 0x15e4  MTConfig - ok
21:06:41.0225 0x15e4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:06:41.0231 0x15e4  Mup - ok
21:06:41.0239 0x15e4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:06:41.0264 0x15e4  napagent - ok
21:06:41.0271 0x15e4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:06:41.0283 0x15e4  NativeWifiP - ok
21:06:41.0299 0x15e4  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:06:41.0318 0x15e4  NDIS - ok
21:06:41.0321 0x15e4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:06:41.0338 0x15e4  NdisCap - ok
21:06:41.0340 0x15e4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:06:41.0357 0x15e4  NdisTapi - ok
21:06:41.0360 0x15e4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:06:41.0377 0x15e4  Ndisuio - ok
21:06:41.0381 0x15e4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:06:41.0400 0x15e4  NdisWan - ok
21:06:41.0403 0x15e4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:06:41.0420 0x15e4  NDProxy - ok
21:06:41.0423 0x15e4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:06:41.0440 0x15e4  NetBIOS - ok
21:06:41.0445 0x15e4  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:06:41.0455 0x15e4  NetBT - ok
21:06:41.0457 0x15e4  [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] Netlogon        C:\Windows\system32\lsass.exe
21:06:41.0463 0x15e4  Netlogon - ok
21:06:41.0470 0x15e4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:06:41.0494 0x15e4  Netman - ok
21:06:41.0497 0x15e4  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:06:41.0506 0x15e4  NetMsmqActivator - ok
21:06:41.0509 0x15e4  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:06:41.0516 0x15e4  NetPipeActivator - ok
21:06:41.0525 0x15e4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:06:41.0551 0x15e4  netprofm - ok
21:06:41.0555 0x15e4  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:06:41.0562 0x15e4  NetTcpActivator - ok
21:06:41.0565 0x15e4  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:06:41.0573 0x15e4  NetTcpPortSharing - ok
21:06:41.0575 0x15e4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:06:41.0581 0x15e4  nfrd960 - ok
21:06:41.0587 0x15e4  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:06:41.0600 0x15e4  NlaSvc - ok
21:06:41.0602 0x15e4  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
21:06:41.0607 0x15e4  NPF - ok
21:06:41.0609 0x15e4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:06:41.0627 0x15e4  Npfs - ok
21:06:41.0629 0x15e4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:06:41.0651 0x15e4  nsi - ok
21:06:41.0654 0x15e4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:06:41.0672 0x15e4  nsiproxy - ok
21:06:41.0698 0x15e4  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:06:41.0731 0x15e4  Ntfs - ok
21:06:41.0734 0x15e4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:06:41.0752 0x15e4  Null - ok
21:06:41.0755 0x15e4  [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
21:06:41.0761 0x15e4  nusb3hub - ok
21:06:41.0766 0x15e4  [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
21:06:41.0773 0x15e4  nusb3xhc - ok
21:06:41.0777 0x15e4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:06:41.0784 0x15e4  nvraid - ok
21:06:41.0789 0x15e4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:06:41.0796 0x15e4  nvstor - ok
21:06:41.0799 0x15e4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:06:41.0806 0x15e4  nv_agp - ok
21:06:41.0809 0x15e4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:06:41.0815 0x15e4  ohci1394 - ok
21:06:41.0895 0x15e4  [ 2906AF02B5D06B0EFCD32382F19B88DB, 52A57816017591AC18693095ED6877EC6187F01A1B075ECC0F7E8FA73543E9D0 ] Origin Client Service E:\New folder\Origin\OriginClientService.exe
21:06:41.0930 0x15e4  Origin Client Service - ok
21:06:41.0939 0x15e4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:06:41.0953 0x15e4  p2pimsvc - ok
21:06:41.0961 0x15e4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:06:41.0975 0x15e4  p2psvc - ok
21:06:41.0977 0x15e4  PAExec - ok
21:06:41.0980 0x15e4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
21:06:41.0988 0x15e4  Parport - ok
21:06:41.0990 0x15e4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:06:41.0997 0x15e4  partmgr - ok
21:06:42.0001 0x15e4  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:06:42.0011 0x15e4  PcaSvc - ok
21:06:42.0015 0x15e4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:06:42.0023 0x15e4  pci - ok
21:06:42.0025 0x15e4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:06:42.0030 0x15e4  pciide - ok
21:06:42.0035 0x15e4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:06:42.0043 0x15e4  pcmcia - ok
21:06:42.0045 0x15e4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:06:42.0051 0x15e4  pcw - ok
21:06:42.0062 0x15e4  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:06:42.0078 0x15e4  PEAUTH - ok
21:06:42.0099 0x15e4  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:06:42.0140 0x15e4  PeerDistSvc - ok
21:06:42.0151 0x15e4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:06:42.0158 0x15e4  PerfHost - ok
21:06:42.0182 0x15e4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:06:42.0223 0x15e4  pla - ok
21:06:42.0232 0x15e4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:06:42.0246 0x15e4  PlugPlay - ok
21:06:42.0249 0x15e4  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
21:06:42.0255 0x15e4  PnkBstrA - ok
21:06:42.0257 0x15e4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:06:42.0264 0x15e4  PNRPAutoReg - ok
21:06:42.0270 0x15e4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:06:42.0280 0x15e4  PNRPsvc - ok
21:06:42.0289 0x15e4  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:06:42.0305 0x15e4  PolicyAgent - ok
21:06:42.0309 0x15e4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
21:06:42.0330 0x15e4  Power - ok
21:06:42.0333 0x15e4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:06:42.0352 0x15e4  PptpMiniport - ok
21:06:42.0355 0x15e4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:06:42.0361 0x15e4  Processor - ok
21:06:42.0366 0x15e4  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:06:42.0376 0x15e4  ProfSvc - ok
21:06:42.0378 0x15e4  [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:06:42.0384 0x15e4  ProtectedStorage - ok
21:06:42.0388 0x15e4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:06:42.0407 0x15e4  Psched - ok
21:06:42.0430 0x15e4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:06:42.0457 0x15e4  ql2300 - ok
21:06:42.0462 0x15e4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:06:42.0468 0x15e4  ql40xx - ok
21:06:42.0474 0x15e4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:06:42.0487 0x15e4  QWAVE - ok
21:06:42.0489 0x15e4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:06:42.0498 0x15e4  QWAVEdrv - ok
21:06:42.0500 0x15e4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:06:42.0517 0x15e4  RasAcd - ok
21:06:42.0520 0x15e4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:06:42.0538 0x15e4  RasAgileVpn - ok
21:06:42.0542 0x15e4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:06:42.0562 0x15e4  RasAuto - ok
21:06:42.0566 0x15e4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:06:42.0584 0x15e4  Rasl2tp - ok
21:06:42.0591 0x15e4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:06:42.0614 0x15e4  RasMan - ok
21:06:42.0618 0x15e4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:06:42.0637 0x15e4  RasPppoe - ok
21:06:42.0640 0x15e4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:06:42.0659 0x15e4  RasSstp - ok
21:06:42.0665 0x15e4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:06:42.0687 0x15e4  rdbss - ok
21:06:42.0689 0x15e4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:06:42.0697 0x15e4  rdpbus - ok
21:06:42.0699 0x15e4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:06:42.0717 0x15e4  RDPCDD - ok
21:06:42.0721 0x15e4  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:06:42.0730 0x15e4  RDPDR - ok
21:06:42.0732 0x15e4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:06:42.0750 0x15e4  RDPENCDD - ok
21:06:42.0752 0x15e4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:06:42.0770 0x15e4  RDPREFMP - ok
21:06:42.0773 0x15e4  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:06:42.0781 0x15e4  RdpVideoMiniport - ok
21:06:42.0785 0x15e4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:06:42.0795 0x15e4  RDPWD - ok
21:06:42.0800 0x15e4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:06:42.0808 0x15e4  rdyboost - ok
21:06:42.0812 0x15e4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:06:42.0831 0x15e4  RemoteAccess - ok
21:06:42.0835 0x15e4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:06:42.0855 0x15e4  RemoteRegistry - ok
21:06:42.0859 0x15e4  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
21:06:42.0865 0x15e4  rpcapd - ok
21:06:42.0868 0x15e4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:06:42.0887 0x15e4  RpcEptMapper - ok
21:06:42.0888 0x15e4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:06:42.0895 0x15e4  RpcLocator - ok
21:06:42.0904 0x15e4  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
21:06:42.0917 0x15e4  RpcSs - ok
21:06:42.0920 0x15e4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:06:42.0938 0x15e4  rspndr - ok
21:06:42.0940 0x15e4  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:06:42.0946 0x15e4  s3cap - ok
21:06:42.0948 0x15e4  [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] SamSs           C:\Windows\system32\lsass.exe
21:06:42.0954 0x15e4  SamSs - ok
21:06:42.0957 0x15e4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:06:42.0964 0x15e4  sbp2port - ok
21:06:42.0968 0x15e4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:06:42.0990 0x15e4  SCardSvr - ok
21:06:42.0993 0x15e4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:06:43.0010 0x15e4  scfilter - ok
21:06:43.0028 0x15e4  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
21:06:43.0055 0x15e4  Schedule - ok
21:06:43.0059 0x15e4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:06:43.0077 0x15e4  SCPolicySvc - ok
21:06:43.0081 0x15e4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:06:43.0092 0x15e4  SDRSVC - ok
21:06:43.0095 0x15e4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:06:43.0102 0x15e4  secdrv - ok
21:06:43.0105 0x15e4  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
21:06:43.0112 0x15e4  seclogon - ok
21:06:43.0114 0x15e4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
21:06:43.0134 0x15e4  SENS - ok
21:06:43.0136 0x15e4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:06:43.0144 0x15e4  SensrSvc - ok
21:06:43.0146 0x15e4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:06:43.0152 0x15e4  Serenum - ok
21:06:43.0155 0x15e4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:06:43.0161 0x15e4  Serial - ok
21:06:43.0164 0x15e4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:06:43.0170 0x15e4  sermouse - ok
21:06:43.0175 0x15e4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:06:43.0194 0x15e4  SessionEnv - ok
21:06:43.0196 0x15e4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:06:43.0204 0x15e4  sffdisk - ok
21:06:43.0206 0x15e4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:06:43.0212 0x15e4  sffp_mmc - ok
21:06:43.0214 0x15e4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:06:43.0226 0x15e4  sffp_sd - ok
21:06:43.0230 0x15e4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:06:43.0237 0x15e4  sfloppy - ok
21:06:43.0244 0x15e4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:06:43.0267 0x15e4  SharedAccess - ok
21:06:43.0275 0x15e4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:06:43.0298 0x15e4  ShellHWDetection - ok
21:06:43.0301 0x15e4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:06:43.0306 0x15e4  SiSRaid2 - ok
21:06:43.0309 0x15e4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:06:43.0315 0x15e4  SiSRaid4 - ok
21:06:43.0321 0x15e4  [ 9A66A87BBC0EC4463042959B7C0D4AC1, 2E61DC50AD4A4D4782F3271BAD010137DA9A6AFC46C7568C709F68C7621DCD40 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:06:43.0332 0x15e4  SkypeUpdate - ok
21:06:43.0335 0x15e4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:06:43.0354 0x15e4  Smb - ok
21:06:43.0357 0x15e4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:06:43.0364 0x15e4  SNMPTRAP - ok
21:06:43.0366 0x15e4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:06:43.0372 0x15e4  spldr - ok
21:06:43.0381 0x15e4  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
21:06:43.0408 0x15e4  Spooler - ok
21:06:43.0458 0x15e4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:06:43.0535 0x15e4  sppsvc - ok
21:06:43.0540 0x15e4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:06:43.0559 0x15e4  sppuinotify - ok
21:06:43.0568 0x15e4  [ F2F4B895296EE3ECCE781CC2A296A5D1, 126321EDDA8141A42DBE7C90675948433063E6D5B6DEFD805AA0797C95A461EE ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:06:43.0580 0x15e4  srv - ok
21:06:43.0588 0x15e4  [ FD0008BEDD2723170CCA7D61837DFD52, F9F576FA7B84CAB5180B9080D62B8A00B3E5D5BC73199B11C63193742529227D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:06:43.0599 0x15e4  srv2 - ok
21:06:43.0603 0x15e4  [ 63B5845D9379262083655D5C6AB8DFC5, 1813D2FC41ADCDAC6E3A522373B9DB934CC27B89E7185E0E4FC26E30CDAF1523 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:06:43.0611 0x15e4  srvnet - ok
21:06:43.0616 0x15e4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:06:43.0638 0x15e4  SSDPSRV - ok
21:06:43.0640 0x15e4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:06:43.0660 0x15e4  SstpSvc - ok
21:06:43.0684 0x15e4  [ A4FC868F6FC03876E29E4D87731B8E31, C774DA022879A69CBC2178CA1BB779438CD69D1582B4ECF22C90E4F0C4E9D9E4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
21:06:43.0710 0x15e4  Steam Client Service - ok
21:06:43.0713 0x15e4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:06:43.0719 0x15e4  stexstor - ok
21:06:43.0729 0x15e4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:06:43.0748 0x15e4  stisvc - ok
21:06:43.0751 0x15e4  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:06:43.0756 0x15e4  storflt - ok
21:06:43.0758 0x15e4  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
21:06:43.0766 0x15e4  StorSvc - ok
21:06:43.0768 0x15e4  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:06:43.0773 0x15e4  storvsc - ok
21:06:43.0775 0x15e4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:06:43.0780 0x15e4  swenum - ok
21:06:43.0790 0x15e4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:06:43.0817 0x15e4  swprv - ok
21:06:43.0843 0x15e4  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
21:06:43.0880 0x15e4  SysMain - ok
21:06:43.0884 0x15e4  [ 2BA1A4B392264730FB4DC6132C8F52DA, 28CF8CBD5FEE7771E6EDBCC4DEB09111306C4C375C62415EAA0740406BB301A6 ] T1PExGrp64      C:\Windows\system32\DRIVERS\T1PExGrp64.sys
21:06:43.0889 0x15e4  T1PExGrp64 - ok
21:06:43.0891 0x15e4  [ 7E77C0967870BA0B52BF2EC2135DA5CD, EE12D92C7293589946495378840BCEA85A046DC9799E3D8E15E3ADDD3983CA06 ] T1PMrGrp64      C:\Windows\system32\DRIVERS\T1PMrGrp64.sys
21:06:43.0895 0x15e4  T1PMrGrp64 - ok
21:06:43.0899 0x15e4  [ 0C5D2DE73FA0177DC88E1A931A63F24C, 8875155C02DDDFBD9F642059B43D6CAD7745D3DCEFAC1929DC45438AAE4B66D0 ] t1pusb64        C:\Windows\system32\drivers\t1pusb64.sys
21:06:43.0907 0x15e4  t1pusb64 - ok
21:06:43.0912 0x15e4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:06:43.0923 0x15e4  TabletInputService - ok
21:06:43.0925 0x15e4  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
21:06:43.0931 0x15e4  tap0901 - ok
21:06:43.0937 0x15e4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:06:43.0960 0x15e4  TapiSrv - ok
21:06:43.0988 0x15e4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:06:44.0021 0x15e4  Tcpip - ok
21:06:44.0050 0x15e4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:06:44.0082 0x15e4  TCPIP6 - ok
21:06:44.0087 0x15e4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:06:44.0093 0x15e4  tcpipreg - ok
21:06:44.0095 0x15e4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:06:44.0102 0x15e4  TDPIPE - ok
21:06:44.0104 0x15e4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:06:44.0109 0x15e4  TDTCP - ok
21:06:44.0113 0x15e4  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:06:44.0119 0x15e4  tdx - ok
21:06:44.0122 0x15e4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:06:44.0128 0x15e4  TermDD - ok
21:06:44.0139 0x15e4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
21:06:44.0158 0x15e4  TermService - ok
21:06:44.0161 0x15e4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:06:44.0170 0x15e4  Themes - ok
21:06:44.0173 0x15e4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:06:44.0191 0x15e4  THREADORDER - ok
21:06:44.0196 0x15e4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:06:44.0215 0x15e4  TrkWks - ok
21:06:44.0220 0x15e4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:06:44.0240 0x15e4  TrustedInstaller - ok
21:06:44.0243 0x15e4  [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:06:44.0250 0x15e4  tssecsrv - ok
21:06:44.0252 0x15e4  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:06:44.0259 0x15e4  TsUsbFlt - ok
21:06:44.0261 0x15e4  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:06:44.0268 0x15e4  TsUsbGD - ok
21:06:44.0272 0x15e4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:06:44.0290 0x15e4  tunnel - ok
21:06:44.0296 0x15e4  [ D481CBFA40958D921184E3242B1C84BA, 9472535411BE88321A17FFB3FC4DB9EA3F5ED161A5F5B21A31EEB3095C584593 ] U2VSvr          C:\Windows\system32\U2VSvr.exe
21:06:44.0306 0x15e4  U2VSvr - ok
21:06:44.0308 0x15e4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:06:44.0314 0x15e4  uagp35 - ok
21:06:44.0320 0x15e4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:06:44.0341 0x15e4  udfs - ok
21:06:44.0345 0x15e4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:06:44.0353 0x15e4  UI0Detect - ok
21:06:44.0356 0x15e4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:06:44.0361 0x15e4  uliagpkx - ok
21:06:44.0364 0x15e4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:06:44.0370 0x15e4  umbus - ok
21:06:44.0373 0x15e4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:06:44.0379 0x15e4  UmPass - ok
21:06:44.0383 0x15e4  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:06:44.0393 0x15e4  UmRdpService - ok
21:06:44.0400 0x15e4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:06:44.0424 0x15e4  upnphost - ok
21:06:44.0428 0x15e4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:06:44.0436 0x15e4  usbaudio - ok
21:06:44.0439 0x15e4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:06:44.0446 0x15e4  usbccgp - ok
21:06:44.0450 0x15e4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:06:44.0457 0x15e4  usbcir - ok
21:06:44.0460 0x15e4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:06:44.0466 0x15e4  usbehci - ok
21:06:44.0472 0x15e4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:06:44.0483 0x15e4  usbhub - ok
21:06:44.0485 0x15e4  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:06:44.0491 0x15e4  usbohci - ok
21:06:44.0493 0x15e4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:06:44.0500 0x15e4  usbprint - ok
21:06:44.0503 0x15e4  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:06:44.0510 0x15e4  USBSTOR - ok
21:06:44.0512 0x15e4  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:06:44.0518 0x15e4  usbuhci - ok
21:06:44.0523 0x15e4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:06:44.0532 0x15e4  usbvideo - ok
21:06:44.0534 0x15e4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:06:44.0553 0x15e4  UxSms - ok
21:06:44.0555 0x15e4  [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] VaultSvc        C:\Windows\system32\lsass.exe
21:06:44.0560 0x15e4  VaultSvc - ok
21:06:44.0576 0x15e4  [ 56A40C50DACA4B2A8FE575719A80FFEF, EE42604379F0D4B122C56AC7D23D28539733D0B8810ECBC9AF15E19C4D9781F6 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:06:44.0598 0x15e4  VBoxDrv - ok
21:06:44.0602 0x15e4  [ BAA1E8628FB937117BC414729518FDB0, 238CE4D7B0BAA1B1A589C06D4B06CDE53EA5BE7620B26E7B2326CDF0A36DFBF9 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
21:06:44.0609 0x15e4  VBoxNetAdp - ok
21:06:44.0615 0x15e4  [ C4E3F166FCC152D688AB442EF424A64A, 85E85976C758EFA8524C21403CD672FBDA33DDA24779C843A2D3EBF5303BE9F2 ] VBoxNetLwf      C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
21:06:44.0623 0x15e4  VBoxNetLwf - ok
21:06:44.0660 0x15e4  [ FC36273AADBF4F4EC8F9CA1672E792FE, 2E33296C905D40485421A523951DE62E00E6B6430F02FE691CC3F98AF653E291 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:06:44.0667 0x15e4  VBoxUSBMon - ok
21:06:44.0670 0x15e4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:06:44.0675 0x15e4  vdrvroot - ok
21:06:44.0685 0x15e4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:06:44.0712 0x15e4  vds - ok
21:06:44.0714 0x15e4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:06:44.0722 0x15e4  vga - ok
21:06:44.0724 0x15e4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:06:44.0741 0x15e4  VgaSave - ok
21:06:44.0746 0x15e4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:06:44.0754 0x15e4  vhdmp - ok
21:06:44.0756 0x15e4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:06:44.0761 0x15e4  viaide - ok
21:06:44.0766 0x15e4  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:06:44.0774 0x15e4  vmbus - ok
21:06:44.0776 0x15e4  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:06:44.0781 0x15e4  VMBusHID - ok
21:06:44.0784 0x15e4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:06:44.0790 0x15e4  volmgr - ok
21:06:44.0797 0x15e4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:06:44.0807 0x15e4  volmgrx - ok
21:06:44.0813 0x15e4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:06:44.0823 0x15e4  volsnap - ok
21:06:44.0827 0x15e4  [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
21:06:44.0835 0x15e4  vpcbus - ok
21:06:44.0838 0x15e4  [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:06:44.0844 0x15e4  vpcnfltr - ok
21:06:44.0848 0x15e4  [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
21:06:44.0855 0x15e4  vpcusb - ok
21:06:44.0861 0x15e4  [ 207B6539799CC1C112661A9B620DD233, 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
21:06:44.0871 0x15e4  vpcvmm - ok
21:06:44.0876 0x15e4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:06:44.0883 0x15e4  vsmraid - ok
21:06:44.0907 0x15e4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:06:44.0951 0x15e4  VSS - ok
21:06:44.0955 0x15e4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:06:44.0962 0x15e4  vwifibus - ok
21:06:44.0969 0x15e4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:06:44.0994 0x15e4  W32Time - ok
21:06:44.0997 0x15e4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:06:45.0003 0x15e4  WacomPen - ok
21:06:45.0007 0x15e4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:06:45.0024 0x15e4  WANARP - ok
21:06:45.0027 0x15e4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:06:45.0044 0x15e4  Wanarpv6 - ok
21:06:45.0068 0x15e4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:06:45.0103 0x15e4  wbengine - ok
21:06:45.0109 0x15e4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:06:45.0122 0x15e4  WbioSrvc - ok
21:06:45.0129 0x15e4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:06:45.0145 0x15e4  wcncsvc - ok
21:06:45.0147 0x15e4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:06:45.0155 0x15e4  WcsPlugInService - ok
21:06:45.0157 0x15e4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:06:45.0162 0x15e4  Wd - ok
21:06:45.0176 0x15e4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:06:45.0193 0x15e4  Wdf01000 - ok
21:06:45.0197 0x15e4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:06:45.0206 0x15e4  WdiServiceHost - ok
21:06:45.0208 0x15e4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:06:45.0215 0x15e4  WdiSystemHost - ok
21:06:45.0221 0x15e4  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
21:06:45.0232 0x15e4  WebClient - ok
21:06:45.0238 0x15e4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:06:45.0261 0x15e4  Wecsvc - ok
21:06:45.0264 0x15e4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:06:45.0284 0x15e4  wercplsupport - ok
21:06:45.0287 0x15e4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:06:45.0308 0x15e4  WerSvc - ok
21:06:45.0310 0x15e4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:06:45.0328 0x15e4  WfpLwf - ok
21:06:45.0330 0x15e4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:06:45.0335 0x15e4  WIMMount - ok
21:06:45.0337 0x15e4  WinDefend - ok
21:06:45.0340 0x15e4  WinHttpAutoProxySvc - ok
21:06:45.0347 0x15e4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:06:45.0368 0x15e4  Winmgmt - ok
21:06:45.0398 0x15e4  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
21:06:45.0442 0x15e4  WinRM - ok
21:06:45.0448 0x15e4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:06:45.0456 0x15e4  WinUsb - ok
21:06:45.0470 0x15e4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:06:45.0495 0x15e4  Wlansvc - ok
21:06:45.0530 0x15e4  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:06:45.0604 0x15e4  wlidsvc - ok
21:06:45.0607 0x15e4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:06:45.0613 0x15e4  WmiAcpi - ok
21:06:45.0619 0x15e4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:06:45.0628 0x15e4  wmiApSrv - ok
21:06:45.0630 0x15e4  WMPNetworkSvc - ok
21:06:45.0632 0x15e4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:06:45.0640 0x15e4  WPCSvc - ok
21:06:45.0643 0x15e4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:06:45.0653 0x15e4  WPDBusEnum - ok
21:06:45.0656 0x15e4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:06:45.0673 0x15e4  ws2ifsl - ok
21:06:45.0676 0x15e4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
21:06:45.0688 0x15e4  wscsvc - ok
21:06:45.0690 0x15e4  WSearch - ok
21:06:45.0729 0x15e4  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:06:45.0782 0x15e4  wuauserv - ok
21:06:45.0787 0x15e4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:06:45.0794 0x15e4  WudfPf - ok
21:06:45.0799 0x15e4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:06:45.0807 0x15e4  WUDFRd - ok
21:06:45.0811 0x15e4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:06:45.0818 0x15e4  wudfsvc - ok
21:06:45.0823 0x15e4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:06:45.0834 0x15e4  WwanSvc - ok
21:06:45.0837 0x15e4  ================ Scan global ===============================
21:06:45.0839 0x15e4  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
21:06:45.0845 0x15e4  [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
21:06:45.0853 0x15e4  [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
21:06:45.0857 0x15e4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:06:45.0864 0x15e4  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
21:06:45.0869 0x15e4  [ Global ] - ok
21:06:45.0870 0x15e4  ================ Scan MBR ==================================
21:06:45.0871 0x15e4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
21:06:45.0945 0x15e4  \Device\Harddisk2\DR2 - ok
21:06:45.0966 0x15e4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:06:46.0273 0x15e4  \Device\Harddisk0\DR0 - ok
21:06:46.0274 0x15e4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:06:46.0766 0x15e4  \Device\Harddisk1\DR1 - ok
21:06:46.0767 0x15e4  ================ Scan VBR ==================================
21:06:46.0769 0x15e4  [ 9774B126EC747E7EFC490D3658BC118C ] \Device\Harddisk2\DR2\Partition1
21:06:46.0770 0x15e4  \Device\Harddisk2\DR2\Partition1 - ok
21:06:46.0771 0x15e4  [ DF0D2FD63735E877F608A0FC5626B8EF ] \Device\Harddisk2\DR2\Partition2
21:06:46.0772 0x15e4  \Device\Harddisk2\DR2\Partition2 - ok
21:06:46.0773 0x15e4  [ 15E04EDA517B06002A98381D74325D49 ] \Device\Harddisk0\DR0\Partition1
21:06:46.0825 0x15e4  \Device\Harddisk0\DR0\Partition1 - ok
21:06:46.0826 0x15e4  [ C7ACB4DA4B095B908797D823A1E32D1A ] \Device\Harddisk1\DR1\Partition1
21:06:46.0857 0x15e4  \Device\Harddisk1\DR1\Partition1 - ok
21:06:46.0858 0x15e4  ================ Scan generic autorun ======================
21:06:47.0041 0x15e4  [ 324B8DDDF70D28B7A767E0608256DF36, 2FA4AA3F5E6D9C16A50F986027708AF657ADE9AE2A286E4F7686A1DF510FC2C1 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
21:06:47.0275 0x15e4  RTHDVCPL - ok
21:06:47.0285 0x15e4  [ F14327BA386AAA2246585BFADD8FE8E8, 2804D7985B116C808942B4501362D4F4BAE4B540E9A6AC9B176B30DD448BA5AC ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
21:06:47.0289 0x15e4  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
21:06:47.0504 0x15e4  Detect skipped due to KSN trusted
21:06:47.0504 0x15e4  IAStorIcon - ok
21:06:47.0587 0x15e4  [ EEF85F53AB2B172D10629CAE1A491EC2, C0787C1F8C193BCC0577F13A503E939056AD41BC4D34BD4B62DADA7F3D0AF429 ] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
21:06:47.0690 0x15e4  ISCT Tray - ok
21:06:47.0784 0x15e4  [ 0DA8E43DE369CF826FFE78517BD66D51, C9DD0654BD2C55CCCEDBC61DCD128C413ECC988AA1B9D758E2FA12304F50145E ] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
21:06:47.0930 0x15e4  StartCN - ok
21:06:47.0941 0x15e4  [ E4E7B29D050F5480071984FE6543C311, 9A4D8D1702AE74AB4FE4367EAF4AD6500F59D4F25B3CCACE3EF07613B7B5853C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
21:06:47.0951 0x15e4  USB3MON - ok
21:06:47.0956 0x15e4  [ 53C6C41356D532FEFD8056AB2906D129, C5E54C571FA44AF7FD1974464CC5D5DD30BA0D31ED20CF6B3DBB5A49FC5F0AC7 ] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
21:06:47.0963 0x15e4  Lightshot - ok
21:06:47.0968 0x15e4  [ ED13374E76D833772A687EA3594C1120, 3A2A0C41DED8555ACEB9CAAE7F9C0053B11CEE1877B06D993BDCA0E491DB6CE6 ] C:\Program Files (x86)\Drakonia Configurator\hid.exe
21:06:47.0974 0x15e4  GamingMouse - detected UnsignedFile.Multi.Generic ( 1 )
21:06:48.0110 0x15e4  GamingMouse ( UnsignedFile.Multi.Generic ) - warning
21:06:48.0329 0x15e4  [ 1504D15BCD8D3EC9C08F7BCB394CE5E2, 6B150B4819D9F7DF6893463986DB59ADDF71A05E03F10C2F59462480EF9486F4 ] E:\SkillerPro\Monitor.exe
21:06:48.0339 0x15e4  Skiller PRO - detected UnsignedFile.Multi.Generic ( 1 )
21:06:48.0554 0x15e4  Detect skipped due to KSN trusted
21:06:48.0554 0x15e4  Skiller PRO - ok
21:06:48.0565 0x15e4  [ 6513807FEE68E6C32E67437EE3FFB6C8, 2AB388BD68E984C38EAAF2D42DE918A64B42DA229627FC0B1A896A8AD60B5F91 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
21:06:48.0580 0x15e4  SunJavaUpdateSched - ok
21:06:48.0598 0x15e4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:06:48.0627 0x15e4  Sidebar - ok
21:06:48.0630 0x15e4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:06:48.0641 0x15e4  mctadmin - ok
21:06:48.0658 0x15e4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:06:48.0681 0x15e4  Sidebar - ok
21:06:48.0684 0x15e4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:06:48.0694 0x15e4  mctadmin - ok
21:06:48.0787 0x15e4  [ ADB8D21FC136BC4092A7F87DD4426F50, 8F63147EED8CCD5CE076491C78559ECB1A3953769F56B3191167E6C549CE8129 ] E:\steam\steam.exe
21:06:48.0832 0x15e4  Steam - ok
21:06:48.0836 0x15e4  Skype - ok
21:06:48.0861 0x15e4  [ E11775E9CC132A91A0918E3C8A536343, 85FAB7BF6B69DA7992E216B230D62520F5F5F87EB003AC4B98394CD60AE369FC ] C:\Users\root\AppData\Roaming\Spotify\SpotifyWebHelper.exe
21:06:48.0892 0x15e4  Spotify Web Helper - ok
21:06:48.0988 0x15e4  [ D698C43D244DD4520BBABC381C0B8C21, A2F0173F60CD2B44C8665CD3C53847BD15A408CF598014291EC2B6A82D60346B ] C:\Users\root\AppData\Roaming\Spotify\Spotify.exe
21:06:49.0090 0x15e4  Spotify - ok
21:06:49.0094 0x15e4  Waiting for KSN requests completion. In queue: 150
21:06:50.0105 0x15e4  AV detected via SS2: ESET NOD32 Antivirus 9.0.375.1, C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe ( 9.0.376.0 ), 0x41000 ( enabled : updated )
21:06:50.0107 0x15e4  Win FW state via NFP2: enabled ( trusted )
21:06:50.0248 0x15e4  ============================================================
21:06:50.0248 0x15e4  Scan finished
21:06:50.0248 0x15e4  ============================================================
21:06:50.0252 0x0a74  Detected object count: 3
21:06:50.0252 0x0a74  Actual detected object count: 3
21:07:37.0704 0x0a74  amdacpusrsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:07:37.0704 0x0a74  amdacpusrsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:07:37.0705 0x0a74  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
21:07:37.0705 0x0a74  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:07:37.0705 0x0a74  GamingMouse ( UnsignedFile.Multi.Generic ) - skipped by user
21:07:37.0705 0x0a74  GamingMouse ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
MfG Sodium

Alt 21.06.2016, 18:00   #7
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent



Hi,

Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass Deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Downloade Dir HitmanProauf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 21.06.2016, 20:17   #8
sodium
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent



Hey!

adwCleaner Log:
Code:
ATTFilter
# AdwCleaner v5.200 - Logfile created 21/06/2016 at 20:53:20
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-21.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : root - BATTLESTATION
# Running from : C:\Users\root\Desktop\AdwCleaner_5.200.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\ByteFence
[#] Folder Deleted : C:\ProgramData\Application Data\ByteFence
[-] Folder Deleted : C:\Program Files (x86)\Company Name
[-] Folder Deleted : C:\Users\root\AppData\Roaming\Company Name
[-] Folder Deleted : C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba

***** [ Files ] *****

[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-photos-e-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-photos-e-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-photos-h-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-photos-h-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-profile-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-profile-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-d-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-d-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-h-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_fbcdn-sphotos-h-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ad.turn.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ad.turn.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_blaze-audio-voice-cloak.de.softonic.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_blaze-audio-voice-cloak.de.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.softonic.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_funny-voice.de.softonic.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_funny-voice.de.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lividinstruments.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lividinstruments.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_logmein-hamachi.en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_logmein-hamachi.en.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mmotraffic.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mmotraffic.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_shop.lividinstruments.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_shop.lividinstruments.com_0.localstorage-journal
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\OCS
[-] Key Deleted : HKCU\Software\csastats

***** [ Web browsers ] *****

[-] [C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : 1und1.de
[-] [C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : funny-voice.softonic.de
[-] [C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : logmein-hamachi.en.softonic.com
[-] [C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hcdjknjpbnhdoabbngpmfekaecnpajba

*************************

:: "Tracing" keys deleted
:: Proxy settings cleared
:: Winsock settings cleared
:: IE policies deleted
:: Chrome policies deleted

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7286 bytes] - [21/06/2016 20:53:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [7127 bytes] - [21/06/2016 20:51:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7432 bytes] ##########
         
mbam Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 21.06.2016
Suchlaufzeit: 21:03
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.06.21.06
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: root

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 323793
Abgelaufene Zeit: 6 Min., 19 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 3
HackTool.DDoS, C:\Users\root\Desktop\intensoData\DateinÜberbleibsel\Datein\rDos.exe, Keine Aktion durch Benutzer, [fb9f4bb40396989e6206220eb54d9d63], 
HackTool.Hoylecann, C:\Users\root\Desktop\Programs\Hoic\Hoic\hoic2.1.exe, Keine Aktion durch Benutzer, [623811ee2772fb3b52274534d42c9f61], 
HackTool.LOIC, C:\Users\root\Desktop\Programs\penTesting\LOIC.exe, Keine Aktion durch Benutzer, [b8e2ef107920999d4d56a9a50ff29d63], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
Code:
ATTFilter
HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : BATTLESTATION
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : battlestation\root
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-06-21 21:13:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 4s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 3
   Traces  . . . . . . . : 13

   Objects scanned . . . : 2.379.125
   Files scanned . . . . : 65.815
   Remnants scanned  . . : 655.735 files / 1.657.575 keys

Malware _____________________________________________________________________

   C:\Users\root\Desktop\Programme\lenstor (x64).exe
      Size . . . . . . . : 156.672 bytes
      Age  . . . . . . . : 99.2 days (2016-03-14 17:01:04)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 54E5D4C703341EAFE6F95FABE42FF8E420FFFE53C4B587B59C9A5D884CB095D7
      Needs elevation  . : Yes
      Product  . . . . . : Seriales para Camtasia Studio 8.3
      Publisher  . . . . : Lenstor
      Description  . . . : Seriales para Camtasia Studio 8.3
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Bitdefender  . . . : Gen:Variant.Kazy.309381
      Fuzzy  . . . . . . : 100.0

   C:\Users\root\Desktop\Programs\Hoic\Hoic\hoic2.1.exe
      Size . . . . . . . : 8.902.228 bytes
      Age  . . . . . . . : 102.2 days (2016-03-11 16:47:36)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 3C9806F8E132917EF85512505FADACA733E5523C271DD2E2A6925DDB9C3D0DF0
    > Kaspersky  . . . . : HackTool.Win32.Hoic.a
    > HitmanPro  . . . . : App/HOIC-A
      Fuzzy  . . . . . . : 106.0

   C:\Users\root\Desktop\Programs\penTesting\LOIC.exe
      Size . . . . . . . : 136.192 bytes
      Age  . . . . . . . : 99.2 days (2016-03-14 17:01:05)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : F60A52512773B52DEF9BA9CE8AAD61144D2CF351F6BC04D1C5A13ABEF8F3B89B
      Product  . . . . . : Low Orbit Ion Cannon
      LanguageID . . . . : 0
    > Bitdefender  . . . : Gen:Variant.Application.HackTool.1
    > Kaspersky  . . . . : HEUR:HackTool.MSIL.Flooder.gen
      Fuzzy  . . . . . . : 114.0


Suspicious files ____________________________________________________________

   C:\$Recycle.Bin\S-1-5-21-3648149182-1190501675-731794431-1000\$R3IAUVX.exe
      Size . . . . . . . : 2.387.456 bytes
      Age  . . . . . . . : 2.0 days (2016-06-19 21:55:20)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4B394697CDD77F227660BC7CF2621FCC2D32BE959837D4CA3D8A17CB71BBCB3F
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\root\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 951.497 bytes
      Age  . . . . . . . : 78.0 days (2016-04-04 20:38:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 43358BBCEC1EBE7927CA3B0A3DCA0597D5E8584F0FCBE987B8126A0C12D73A2B
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\root\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
      Size . . . . . . . : 138.648 bytes
      Age  . . . . . . . : 77.0 days (2016-04-05 21:40:33)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : DE86A451D282866613EE18CF668C2E962ABCB09FA51F7FF0C98405418A19EA81
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   E:\MagicDisc\MagicDisc.exe
      Size . . . . . . . : 576.000 bytes
      Age  . . . . . . . : 14.2 days (2016-06-07 16:28:34)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : E8F100A8BF30CB101088E6E5BAFF9FF472976691B9BBF70BE324A75635D4D451
      Product  . . . . . : MagicDisc
      Publisher  . . . . : MagicISO, Inc.
      Description  . . . : MagicISO Virtual CD/DVD Manager
      Version  . . . . . : 2.7.0.106
      Copyright  . . . . : MagicISO, Inc.
      LanguageID . . . . : 1033
      Running processes  : 3628
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Uses the Startup folder in the Start Menu to run each time the user logs on.
         Program is running but currently exposes no human-computer interface (GUI).
         Program starts automatically without user intervention.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is in use by one or more active processes.
         Time indicates that the file appeared recently on this computer.
      Startup
         C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
      References
         C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc\MagicDisc.lnk
         C:\Users\root\Desktop\Programs\MagicDisc.lnk


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
         
Anmerkung: ich habe die ddos (dos) programme nur dazu verwendet, einen stresstest auf meinen server durch zu führen.

MfG Sodium

Alt 22.06.2016, 11:21   #9
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent



Zitat:
Zitat von sodium Beitrag anzeigen

Anmerkung: ich habe die ddos (dos) programme nur dazu verwendet, einen stresstest auf meinen server durch zu führen.

MfG Sodium
Na wenn Du sowas kannst und Dich auch mit Cracks und Hacktools beschäftigst, dann wirst Du über TCPView etc. auch die Ursache Deiner IPs herausfinden können. Aktive Malware sehe ich keine.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 22.06.2016, 15:03   #10
sodium
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent



Vielen Dank für deine Hilfe

Zitat:
Na wenn Du sowas kannst und Dich auch mit Cracks und Hacktools beschäftigst, dann wirst Du über TCPView etc. auch die Ursache Deiner IPs herausfinden können
Es braucht nicht viel Wissen oder Erfahrung, um solche simplen Tools benutzen zu können. Außerdem habe ich noch nie etwas von TCPView gehört.

Kann es nicht trotzdem sein, dass die IP's von Malware kommen, welche noch nicht weit gespreaded wurde und somit in keiner AV Datenbank ist?

Alt 22.06.2016, 19:43   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent



https://technet.microsoft.com/de-de/...s/tcpview.aspx

Zitat:
Kann es nicht trotzdem sein, dass die IP's von Malware kommen, welche noch nicht weit gespreaded wurde und somit in keiner AV Datenbank ist?
Klar. Aber die sollte man trotzdem sehen können. Und wenn nicht, tja...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 23.06.2016, 13:16   #12
sodium
 
netstat russische ip syn_sent - Standard

netstat russische ip syn_sent



........................................................................................

Geändert von sodium (23.06.2016 um 13:52 Uhr)

Antwort

Themen zu netstat russische ip syn_sent
ahnung, andere, anderen, angezeigt, aufbauen, befehl, chrome, cmd, externe, externen, geschlossen, hinweis, malware, merkwürdig, netstat, nicht, port, ports, prozesse, russische, status, verbindungen, wirkliche, wonach, würde



Ähnliche Themen: netstat russische ip syn_sent


  1. Russische Hackergruppen stehlen Informationen zu Trump bei US-Demokraten
    Nachrichten - 15.06.2016 (0)
  2. Windows 8 / Firefox russische Po-ups behindern normales Surfen
    Log-Analyse und Auswertung - 16.09.2015 (10)
  3. Bericht: Russische Hacker lasen nichtgeheime E-Mails Obamas
    Nachrichten - 26.04.2015 (0)
  4. Russische Hacker drangen angeblich in Computer des Weißen Hauses ein
    Nachrichten - 08.04.2015 (0)
  5. Windows 7: Webseiten werden auf Russische Werbung umgeleitet.
    Log-Analyse und Auswertung - 06.04.2015 (14)
  6. Russische Hacker spionieren angeblich NATO aus
    Nachrichten - 14.10.2014 (0)
  7. russische Internetseite öffnet sich bei Windowsstart
    Log-Analyse und Auswertung - 18.09.2014 (8)
  8. Sicherheitsforscher: Russische Hacker erbeuten 1,2 Milliarden Profildaten
    Nachrichten - 06.08.2014 (0)
  9. Email von Vodafone mit pdf, die auf russische Seite verzweigt leider geöffnet!
    Log-Analyse und Auswertung - 09.07.2014 (27)
  10. Russische Werbung im Browserfenster - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (14)
  11. Hunderte Millionen Schaden: Russische Kreditkartenhacker angeklagt
    Nachrichten - 26.07.2013 (0)
  12. Russische Malware späht US-Geldautomaten aus
    Nachrichten - 28.03.2013 (0)
  13. Russische Botnetz-Betreiber infizierten 6 Millionen Rechner
    Nachrichten - 23.06.2012 (0)
  14. TR/Shutdowner.fft , Internetbrowser öffnet russische Schmuddelseiten bei allen Eingaben
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (24)
  15. ICQ verschickt von meinem Account aus russische Nachrichten
    Log-Analyse und Auswertung - 14.03.2010 (0)
  16. Plötzlich russische Musik im Hintergrund. Virus?
    Log-Analyse und Auswertung - 22.01.2010 (6)
  17. Russische Porno werbung im unteren Inet-Explorer
    Plagegeister aller Art und deren Bekämpfung - 23.11.2008 (5)

Zum Thema netstat russische ip syn_sent - Habe mal wieder den "netstat -ban" Befehl in meiner Cmd eingegeben (wonach ich alle auffälligen Prozesse wie z.B. Chrome welche nur noch weitere Verbindungen aufbauen würden geschlossen hatte.) und dort - netstat russische ip syn_sent...
Archiv
Du betrachtest: netstat russische ip syn_sent auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.