| |
| |||||||
Log-Analyse und Auswertung: 50% CPU usage wenn idle...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.12.2016, 12:39
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  50% CPU usage wenn idle... Für die Windows Firewall braucht man keine Ausnahmen. Die braucht man nur wenn du selbst einen Serverdienst einrichtest.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.12.2016, 12:48
| #17 |
 | 50% CPU usage wenn idle... hm. jedenfalls updatet er nicht. windows fragt mich vorher auch immer nach dem passwort meines admin-accounts, obwohl ich meinem standardaccount auch admin-privilegien gegeben habe...
__________________ |
|
14.12.2016, 15:08
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50% CPU usage wenn idle...Zitat:
__________________ |
|
14.12.2016, 15:15
| #19 |
| | 50% CPU usage wenn idle... als ich mbar gestartet hatte, aber schon. hier noch mal die frst-dinger mit teng als admin. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by m (administrator) on SATAN (14-12-2016 15:11:28)
Running from G:\Needful Things\Trojaner Board
Loaded Profiles: m & Teng (Available Profiles: m & Teng)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Gemalto N.V.) C:\Users\Teng\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(www.bid-o-matic.org) C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\SCSI Host\scsihost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_250.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_250.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [77824 2014-03-22] (Apple Computer, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [SCSI Host] => C:\Program Files (x86)\SCSI Host\scsihost.exe [1521664 2016-04-18] ()
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\RunOnce: [wextract_cleanup0] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\m\AppData\Local\Temp\IXP000.TMP\" <===== ATTENTION
HKU\S-1-5-21-896307261-3574068607-3140626432-1001\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] ()
HKU\S-1-5-21-896307261-3574068607-3140626432-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-896307261-3574068607-3140626432-1001\...\Run: [StartOn arrangeQueue->Count()Wizard] => 1
HKU\S-1-5-21-896307261-3574068607-3140626432-1001\...\Run: [StartOn cs->itemsWizard] => My Documents
HKU\S-1-5-21-896307261-3574068607-3140626432-1001\...\Run: [H:\Musik\Selbermachen] => [X]
HKU\S-1-5-21-896307261-3574068607-3140626432-1001\...\Run: [] => [X]
HKU\S-1-5-21-896307261-3574068607-3140626432-1001\...\Run: [StartOn With Windows] => C:\Users\m\AppData\Local\Temp\TranscendElite\TranscendElite.exe [8847872 2014-08-13] (Transcned Information Inc.) <===== ATTENTION
HKU\S-1-5-21-896307261-3574068607-3140626432-1001\...\RunOnce: [DeleteMarkAny] => C:\Windows\SysWOW64\MASetupCleaner.exe [24576 2013-05-22] ((주)마크애니)
HKU\S-1-5-21-896307261-3574068607-3140626432-1001\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Run: [Steam] => "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] ()
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Teng\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Run: [koxgzz.exe] => \koxgzz.exe
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Run: [Mark.of.the.Ninja.Special.Edition-SKIDROW.exe] => Mark.of.the.Ninja.Special.Edition-SKIDROW.exe
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\MountPoints2: {0bc57b94-ddb3-11e2-8036-001d60863ea4} - N:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\MountPoints2: {28d2cd41-447c-11e3-a4f4-001d60863ea4} - J:\autorun.exe
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\MountPoints2: {b9d494f1-5692-11e1-be88-001d60863ea4} - L:\LaunchU3.exe -a
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk [2011-10-28]
ShortcutTarget: Biet-O-Matic.lnk -> C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
Startup: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk [2013-10-26]
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop\Now\GameStopNow.exe (No File)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{1D1813E2-57DB-459F-9DBE-2087AB259659}: [NameServer] 69.164.196.21,5.134.115.112
Tcpip\..\Interfaces\{1D1813E2-57DB-459F-9DBE-2087AB259659}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{7B365E17-81AA-4E61-BE18-136661F4713A}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKU\S-1-5-21-896307261-3574068607-3140626432-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-896307261-3574068607-3140626432-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-22] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-22] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-08-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\njp5z7ep.default [2015-05-24]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\njp5z7ep.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-01-14] [not signed]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\njp5z7ep.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-01-14] [not signed]
FF Extension: (LittleFox) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\njp5z7ep.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi [2013-01-14] [not signed]
FF Extension: (Flashblock) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\njp5z7ep.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2011-10-23] [not signed]
FF Extension: (Adblock Plus) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\njp5z7ep.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-14] [not signed]
FF Extension: (Tab Mix Plus) - C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\njp5z7ep.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-01-14] [not signed]
FF SearchPlugin: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\njp5z7ep.default\searchplugins\darklyrics.xml [2012-10-21]
FF SearchPlugin: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\njp5z7ep.default\searchplugins\encyclopaedia-metallum---google.xml [2012-10-21]
FF SearchPlugin: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\njp5z7ep.default\searchplugins\youtube.xml [2012-10-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_250.dll [2014-10-22] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-22] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_250.dll [2014-10-22] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-10-01] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-01] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-10-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-10-01] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-26] (DT Soft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-10-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56376 2016-10-01] (NVIDIA Corporation)
S3 PRESONUS_AUDIOBOX_USB; C:\Windows\System32\Drivers\psabusbu.sys [462968 2009-12-04] (Ploytec GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-14 12:15 - 2016-12-14 12:15 - 00000000 ____D C:\Users\Teng\Desktop\mbar
2016-12-13 20:15 - 2016-12-13 20:15 - 00000000 ____D C:\New folder
2016-12-12 23:21 - 2016-12-12 23:21 - 00001136 _____ C:\Users\Teng\Desktop\PC Konfiguration.txt
2016-12-12 22:34 - 2016-12-12 22:34 - 00000000 ____D C:\566551856fee234bbde9c7606c559e
2016-12-06 20:48 - 2016-12-06 20:48 - 00000000 ____D C:\Users\Teng\AppData\LocalLow\Knuckle Cracker
2016-12-06 20:46 - 2016-12-06 20:48 - 00000000 ____D C:\Users\m\AppData\Roaming\ParticleFleet
2016-12-06 20:30 - 2016-12-06 20:30 - 00000000 ____D C:\Users\Teng\AppData\Roaming\CreeperWorld3
2016-11-23 10:28 - 2016-12-04 18:56 - 00000000 ____D C:\Users\Teng\AppData\Roaming\Audacity
2016-11-23 10:28 - 2016-11-23 10:28 - 00001024 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-11-23 10:28 - 2016-11-23 10:28 - 00001012 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-23 10:28 - 2016-11-23 10:28 - 00000000 ____D C:\Users\Teng\AppData\Local\Audacity
2016-11-23 10:28 - 2016-11-23 10:28 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-11-21 10:50 - 2016-11-21 10:50 - 00059403 _____ C:\Users\Teng\Desktop\Tickets Killerz 3.pdf
2016-11-18 18:57 - 2016-12-12 22:22 - 00000000 ____D C:\Users\Teng\AppData\LocalLow\Mozilla
2016-11-18 14:26 - 2016-12-14 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-14 15:11 - 2014-10-16 12:28 - 00000000 ____D C:\FRST
2016-12-14 15:11 - 2011-10-28 10:43 - 00000000 ____D C:\Program Files (x86)\Biet-O-Matic
2016-12-14 12:48 - 2016-10-11 23:27 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-14 12:07 - 2014-10-16 11:50 - 00000000 ____D C:\Users\m\Desktop\mbar
2016-12-13 20:15 - 2012-04-25 20:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-12 22:38 - 2009-07-14 05:45 - 00014752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-12 22:38 - 2009-07-14 05:45 - 00014752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-12 22:16 - 2009-07-14 06:13 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-12 22:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-12 22:10 - 2016-10-12 14:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-12 22:10 - 2011-10-26 17:54 - 00000000 ____D C:\Users\Teng\.rainlendar2
2016-12-12 22:10 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-12 12:05 - 2014-09-12 01:28 - 00000000 ____D C:\Users\Teng\AppData\Roaming\F21A5342-74C1-4E8D-BAC3-006C36D75143
2016-12-12 11:32 - 2011-10-27 23:11 - 00000000 ____D C:\Users\Teng\AppData\Roaming\vlc
2016-12-08 22:10 - 2012-02-08 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KnuckleCracker
2016-12-04 19:58 - 2015-05-15 15:31 - 00000000 ____D C:\Users\Teng\AppData\Local\CrashDumps
2016-12-04 19:47 - 2011-10-28 15:59 - 00000000 ____D C:\Users\Teng\AppData\Roaming\FileZilla
==================== Files in the root of some directories =======
2015-08-04 16:58 - 2015-08-04 16:58 - 0000098 _____ () C:\Users\m\AppData\Roaming\SDC_Path_Meihua2_U.ini
Files to move or delete:
====================
C:\Users\m\AppData\Local\Temp\TranscendElite\TranscendElite.exe
Some files in TEMP:
====================
C:\Users\m\AppData\Local\temp\libeay32.dll
C:\Users\m\AppData\Local\temp\msvcr120.dll
C:\Users\m\AppData\Local\temp\nvSCPAPI64.dll
C:\Users\m\AppData\Local\temp\nvStInst.exe
C:\Users\m\AppData\Local\temp\sqlite3.dll
C:\Users\m\AppData\Local\temp\Uninstall.exe
C:\Users\m\AppData\Local\temp\_isF203.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-04 00:45
==================== End of FRST.txt ============================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by m (14-12-2016 15:13:40)
Running from G:\Needful Things\Trojaner Board
Windows 7 Professional Service Pack 1 (X64) (2011-10-23 17:17:32)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-896307261-3574068607-3140626432-500 - Administrator - Disabled)
Guest (S-1-5-21-896307261-3574068607-3140626432-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-896307261-3574068607-3140626432-1002 - Limited - Enabled)
m (S-1-5-21-896307261-3574068607-3140626432-1001 - Administrator - Enabled) => C:\Users\m
Teng (S-1-5-21-896307261-3574068607-3140626432-1004 - Administrator - Enabled) => C:\Users\Teng
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.250 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Amnesia: A Machine for Pigs (HKLM-x32\...\Amnesia: A Machine for Pigs_is1) (Version: - )
Ansel (Version: 373.06 - NVIDIA Corporation) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Avidemux 2.5 (HKLM-x32\...\Avidemux 2.5 (64-bit)) (Version: 2.5.6.7716 - )
Biet-O-Matic v2.14.8 (HKLM-x32\...\Biet-O-Matic v2.14.8) (Version: 2.14.8 - BOM Development Team)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Broken Sword 2.5 (HKLM-x32\...\Broken Sword 2.5_is1) (Version: - mindFactory)
Bullzip PDF Printer 7.2.0.1304 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.2.0.1304 - Bullzip)
calibre (HKLM-x32\...\{D47B7229-AC24-4D79-96AB-880649FFC892}) (Version: 2.19.0 - Kovid Goyal)
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Creeper World (HKLM-x32\...\CreeperWorld.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1) (Version: 0182 - UNKNOWN)
Creeper World (x32 Version: 0182 - UNKNOWN) Hidden
Creeper World 2 (HKLM-x32\...\CreeperWorld2.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1) (Version: 3.63.0 - UNKNOWN)
Creeper World 2 (x32 Version: 3.63.0 - UNKNOWN) Hidden
Dacia Media Nav Toolbox (HKLM-x32\...\Dacia Media Nav Toolbox) (Version: 3.18.4.502485 - NNG Llc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
Dying Light (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.24.20150630 - Landesfinanzdirektion Thüringen)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
FileZilla Client 3.22.2.2 (HKLM-x32\...\FileZilla Client) (Version: 3.22.2.2 - Tim Kosse)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.3.76.410 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Free Audio Converter version 5.0.61.805 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.61.805 - DVDVideoSoft Ltd.)
Freespace (HKLM-x32\...\GOGPACKFREESPACE_is1) (Version: 2.0.0.7 - GOG.com)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version: - )
GOG.com Freespace (HKLM\...\{cade436f-07c5-47f2-b1f3-10be3bd121da}.sdb) (Version: - )
GPL Ghostscript Lite 9.04 (HKLM-x32\...\GPL Ghostscript Lite_is1) (Version: - )
Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.290 - Oracle)
Java(TM) 7 Update 2 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217002FF}) (Version: 7.0.20 - Oracle)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Firefox 50.0.2 (x86 en-US) (HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 373.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 373.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
One Unit Whole Blood (HKLM-x32\...\One Unit Whole Blood_is1) (Version: - GOG.com)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Pathway Professional - Film Analysis (HKLM-x32\...\{9AA9F79E-3EFA-415F-99E9-E18529A0AFF4}) (Version: 31897 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
PDFTK Builder 3.5.3 (HKLM-x32\...\PDFTK Builder_is1) (Version: - )
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Pidgin (HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Pidgin) (Version: 2.10.1 - )
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
RemoteControl for Winamp (HKLM-x32\...\RemoteControl for Winamp1.00) (Version: 1.00 - Martin Schlodinski)
SABnzbd 0.7.14 (HKLM-x32\...\SABnzbd) (Version: 0.7.14 - The SABnzbd Team)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19269 - Gemalto N.V.)
Scrolls (HKLM-x32\...\{F7F74F7F-C458-4B7C-A6F4-80A28ED7AF0B}) (Version: 1.0.2.0 - Mojang)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sins of a Solar Empire Rebellion (c) Stardock version 1 (HKLM-x32\...\Sins of a Solar Empire Rebellion (c) Stardock_is1) (Version: 1 - )
Smart Organizing Monitor (HKLM-x32\...\{AD66DDE3-33AC-4F26-9EC6-A37454423C4F}) (Version: 1.00.0000 - RICOH)
Stronghold HD (HKLM-x32\...\GOGPACKSTRONGHOLDHD_is1) (Version: 2.0.0.3 - GOG.com)
Ulead GIF Animator Lite Edition 1.0 (HKLM-x32\...\Ulead GIF Animator Lite Edition 1.0) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-896307261-3574068607-3140626432-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Z (HKLM-x32\...\1207664893_is1) (Version: 2.3.0.8 - GOG.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {28151D7F-F331-4209-B8CD-F0866F8928C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {DEBF029E-3A7A-43C3-BC67-7B8FB42CC746} - System32\Tasks\Update\google update => Chrome.exe <==== ATTENTION
Task: {DFD78365-BD49-477E-B34A-D2ACA5DBABAD} - System32\Tasks\Update\WindowsFirewall => C:\Users\Teng\AppData\Roaming\svchost.exe <==== ATTENTION
Task: {EB618EAC-7362-4F9D-B82A-7370E1F7B091} - System32\Tasks\{A55CD8E2-97A0-4CC2-9A98-11314F53CD26} => pcalua.exe -a "C:\Users\m\Desktop\Needful Things\vcredist_x86.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-10-12 14:48 - 2016-10-01 20:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-12 14:50 - 2016-10-01 22:15 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-10-12 14:50 - 2016-10-01 22:15 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-10-12 14:50 - 2016-10-01 22:15 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-10-12 14:50 - 2016-10-01 22:15 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-10-12 14:50 - 2016-10-01 22:15 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-10-12 14:50 - 2016-10-01 22:15 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-10-12 14:50 - 2016-10-01 22:15 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-10-12 14:50 - 2016-10-01 22:15 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-10-12 14:49 - 2016-10-01 22:15 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-10-12 14:49 - 2016-10-01 22:15 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-11-01 19:10 - 2016-11-01 19:10 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-03-16 18:42 - 2014-03-16 18:42 - 04411488 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2012-05-16 20:12 - 2012-05-16 20:12 - 00179200 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2014-03-14 11:24 - 2014-03-14 11:24 - 00324608 _____ () C:\Program Files (x86)\Rainlendar2\libical.dll
2014-03-16 18:42 - 2014-03-16 18:42 - 00082528 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2014-03-14 11:24 - 2014-03-14 11:24 - 00080384 _____ () C:\Program Files (x86)\Rainlendar2\libicalss.dll
2014-03-16 18:44 - 2014-03-16 18:44 - 00346208 _____ () C:\Program Files (x86)\Rainlendar2\plugins\GoogleCalendarPlugin.dll
2012-06-17 14:21 - 2012-06-17 14:21 - 00015360 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2016-05-03 00:21 - 2016-04-18 12:16 - 01521664 _____ () C:\Program Files (x86)\SCSI Host\scsihost.exe
2016-10-12 14:49 - 2016-10-01 22:15 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2011-06-29 09:54 - 2011-06-29 09:56 - 11483264 _____ () C:\Users\Teng\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-12-09 18:23 - 2012-04-27 14:10 - 00417280 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00078848 _____ () C:\Program Files (x86)\Winamp\nde.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00023040 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
2011-12-09 18:23 - 2012-04-27 14:10 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
2011-12-09 18:23 - 2012-04-27 14:10 - 00047616 _____ () C:\Program Files (x86)\Winamp\zlib.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
2011-12-09 18:23 - 2012-04-27 14:10 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
2011-12-09 18:23 - 2012-04-27 14:10 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
2011-12-09 18:23 - 2012-04-27 14:10 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
2011-12-09 18:23 - 2012-04-27 14:10 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
2011-12-09 18:23 - 2012-04-27 14:10 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
2011-12-09 18:23 - 2012-04-27 14:10 - 00103936 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
2011-12-09 18:23 - 2012-04-27 14:10 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
2011-12-09 18:23 - 2012-04-27 14:10 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
2011-12-09 18:23 - 2012-04-27 14:10 - 00090112 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
2011-12-09 18:23 - 2012-04-27 14:10 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00061440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00165376 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00290304 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00052736 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00075264 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00253440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2011-12-09 18:23 - 2012-04-27 14:10 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [494]
AlternateDataStreams: C:\Users\Public\Desktop\Amnesia: A Machine for Pigs.lnk [1458]
AlternateDataStreams: C:\Users\Teng\Cookies:X7IeMuZWMtAtWneF5qqjxy4jMIO6Z [2364]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-896307261-3574068607-3140626432-1001\...\line6.net -> line6.net
IE trusted site: HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\microsoft.com -> hxxp://update.microsoft.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-10-16 20:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-896307261-3574068607-3140626432-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\m\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Teng\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 69.164.196.21 - 5.134.115.112
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Users^m^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D818B8A3-C591-408D-97DD-FCFE031ED0AF}] => %ProgramFiles% (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9965F4C-7EEF-489F-AA2F-3462F02CF282}] => C:\Program Files (x86)\Last.fm\LastFM.exe
FirewallRules: [{18519143-8B84-444A-8413-4D03E2337838}] => C:\Program Files (x86)\Last.fm\LastFM.exe
FirewallRules: [{C97F3F47-31DD-4D5D-B94B-9E32E841B225}] => C:\Program Files (x86)\Last.fm\LastFM.exe
FirewallRules: [{5EC81B49-7716-4536-A6E9-257972400C4C}] => C:\Program Files (x86)\Last.fm\LastFM.exe
FirewallRules: [{D802A2B1-4140-4B87-BA4C-5E7E18F949D1}] => %ProgramFiles% (x86)\Last.fm\LastFM.exe
FirewallRules: [{F336331D-32B8-4C1E-BE2E-56E427457430}] => %ProgramFiles% (x86)\Rainlendar2\Rainlendar2.exe
FirewallRules: [{902F5112-8525-404C-AFEE-72E0285218C2}] => %ProgramFiles% (x86)\SABnzbd\SABnzbd.exe
FirewallRules: [{7E030C8B-B048-4B9E-B7B1-3DF466C2B546}] => %ProgramFiles% (x86)\Biet-O-Matic\Biet-O-Matic.exe
FirewallRules: [{C2B1EE59-B6EA-4333-9256-8EC7DFE92C69}] => %ProgramFiles% (x86)\Biet-O-Matic\BOMUpdate.exe
FirewallRules: [{1D8B1F05-475E-4EFE-BA92-99D42CE238F0}] => %ProgramFiles% (x86)\Biet-O-Matic\BOM Logging Config Tool.exe
FirewallRules: [TCP Query User{42E16501-95EE-40C3-A415-7598C2CAA9A7}H:\games\dead island\deadislandgame.exe] => H:\games\dead island\deadislandgame.exe
FirewallRules: [UDP Query User{536C437E-A628-4805-920E-55BCED5ED45B}H:\games\dead island\deadislandgame.exe] => H:\games\dead island\deadislandgame.exe
FirewallRules: [{1464E782-28E2-48E0-A707-D9ABDA655C06}] => %ProgramFiles% (x86)\FileZilla FTP Client\filezilla.exe
FirewallRules: [{CA3A851B-6575-4719-867D-5FEEE905CA00}] => %ProgramFiles% (x86)\Biet-O-Matic\Biet-O-Matic.exe
FirewallRules: [{DE3BDCCB-9CAF-4877-B7E3-C48904A69B8F}] => %ProgramFiles% (x86)\Biet-O-Matic\BOM Logging Config Tool.exe
FirewallRules: [{78857152-4C79-4CDA-8F4E-00853F56ACFF}] => %ProgramFiles% (x86)\Biet-O-Matic\BOMUpdate.exe
FirewallRules: [{6EC31C6D-D7D8-46D0-BDB9-3A40D627D65F}] => %ProgramFiles% (x86)\Winamp\winamp.exe
FirewallRules: [{3DD30B62-D3B2-4EAB-A08F-D944348A8162}] => %ProgramFiles% (x86)\ImgBurn\ImgBurn.exe
FirewallRules: [{6D2C788A-4B01-4871-B090-02A4985A1AF2}] => %ProgramFiles% (x86)\YouTube Download\FreeYouTubeDownload.exe
FirewallRules: [{DF665DB2-E823-4F06-8E75-05D9546D6DE7}] => G:\Needful Things\Mediathek\Starten_Windows.exe
FirewallRules: [{D80925EB-D229-4BD3-87D4-15C983996C6F}] => G:\Needful Things\Mediathek\Starten_Windows.exe
FirewallRules: [{8208ADE5-F3CB-410E-A785-8D58822D9158}] => %ProgramFiles% (x86)\Desura\desura.exe
FirewallRules: [{52D7F7C6-734C-4A2A-88E9-647D44B529DF}] => %ProgramFiles% (x86)\Desura\desura.exe
FirewallRules: [{965346D4-725E-44B1-A544-C90E53A15BEA}] => G:\Needful Things\jxpiinstall.exe
FirewallRules: [{BE204C14-F2F0-4BA7-9D59-5F8DF3E5F771}] => %SystemDrive%\Users\Teng\AppData\Roaming\Microsoft\Windows\Pidgin\pidgin.exe
FirewallRules: [{255A9E4E-7A1F-4A57-84B9-02806A08ADA4}] => %SystemDrive%\Users\Teng\AppData\Roaming\Microsoft\Windows\Pidgin\pidgin.exe
FirewallRules: [TCP Query User{A86C2083-EA78-4487-BCAE-83E3A9512E74}H:\games\dead island\deadislandgame.exe] => H:\games\dead island\deadislandgame.exe
FirewallRules: [UDP Query User{68DCB21D-40B2-4003-95CA-5236D2F0B6BC}H:\games\dead island\deadislandgame.exe] => H:\games\dead island\deadislandgame.exe
FirewallRules: [{E589C869-FFF5-45C7-A1A7-BEA808AB9FDD}] => C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{1C7D2188-1B52-4837-ACC7-1F1F97927967}] => C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{DAB60054-3165-4F35-9C84-3AA1D837EB14}] => C:\Program Files (x86)\Sins of a Solar Empire\Sins of a Solar Empire.exe
FirewallRules: [{44D8A06E-670D-46A9-9B6D-374199FD3DD4}] => C:\Program Files (x86)\Sins of a Solar Empire\Sins of a Solar Empire.exe
FirewallRules: [TCP Query User{9189F5A1-B40E-40B9-BD78-94CDC23FA4BF}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3320C074-19E9-4205-8893-9243649887D8}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{8F9209E9-1ABE-4AF8-9FD6-5A9AC56FB396}] => %ProgramFiles% (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{46CD6534-BA66-42D4-94FC-EE9A5910E420}] => %ProgramFiles% (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe
FirewallRules: [{FD5239EF-7079-45C0-8070-9AE26A29160E}] => G:\Needful Things\Hearthstone-Setup-enUS.exe
FirewallRules: [{EA57DA4A-9939-4D18-835E-23203A0264F7}] => G:\Needful Things\Hearthstone-Setup-enUS.exe
FirewallRules: [{A31EFED0-4871-42BF-B90D-1C0E64893254}] => C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{DDE06BB6-CC0C-4D84-A839-20F4016EB459}] => C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{0DCE0E0E-FD2E-4435-81C7-E5D12EF2C630}] => G:\Games\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [TCP Query User{55EA7BC1-0D4F-4990-B812-0D91FDA6AC9D}G:\games\call of duty black ops 2\t6sp.exe] => G:\games\call of duty black ops 2\t6sp.exe
FirewallRules: [UDP Query User{6DE5962B-D4DF-47A3-995E-C19CB0C9FDD5}G:\games\call of duty black ops 2\t6sp.exe] => G:\games\call of duty black ops 2\t6sp.exe
FirewallRules: [TCP Query User{5FC6DA22-358D-4752-B4F7-DEE028ED2C92}C:\program files (x86)\games\farcry 3\bin\farcry3.exe] => C:\program files (x86)\games\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{2D0B7557-52C2-4DDD-9385-2EC493E57313}C:\program files (x86)\games\farcry 3\bin\farcry3.exe] => C:\program files (x86)\games\farcry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{49F5A7DD-9328-4E81-8318-8CE80558BE2D}G:\games\dying light\dyinglightgame.exe] => G:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{CD2C2BA9-6C9A-48BF-AC0C-C3C8D3965DDC}G:\games\dying light\dyinglightgame.exe] => G:\games\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{CEF16071-CF1C-4E96-B910-887AF09DF66C}G:\games\call of duty black ops 2\t6zm.exe] => G:\games\call of duty black ops 2\t6zm.exe
FirewallRules: [UDP Query User{FD414A49-255D-4D32-9011-FC80D3C5F100}G:\games\call of duty black ops 2\t6zm.exe] => G:\games\call of duty black ops 2\t6zm.exe
FirewallRules: [{6A731557-7B88-4A82-8CB0-C0B43C4BE6B8}] => G:\Games\Call of Duty Black Ops 2\t6sp.exe
FirewallRules: [{25F0E3D3-1683-4853-9F82-905B06587860}] => C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{3C759EA9-017B-4D9B-9929-E53F55DF3928}] => C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{88628CA2-3548-4299-A3DB-BEFA685AB868}] => G:\Needful Things\CreativeCloudSet-Up.exe
FirewallRules: [{380E378A-D595-4A65-9114-C71F33B91BE9}] => G:\Needful Things\CreativeCloudSet-Up.exe
FirewallRules: [{2E049E01-8950-44D3-BD0E-21820E5622D5}] => %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{3B73D895-CEAC-4D29-A5D0-692A63269CA9}] => %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{F4069482-624B-4DE4-ADE6-65E9EB2EA29A}] => %ProgramFiles% (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
FirewallRules: [{B87DEDA3-0BCE-484D-A80A-BBC22547DBF3}] => %ProgramFiles% (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
FirewallRules: [{AAA56D4E-D097-4D29-B586-109D8DA57B0F}] => %ProgramFiles% (x86)\Dacia Media Nav\Toolbox\toolbox.exe
FirewallRules: [{CDB65DA2-9FD4-4D22-AF7A-C6D695E19F99}] => %ProgramFiles% (x86)\Dacia Media Nav\Toolbox\toolbox.exe
FirewallRules: [TCP Query User{0488A768-3F77-4385-80D9-FD1342445016}G:\games\freespace\fs.exe] => G:\games\freespace\fs.exe
FirewallRules: [UDP Query User{D1D57B63-C8DE-4952-B756-84BA0E08A61A}G:\games\freespace\fs.exe] => G:\games\freespace\fs.exe
FirewallRules: [{51C2476B-52E3-44C8-A113-4806B0128519}] => %SystemDrive%\Users\Teng\Downloads\ageofconan-en.exe
FirewallRules: [{D9DEE0DC-2B71-4E11-94F2-697C3B728D01}] => %SystemDrive%\Users\Teng\Downloads\ageofconan-en.exe
FirewallRules: [TCP Query User{F39D0671-F160-469C-8816-05C3301BC706}H:\games\age of conan\conanpatcher.exe] => H:\games\age of conan\conanpatcher.exe
FirewallRules: [UDP Query User{5F556993-D1A7-47FD-9D8D-A4D9E9BFC868}H:\games\age of conan\conanpatcher.exe] => H:\games\age of conan\conanpatcher.exe
FirewallRules: [{43DF27E8-258D-4940-817E-BA9E2A105E2F}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7E88C2FD-C213-45D5-A699-36E73042A979}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{56E77248-851C-4C91-96A4-BCED33B5B4D4}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{367E94B8-9E3D-45D2-A9A9-BE8C2634F091}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8242B6EE-E727-49FF-87C1-ACC7079E06DF}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5FBA1AAF-5B24-47FC-A6FF-5E92D9DF30E8}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B7C6205D-27A1-4E93-AC3E-2BE25ECD7697}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FB6B8565-049C-41CC-89D6-8CE581EF4DFB}] => %ProgramFiles% (x86)\Winamp\winamp.exe
FirewallRules: [{39E2E4BF-4C8E-44E6-9FFC-E39CABE0D7BD}] => %ProgramFiles% (x86)\Winamp\winamp.exe
FirewallRules: [{11588CD1-B05A-4397-83A1-D8441F2DCCE6}] => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
FirewallRules: [{1C2F6B4B-F50D-481E-899F-EC4C5B792571}] => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
FirewallRules: [{AFD177CF-A697-402E-8753-82A496882F43}] => %USERPROFILE%\Desktop\mbar\mbar\mbar.exe
FirewallRules: [{C1EA225B-8E39-48E2-B3BE-7645A35578DF}] => %USERPROFILE%\Desktop\mbar\mbar\mbar.exe
FirewallRules: [{5189C4A6-F0B8-4F15-A7DD-C433DAFA9427}] => %USERPROFILE%\Desktop\mbar\mbar\mbamdor.exe
FirewallRules: [{73420621-5515-48D0-A185-BDFAC0CB47D9}] => %USERPROFILE%\Desktop\mbar\mbar\mbamdor.exe
==================== Restore Points =========================
03-12-2016 22:26:21 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/14/2016 03:12:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/14/2016 03:11:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/14/2016 03:11:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/14/2016 03:11:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/14/2016 03:11:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/14/2016 03:11:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/14/2016 03:11:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/14/2016 03:11:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/14/2016 03:11:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/14/2016 03:11:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
System errors:
=============
Error: (12/10/2016 12:03:08 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The NVIDIA Streamer Service service did not shut down properly after receiving a preshutdown control.
Error: (12/08/2016 07:43:37 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
Error: (11/14/2016 11:36:11 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The NVIDIA Streamer Service service did not shut down properly after receiving a preshutdown control.
Error: (11/05/2016 12:35:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (11/04/2016 09:30:28 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
Error: (11/04/2016 09:30:02 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
Error: (10/25/2016 09:33:34 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The NVIDIA Streamer Service service did not shut down properly after receiving a preshutdown control.
Error: (10/23/2016 02:02:19 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The NVIDIA Streamer Service service did not shut down properly after receiving a preshutdown control.
Error: (10/22/2016 11:48:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
Error: (10/22/2016 02:22:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
CodeIntegrity:
===================================
Date: 2014-10-16 21:43:04.096
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-16 21:43:04.058
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-23 01:42:44.803
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\m\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-23 01:42:44.756
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\m\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-23 01:42:44.444
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-23 01:42:44.413
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
Percentage of memory in use: 73%
Total physical RAM: 4094.49 MB
Available physical RAM: 1101.13 MB
Total Virtual: 16376.16 MB
Available Virtual: 12193.1 MB
==================== Drives ================================
Drive c: (Satan) (Fixed) (Total:97.56 GB) (Free:10.67 GB) NTFS
Drive d: (Old C) (Fixed) (Total:195.31 GB) (Free:41.47 GB) NTFS
Drive e: (Old D) (Fixed) (Total:195.31 GB) (Free:55.1 GB) NTFS
Drive f: (Old E) (Fixed) (Total:75.14 GB) (Free:23.73 GB) NTFS
Drive g: () (Fixed) (Total:292.97 GB) (Free:53.66 GB) NTFS
Drive h: () (Fixed) (Total:540.89 GB) (Free:110.23 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 603D2E21)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=540.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B4A643B)
Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.5 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
|
|
14.12.2016, 15:21
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50% CPU usage wenn idle... joar...was soll ich dazu sagen. Neustarten, MBAR nochmal probieren.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2016, 15:54
| #21 |
| | 50% CPU usage wenn idle... habe ich gemacht, hat aber leider nichts gebracht. |
|
14.12.2016, 16:06
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50% CPU usage wenn idle... Ich hab auch schon ne leichte Idee warum dein Rechner die Pest hat  Zitat:
  Lesestoff:Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2016, 19:35
| #23 |
| | 50% CPU usage wenn idle... okay, wie entferne ich dieses "mark of the ninja"? auf meiner festplatte finde ich die datei nicht... Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 8.0.7601.17514
Java version: 1.6.0_29
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.411000 GHz
Memory total: 4293386240, free: 1069654016
Host not found
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 8.0.7601.17514
Java version: 1.6.0_29
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.411000 GHz
Memory total: 4293386240, free: 1088761856
Host not found
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 8.0.7601.17514
Java version: 1.6.0_29
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.411000 GHz
Memory total: 4293386240, free: 976519168
Host not found
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 8.0.7601.17514
Java version: 1.6.0_29
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.411000 GHz
Memory total: 4293386240, free: 1265696768
Host not found
Host not found
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
12/14/2016 17:58:54
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvm62x64.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2014.11.18.05
rootkit: v2014.11.12.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004523060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004523b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004523060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80043a01a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80043a08b0, DeviceName: \Device\0000005e\, DriverName: \Driver\nvstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 603D2E21
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition is bootable
Partition file system is NTFS
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 204595200
Partition is not bootable
Partition file system is NTFS
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 204802048 Numsec = 614400000
Partition is not bootable
Partition file system is NTFS
Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 819202048 Numsec = 1134319616
Partition is not bootable
Partition file system is NTFS
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8004524060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004524b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004524060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80043a03f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80043a4060, DeviceName: \Device\0000005f\, DriverName: \Driver\nvstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4B4A643B
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 409593177
Partition is bootable
Partition file system is NTFS
Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 409593240 Numsec = 567174825
Partition is not bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
<<<2>>>
<<<3>>>
Volume: G:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scan finished
Code:
ATTFilter 19:31:15.0684 0x1108 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
19:31:18.0881 0x1108 ============================================================
19:31:18.0881 0x1108 Current date / time: 2016/12/14 19:31:18.0881
19:31:18.0881 0x1108 SystemInfo:
19:31:18.0881 0x1108
19:31:18.0881 0x1108 OS Version: 6.1.7601 ServicePack: 1.0
19:31:18.0881 0x1108 Product type: Workstation
19:31:18.0881 0x1108 ComputerName: SATAN
19:31:18.0882 0x1108 UserName: Teng
19:31:18.0882 0x1108 Windows directory: C:\Windows
19:31:18.0882 0x1108 System windows directory: C:\Windows
19:31:18.0882 0x1108 Running under WOW64
19:31:18.0882 0x1108 Processor architecture: Intel x64
19:31:18.0882 0x1108 Number of processors: 2
19:31:18.0882 0x1108 Page size: 0x1000
19:31:18.0882 0x1108 Boot type: Normal boot
19:31:18.0882 0x1108 CodeIntegrityOptions = 0x00000001
19:31:18.0882 0x1108 ============================================================
19:31:20.0629 0x1108 KLMD registered as C:\Windows\system32\drivers\13521929.sys
19:31:20.0629 0x1108 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.17640, osProperties = 0x1
19:31:20.0886 0x1108 System UUID: {2038A4BE-4F3A-485B-C1F1-003657B2F518}
19:31:21.0259 0x1108 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:31:21.0259 0x1108 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:31:21.0263 0x1108 ============================================================
19:31:21.0263 0x1108 \Device\Harddisk0\DR0:
19:31:21.0263 0x1108 MBR partitions:
19:31:21.0263 0x1108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:31:21.0263 0x1108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
19:31:21.0263 0x1108 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x249F0000
19:31:21.0263 0x1108 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x30D40800, BlocksNum 0x439C5800
19:31:21.0263 0x1108 \Device\Harddisk1\DR1:
19:31:21.0263 0x1108 MBR partitions:
19:31:21.0263 0x1108 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
19:31:21.0263 0x1108 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x1869E559
19:31:21.0263 0x1108 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x30D3CB6F, BlocksNum 0x96480D2
19:31:21.0263 0x1108 ============================================================
19:31:21.0295 0x1108 C: <-> \Device\Harddisk0\DR0\Partition2
19:31:21.0303 0x1108 D: <-> \Device\Harddisk1\DR1\Partition1
19:31:21.0304 0x1108 E: <-> \Device\Harddisk1\DR1\Partition2
19:31:21.0305 0x1108 F: <-> \Device\Harddisk1\DR1\Partition3
19:31:21.0334 0x1108 G: <-> \Device\Harddisk0\DR0\Partition3
19:31:21.0377 0x1108 H: <-> \Device\Harddisk0\DR0\Partition4
19:31:21.0377 0x1108 ============================================================
19:31:21.0377 0x1108 Initialize success
19:31:21.0377 0x1108 ============================================================
19:31:26.0594 0x1264 ============================================================
19:31:26.0594 0x1264 Scan started
19:31:26.0594 0x1264 Mode: Manual; SigCheck; TDLFS;
19:31:26.0594 0x1264 ============================================================
19:31:26.0594 0x1264 KSN ping started
19:32:01.0771 0x1264 KSN ping finished: false
19:32:02.0304 0x1264 ================ Scan system memory ========================
19:32:02.0304 0x1264 System memory - ok
19:32:02.0305 0x1264 ================ Scan services =============================
19:32:02.0450 0x1264 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:32:02.0552 0x1264 1394ohci - ok
19:32:02.0592 0x1264 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:32:02.0611 0x1264 ACPI - ok
19:32:02.0630 0x1264 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:32:02.0673 0x1264 AcpiPmi - ok
19:32:02.0713 0x1264 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:32:02.0739 0x1264 adp94xx - ok
19:32:02.0766 0x1264 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:32:02.0785 0x1264 adpahci - ok
19:32:02.0808 0x1264 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:32:02.0822 0x1264 adpu320 - ok
19:32:02.0852 0x1264 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:32:02.0892 0x1264 AeLookupSvc - ok
19:32:02.0949 0x1264 [ D5B031C308A409A0A576BFF4CF083D30, 081FCB53C65BC48093AEA5B067757F04C5C92F920D32A4DF01DD1DFF6B2FB20D ] AFD C:\Windows\system32\drivers\afd.sys
19:32:02.0979 0x1264 AFD - ok
19:32:03.0003 0x1264 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
19:32:03.0014 0x1264 agp440 - ok
19:32:03.0033 0x1264 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
19:32:03.0050 0x1264 ALG - ok
19:32:03.0076 0x1264 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
19:32:03.0086 0x1264 aliide - ok
19:32:03.0139 0x1264 [ D45D3540C5AE2A48C6112DF03F06F374, FEEA22BC629D2F25321293763BBB690959B7DFA2573B922C9D7F462DFEE52647 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:32:03.0176 0x1264 AMD External Events Utility - ok
19:32:03.0194 0x1264 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
19:32:03.0204 0x1264 amdide - ok
19:32:03.0240 0x1264 [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
19:32:03.0264 0x1264 amdiox64 - ok
19:32:03.0305 0x1264 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:32:03.0321 0x1264 AmdK8 - ok
19:32:03.0749 0x1264 [ 5B871F3E4A4A6C4693A413E3138B51D0, 3A1C4595F72DA0A852043624E52B3BE87BBC4D1AFDD09624E3EAD328D0B78310 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:32:04.0139 0x1264 amdkmdag - ok
19:32:04.0191 0x1264 [ 9BE1140CE8D2C5E878F136A7B85D41B3, DF3CABB90CC36ADCB71BF85CFE23BCD315D7DC301773E9856A6854B95740B2E2 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:32:04.0217 0x1264 amdkmdap - ok
19:32:04.0236 0x1264 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:32:04.0252 0x1264 AmdPPM - ok
19:32:04.0287 0x1264 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:32:04.0300 0x1264 amdsata - ok
19:32:04.0335 0x1264 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:32:04.0350 0x1264 amdsbs - ok
19:32:04.0364 0x1264 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:32:04.0374 0x1264 amdxata - ok
19:32:04.0404 0x1264 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
19:32:04.0442 0x1264 AppID - ok
19:32:04.0471 0x1264 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:32:04.0512 0x1264 AppIDSvc - ok
19:32:04.0538 0x1264 [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo C:\Windows\System32\appinfo.dll
19:32:04.0577 0x1264 Appinfo - ok
19:32:04.0612 0x1264 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
19:32:04.0643 0x1264 AppMgmt - ok
19:32:04.0681 0x1264 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:32:04.0693 0x1264 arc - ok
19:32:04.0709 0x1264 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:32:04.0723 0x1264 arcsas - ok
19:32:04.0845 0x1264 [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:32:04.0855 0x1264 aspnet_state - ok
19:32:04.0876 0x1264 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:32:04.0914 0x1264 AsyncMac - ok
19:32:04.0949 0x1264 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
19:32:04.0960 0x1264 atapi - ok
19:32:05.0013 0x1264 [ 24464B908E143D2561E9E452FEE97309, F5A24FEBAD1B1795A075130F7FFDD4EB76C8F1855FA1628A29CAFAF03C1C9183 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:32:05.0024 0x1264 AtiHDAudioService - ok
19:32:05.0413 0x1264 [ 5B871F3E4A4A6C4693A413E3138B51D0, 3A1C4595F72DA0A852043624E52B3BE87BBC4D1AFDD09624E3EAD328D0B78310 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:32:05.0806 0x1264 atikmdag - ok
19:32:05.0884 0x1264 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:32:05.0941 0x1264 AudioEndpointBuilder - ok
19:32:05.0966 0x1264 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:32:06.0024 0x1264 AudioSrv - ok
19:32:06.0070 0x1264 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:32:06.0093 0x1264 AxInstSV - ok
19:32:06.0135 0x1264 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:32:06.0164 0x1264 b06bdrv - ok
19:32:06.0184 0x1264 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:32:06.0207 0x1264 b57nd60a - ok
19:32:06.0243 0x1264 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
19:32:06.0261 0x1264 BDESVC - ok
19:32:06.0278 0x1264 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
19:32:06.0317 0x1264 Beep - ok
19:32:06.0384 0x1264 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
19:32:06.0442 0x1264 BFE - ok
19:32:06.0498 0x1264 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
19:32:06.0563 0x1264 BITS - ok
19:32:06.0589 0x1264 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:32:06.0611 0x1264 blbdrive - ok
19:32:06.0635 0x1264 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:32:06.0652 0x1264 bowser - ok
19:32:06.0673 0x1264 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:32:06.0690 0x1264 BrFiltLo - ok
19:32:06.0710 0x1264 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:32:06.0729 0x1264 BrFiltUp - ok
19:32:06.0751 0x1264 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:32:06.0793 0x1264 BridgeMP - ok
19:32:06.0827 0x1264 [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser C:\Windows\System32\browser.dll
19:32:06.0868 0x1264 Browser - ok
19:32:06.0889 0x1264 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:32:06.0913 0x1264 Brserid - ok
19:32:06.0936 0x1264 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:32:06.0954 0x1264 BrSerWdm - ok
19:32:06.0969 0x1264 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:32:06.0989 0x1264 BrUsbMdm - ok
19:32:07.0003 0x1264 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:32:07.0018 0x1264 BrUsbSer - ok
19:32:07.0039 0x1264 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:32:07.0059 0x1264 BTHMODEM - ok
19:32:07.0093 0x1264 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
19:32:07.0133 0x1264 bthserv - ok
19:32:07.0150 0x1264 catchme - ok
19:32:07.0171 0x1264 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:32:07.0214 0x1264 cdfs - ok
19:32:07.0260 0x1264 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:32:07.0279 0x1264 cdrom - ok
19:32:07.0309 0x1264 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
19:32:07.0348 0x1264 CertPropSvc - ok
19:32:07.0379 0x1264 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:32:07.0404 0x1264 circlass - ok
19:32:07.0448 0x1264 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
19:32:07.0468 0x1264 CLFS - ok
19:32:07.0542 0x1264 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:32:07.0553 0x1264 clr_optimization_v2.0.50727_32 - ok
19:32:07.0591 0x1264 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:32:07.0602 0x1264 clr_optimization_v2.0.50727_64 - ok
19:32:07.0681 0x1264 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:32:07.0693 0x1264 clr_optimization_v4.0.30319_32 - ok
19:32:07.0711 0x1264 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:32:07.0725 0x1264 clr_optimization_v4.0.30319_64 - ok
19:32:07.0755 0x1264 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:32:07.0769 0x1264 CmBatt - ok
19:32:07.0788 0x1264 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:32:07.0798 0x1264 cmdide - ok
19:32:07.0823 0x1264 [ D5FEA92400F12412B3922087C09DA6A5, C8CD9215D26D3295FE487C96A4FC3F4C8AFED764AE9445D9858D7489823A8A2B ] CNG C:\Windows\system32\Drivers\cng.sys
19:32:07.0851 0x1264 CNG - ok
19:32:07.0870 0x1264 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:32:07.0880 0x1264 Compbatt - ok
19:32:07.0899 0x1264 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:32:07.0918 0x1264 CompositeBus - ok
19:32:07.0924 0x1264 COMSysApp - ok
19:32:07.0985 0x1264 cpuz135 - ok
19:32:08.0005 0x1264 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:32:08.0015 0x1264 crcdisk - ok
19:32:08.0066 0x1264 [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:32:08.0108 0x1264 CryptSvc - ok
19:32:08.0152 0x1264 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
19:32:08.0183 0x1264 CSC - ok
19:32:08.0232 0x1264 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
19:32:08.0268 0x1264 CscService - ok
19:32:08.0310 0x1264 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:32:08.0366 0x1264 DcomLaunch - ok
19:32:08.0407 0x1264 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
19:32:08.0455 0x1264 defragsvc - ok
19:32:08.0512 0x1264 [ 2B9A817DC1BDAD9CE5495099B6A7136A, 6D040069C6CD249A4113E4BDD16658D02685F6018F804654934A03F5E2D161A8 ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
19:32:08.0524 0x1264 Desura Install Service - ok
19:32:08.0548 0x1264 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:32:08.0587 0x1264 DfsC - ok
19:32:08.0630 0x1264 [ 421D371E96480DD3A14EA37D0D2757D1, A2E8224AF48CBFBEE169771C79388E50EDBACA62CBA5F83CAF50B20375080509 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
19:32:08.0642 0x1264 dg_ssudbus - ok
19:32:08.0673 0x1264 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:32:08.0721 0x1264 Dhcp - ok
19:32:08.0733 0x1264 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
19:32:08.0772 0x1264 discache - ok
19:32:08.0797 0x1264 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:32:08.0808 0x1264 Disk - ok
19:32:08.0835 0x1264 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:32:08.0856 0x1264 Dnscache - ok
19:32:08.0887 0x1264 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
19:32:08.0932 0x1264 dot3svc - ok
19:32:08.0965 0x1264 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
19:32:09.0007 0x1264 DPS - ok
19:32:09.0042 0x1264 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:32:09.0059 0x1264 drmkaud - ok
19:32:09.0093 0x1264 [ D3D64CF7B2BCEAA34A270F45A3FFFB36, 4374D4FB081A004C610707669F7817C55F247D1EB3DDA012CCDF080FF39BFAD2 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:32:09.0109 0x1264 dtsoftbus01 - ok
19:32:09.0153 0x1264 [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:32:09.0190 0x1264 DXGKrnl - ok
19:32:09.0227 0x1264 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
19:32:09.0271 0x1264 EapHost - ok
19:32:09.0399 0x1264 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:32:09.0521 0x1264 ebdrv - ok
19:32:09.0547 0x1264 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS C:\Windows\System32\lsass.exe
19:32:09.0568 0x1264 EFS - ok
19:32:09.0631 0x1264 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:32:09.0668 0x1264 ehRecvr - ok
19:32:09.0706 0x1264 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
19:32:09.0726 0x1264 ehSched - ok
19:32:09.0775 0x1264 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:32:09.0800 0x1264 elxstor - ok
19:32:09.0829 0x1264 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:32:09.0843 0x1264 ErrDev - ok
19:32:09.0880 0x1264 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
19:32:09.0933 0x1264 EventSystem - ok
19:32:09.0958 0x1264 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
19:32:10.0006 0x1264 exfat - ok
19:32:10.0028 0x1264 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:32:10.0073 0x1264 fastfat - ok
19:32:10.0132 0x1264 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
19:32:10.0169 0x1264 Fax - ok
19:32:10.0190 0x1264 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:32:10.0206 0x1264 fdc - ok
19:32:10.0231 0x1264 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
19:32:10.0271 0x1264 fdPHost - ok
19:32:10.0278 0x1264 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
19:32:10.0318 0x1264 FDResPub - ok
19:32:10.0331 0x1264 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:32:10.0343 0x1264 FileInfo - ok
19:32:10.0361 0x1264 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:32:10.0400 0x1264 Filetrace - ok
19:32:10.0415 0x1264 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:32:10.0432 0x1264 flpydisk - ok
19:32:10.0459 0x1264 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:32:10.0476 0x1264 FltMgr - ok
19:32:10.0534 0x1264 [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache C:\Windows\system32\FntCache.dll
19:32:10.0585 0x1264 FontCache - ok
19:32:10.0638 0x1264 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:32:10.0648 0x1264 FontCache3.0.0.0 - ok
19:32:10.0746 0x1264 [ 22603DE86CEEE8A67B3789D2CE8E42A7, C472E4A8419555226E527CAA699EDB53659605270FD6F420E7BEACE9652EA443 ] FoxitCloudUpdateService C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
19:32:10.0762 0x1264 FoxitCloudUpdateService - ok
19:32:10.0793 0x1264 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:32:10.0804 0x1264 FsDepends - ok
19:32:10.0820 0x1264 [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:32:10.0830 0x1264 Fs_Rec - ok
19:32:10.0857 0x1264 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:32:10.0875 0x1264 fvevol - ok
19:32:10.0906 0x1264 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:32:10.0918 0x1264 gagp30kx - ok
19:32:11.0055 0x1264 [ F78BC07DCED5EDDD6D477E923620F8EA, ABE28155100A38A5E1B58FFC8099EF416145278B440A67B8DAFD7715FE412624 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
19:32:11.0096 0x1264 GfExperienceService - ok
19:32:11.0149 0x1264 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
19:32:11.0210 0x1264 gpsvc - ok
19:32:11.0229 0x1264 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:32:11.0244 0x1264 hcw85cir - ok
19:32:11.0307 0x1264 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:32:11.0335 0x1264 HdAudAddService - ok
19:32:11.0362 0x1264 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:32:11.0384 0x1264 HDAudBus - ok
19:32:11.0405 0x1264 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:32:11.0420 0x1264 HidBatt - ok
19:32:11.0454 0x1264 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:32:11.0474 0x1264 HidBth - ok
19:32:11.0491 0x1264 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:32:11.0510 0x1264 HidIr - ok
19:32:11.0537 0x1264 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
19:32:11.0578 0x1264 hidserv - ok
19:32:11.0609 0x1264 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:32:11.0625 0x1264 HidUsb - ok
19:32:11.0666 0x1264 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:32:11.0710 0x1264 hkmsvc - ok
19:32:11.0754 0x1264 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:32:11.0776 0x1264 HomeGroupListener - ok
19:32:11.0814 0x1264 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:32:11.0835 0x1264 HomeGroupProvider - ok
19:32:11.0863 0x1264 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:32:11.0875 0x1264 HpSAMD - ok
19:32:11.0916 0x1264 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:32:11.0976 0x1264 HTTP - ok
19:32:11.0997 0x1264 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:32:12.0007 0x1264 hwpolicy - ok
19:32:12.0041 0x1264 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:32:12.0059 0x1264 i8042prt - ok
19:32:12.0097 0x1264 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:32:12.0117 0x1264 iaStorV - ok
19:32:12.0199 0x1264 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:32:12.0207 0x1264 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
19:32:16.0382 0x1264 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:32:16.0382 0x1264 Force sending object to P2P due to detect: IDriverT
19:32:16.0384 0x1264 Object send P2P result: false
19:32:16.0436 0x1264 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:32:16.0467 0x1264 idsvc - ok
19:32:16.0485 0x1264 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:32:16.0498 0x1264 iirsp - ok
19:32:16.0539 0x1264 [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
19:32:16.0605 0x1264 IKEEXT - ok
19:32:16.0637 0x1264 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
19:32:16.0649 0x1264 intelide - ok
19:32:16.0695 0x1264 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:32:16.0711 0x1264 intelppm - ok
19:32:16.0732 0x1264 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:32:16.0776 0x1264 IPBusEnum - ok
19:32:16.0801 0x1264 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:32:16.0840 0x1264 IpFilterDriver - ok
19:32:16.0890 0x1264 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:32:16.0945 0x1264 iphlpsvc - ok
19:32:16.0967 0x1264 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:32:16.0985 0x1264 IPMIDRV - ok
19:32:17.0010 0x1264 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:32:17.0051 0x1264 IPNAT - ok
19:32:17.0074 0x1264 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:32:17.0093 0x1264 IRENUM - ok
19:32:17.0109 0x1264 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:32:17.0119 0x1264 isapnp - ok
19:32:17.0146 0x1264 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:32:17.0163 0x1264 iScsiPrt - ok
19:32:17.0195 0x1264 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:32:17.0206 0x1264 kbdclass - ok
19:32:17.0218 0x1264 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:32:17.0234 0x1264 kbdhid - ok
19:32:17.0252 0x1264 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso C:\Windows\system32\lsass.exe
19:32:17.0271 0x1264 KeyIso - ok
19:32:17.0287 0x1264 [ CCD53B5BD33CE0C889E830D839C8B66E, 51B7556DA7DAA0BC75E00E53099776016A55FAA115D5A4E6830E12A0A0869C10 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:32:17.0300 0x1264 KSecDD - ok
19:32:17.0316 0x1264 [ 9FF918A261752C12639E8AD4208D2C2F, B60F7A730C92F2BF7E85A6CA14DD7671AEECEE154CEC83B1E23EF268C25C9E5E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:32:17.0330 0x1264 KSecPkg - ok
19:32:17.0353 0x1264 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:32:17.0392 0x1264 ksthunk - ok
19:32:17.0434 0x1264 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
19:32:17.0485 0x1264 KtmRm - ok
19:32:17.0524 0x1264 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:32:17.0569 0x1264 LanmanServer - ok
19:32:17.0595 0x1264 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:32:17.0637 0x1264 LanmanWorkstation - ok
19:32:17.0664 0x1264 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:32:17.0704 0x1264 lltdio - ok
19:32:17.0742 0x1264 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:32:17.0791 0x1264 lltdsvc - ok
19:32:17.0807 0x1264 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:32:17.0849 0x1264 lmhosts - ok
19:32:17.0875 0x1264 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:32:17.0888 0x1264 LSI_FC - ok
19:32:17.0926 0x1264 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:32:17.0938 0x1264 LSI_SAS - ok
19:32:17.0960 0x1264 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:32:17.0972 0x1264 LSI_SAS2 - ok
19:32:17.0998 0x1264 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:32:18.0011 0x1264 LSI_SCSI - ok
19:32:18.0035 0x1264 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
19:32:18.0080 0x1264 luafv - ok
19:32:18.0128 0x1264 [ 47701ECA633574E122687693B5C5D35C, 1DB12767462347504956450FAD0D90B6E682E2E8959A6C5DF3792C3C3DA289B1 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
19:32:18.0141 0x1264 mbamchameleon - ok
19:32:18.0207 0x1264 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
19:32:18.0222 0x1264 MBAMSwissArmy - ok
19:32:18.0247 0x1264 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:32:18.0265 0x1264 Mcx2Svc - ok
19:32:18.0279 0x1264 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:32:18.0289 0x1264 megasas - ok
19:32:18.0319 0x1264 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:32:18.0339 0x1264 MegaSR - ok
19:32:18.0394 0x1264 Microsoft SharePoint Workspace Audit Service - ok
19:32:18.0409 0x1264 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
19:32:18.0451 0x1264 MMCSS - ok
19:32:18.0474 0x1264 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
19:32:18.0516 0x1264 Modem - ok
19:32:18.0534 0x1264 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:32:18.0553 0x1264 monitor - ok
19:32:18.0587 0x1264 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:32:18.0598 0x1264 mouclass - ok
19:32:18.0628 0x1264 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:32:18.0643 0x1264 mouhid - ok
19:32:18.0677 0x1264 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:32:18.0689 0x1264 mountmgr - ok
19:32:18.0719 0x1264 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
19:32:18.0733 0x1264 mpio - ok
19:32:18.0753 0x1264 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:32:18.0793 0x1264 mpsdrv - ok
19:32:18.0844 0x1264 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:32:18.0907 0x1264 MpsSvc - ok
19:32:18.0943 0x1264 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:32:18.0967 0x1264 MRxDAV - ok
19:32:18.0997 0x1264 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:32:19.0015 0x1264 mrxsmb - ok
19:32:19.0047 0x1264 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:32:19.0070 0x1264 mrxsmb10 - ok
19:32:19.0088 0x1264 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:32:19.0105 0x1264 mrxsmb20 - ok
19:32:19.0126 0x1264 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
19:32:19.0136 0x1264 msahci - ok
19:32:19.0155 0x1264 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:32:19.0169 0x1264 msdsm - ok
19:32:19.0190 0x1264 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
19:32:19.0210 0x1264 MSDTC - ok
19:32:19.0247 0x1264 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:32:19.0286 0x1264 Msfs - ok
19:32:19.0304 0x1264 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:32:19.0344 0x1264 mshidkmdf - ok
19:32:19.0360 0x1264 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:32:19.0371 0x1264 msisadrv - ok
19:32:19.0422 0x1264 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:32:19.0465 0x1264 MSiSCSI - ok
19:32:19.0474 0x1264 msiserver - ok
19:32:19.0495 0x1264 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:32:19.0533 0x1264 MSKSSRV - ok
19:32:19.0551 0x1264 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:32:19.0589 0x1264 MSPCLOCK - ok
19:32:19.0595 0x1264 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:32:19.0634 0x1264 MSPQM - ok
19:32:19.0670 0x1264 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:32:19.0691 0x1264 MsRPC - ok
19:32:19.0719 0x1264 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:32:19.0731 0x1264 mssmbios - ok
19:32:19.0737 0x1264 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:32:19.0776 0x1264 MSTEE - ok
19:32:19.0789 0x1264 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:32:19.0804 0x1264 MTConfig - ok
19:32:19.0836 0x1264 [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:32:19.0851 0x1264 MTsensor - ok
19:32:19.0866 0x1264 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
19:32:19.0877 0x1264 Mup - ok
19:32:19.0920 0x1264 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
19:32:19.0977 0x1264 napagent - ok
19:32:20.0031 0x1264 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:32:20.0060 0x1264 NativeWifiP - ok
19:32:20.0118 0x1264 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
19:32:20.0153 0x1264 NDIS - ok
19:32:20.0171 0x1264 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:32:20.0210 0x1264 NdisCap - ok
19:32:20.0236 0x1264 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:32:20.0276 0x1264 NdisTapi - ok
19:32:20.0305 0x1264 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:32:20.0343 0x1264 Ndisuio - ok
19:32:20.0378 0x1264 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:32:20.0420 0x1264 NdisWan - ok
19:32:20.0446 0x1264 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:32:20.0485 0x1264 NDProxy - ok
19:32:20.0497 0x1264 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:32:20.0535 0x1264 NetBIOS - ok
19:32:20.0561 0x1264 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:32:20.0607 0x1264 NetBT - ok
19:32:20.0620 0x1264 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon C:\Windows\system32\lsass.exe
19:32:20.0637 0x1264 Netlogon - ok
19:32:20.0674 0x1264 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
19:32:20.0725 0x1264 Netman - ok
19:32:20.0775 0x1264 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:32:20.0786 0x1264 NetMsmqActivator - ok
19:32:20.0794 0x1264 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:32:20.0806 0x1264 NetPipeActivator - ok
19:32:20.0839 0x1264 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
19:32:20.0894 0x1264 netprofm - ok
19:32:20.0903 0x1264 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:32:20.0915 0x1264 NetTcpActivator - ok
19:32:20.0922 0x1264 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:32:20.0934 0x1264 NetTcpPortSharing - ok
19:32:20.0958 0x1264 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:32:20.0970 0x1264 nfrd960 - ok
19:32:21.0018 0x1264 [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:32:21.0065 0x1264 NlaSvc - ok
19:32:21.0078 0x1264 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:32:21.0118 0x1264 Npfs - ok
19:32:21.0135 0x1264 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
19:32:21.0175 0x1264 nsi - ok
19:32:21.0201 0x1264 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:32:21.0240 0x1264 nsiproxy - ok
19:32:21.0322 0x1264 [ 05D78AA5CB5F3F5C31160BDB955D0B7C, E3CD3FAF52ED11A8FB96D667510F1EDCA49053705AA3A13F560F8F6EC995CA45 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:32:21.0380 0x1264 Ntfs - ok
19:32:21.0398 0x1264 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
19:32:21.0436 0x1264 Null - ok
19:32:21.0488 0x1264 [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
19:32:21.0516 0x1264 NVENETFD - ok
19:32:21.0557 0x1264 [ 67B51A97733B10D716B366C2ED126763, C34B889D39A4443A82BCDF6B9A0BF637D2ECC37BBB1AAE21143EC9E3DC495D90 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:32:21.0574 0x1264 NVHDA - ok
19:32:22.0049 0x1264 [ 8B87AC8D36FA06A6EE5D613B67B194B6, 8D14E03067F452E25A46C22489575B0D0A275C11CB8D99846A73AFFDCAB1A2CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:32:22.0440 0x1264 nvlddmkm - ok
19:32:22.0591 0x1264 [ 020F45E362D3B57CCC5735582BB1A6EC, E2D953CEF208528382153D06FED8394BEB52657C547E4D2D2954E537C9A382DC ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
19:32:22.0651 0x1264 NvNetworkService - ok
19:32:22.0678 0x1264 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:32:22.0691 0x1264 nvraid - ok
19:32:22.0726 0x1264 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:32:22.0748 0x1264 nvstor - ok
19:32:22.0836 0x1264 [ F82BCEB9F57B2959F6AAE2A3DDA892A8, 5B02C74BAF0E12B84F239B1449DAA955B28BD5BA7D35D315DB57F45E042E0DB3 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
19:32:22.0845 0x1264 NvStreamKms - ok
19:32:22.0976 0x1264 [ 9209D57C1AA24841EF8D5DE6A5B2AAEB, C1A53621F5361DCE9C962A9B9B586D1904901C9EC20EFCA76C40ADCD98BEDF3C ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
19:32:23.0085 0x1264 NvStreamNetworkSvc - ok
19:32:23.0190 0x1264 [ 0EDF9504CA5174075BA5902AFC1F57C8, 8E210E71BA91813D3BB6B59E5F6AD0889711336AD12B1B1C67CCC882A6ED3E53 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
19:32:23.0271 0x1264 NvStreamSvc - ok
19:32:23.0366 0x1264 [ 705D7F0028B030DE1C2498AE3213AEFB, BCA48BF46F2D1263B96F1C22970406201A740E235479A1AD19D1339E060D1880 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:32:23.0415 0x1264 nvsvc - ok
19:32:23.0455 0x1264 [ 38175904276F86EA4704EC13B77FB4B0, 4965BCF17E3D9EE4CE2E4DC158C5E7179C3ABBAE9D640FBCFFBCA973F21DDDF6 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
19:32:23.0466 0x1264 nvvad_WaveExtensible - ok
19:32:23.0500 0x1264 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:32:23.0513 0x1264 nv_agp - ok
19:32:23.0536 0x1264 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:32:23.0554 0x1264 ohci1394 - ok
19:32:23.0601 0x1264 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:32:23.0613 0x1264 ose - ok
19:32:23.0807 0x1264 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:32:23.0950 0x1264 osppsvc - ok
19:32:24.0020 0x1264 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:32:24.0046 0x1264 p2pimsvc - ok
19:32:24.0075 0x1264 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
19:32:24.0105 0x1264 p2psvc - ok
19:32:24.0138 0x1264 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:32:24.0156 0x1264 Parport - ok
19:32:24.0178 0x1264 [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:32:24.0190 0x1264 partmgr - ok
19:32:24.0204 0x1264 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
19:32:24.0232 0x1264 PcaSvc - ok
19:32:24.0255 0x1264 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
19:32:24.0271 0x1264 pci - ok
19:32:24.0294 0x1264 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
19:32:24.0304 0x1264 pciide - ok
19:32:24.0332 0x1264 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:32:24.0349 0x1264 pcmcia - ok
19:32:24.0370 0x1264 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
19:32:24.0381 0x1264 pcw - ok
19:32:24.0421 0x1264 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:32:24.0479 0x1264 PEAUTH - ok
19:32:24.0551 0x1264 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:32:24.0610 0x1264 PeerDistSvc - ok
19:32:24.0676 0x1264 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:32:24.0693 0x1264 PerfHost - ok
19:32:24.0776 0x1264 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
19:32:24.0856 0x1264 pla - ok
19:32:24.0910 0x1264 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:32:24.0938 0x1264 PlugPlay - ok
19:32:24.0960 0x1264 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:32:24.0978 0x1264 PNRPAutoReg - ok
19:32:24.0992 0x1264 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:32:25.0018 0x1264 PNRPsvc - ok
19:32:25.0049 0x1264 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:32:25.0101 0x1264 PolicyAgent - ok
19:32:25.0142 0x1264 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
19:32:25.0186 0x1264 Power - ok
19:32:25.0231 0x1264 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:32:25.0270 0x1264 PptpMiniport - ok
19:32:25.0331 0x1264 [ 96D337F025ABAFE7CADDDEC495413895, 84EE29BB89FC8595D42B9A2FE2BAC0D44175B0045991ECA34D05EDBE51F5D3A1 ] PRESONUS_AUDIOBOX_USB C:\Windows\system32\Drivers\psabusbu.sys
19:32:25.0355 0x1264 PRESONUS_AUDIOBOX_USB - ok
19:32:25.0384 0x1264 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:32:25.0400 0x1264 Processor - ok
19:32:25.0426 0x1264 [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc C:\Windows\system32\profsvc.dll
19:32:25.0470 0x1264 ProfSvc - ok
19:32:25.0488 0x1264 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:32:25.0505 0x1264 ProtectedStorage - ok
19:32:25.0543 0x1264 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:32:25.0586 0x1264 Psched - ok
19:32:25.0618 0x1264 [ BC08F7F3C53CBEE68670ED1314E290FD, EC683DDE60AFED297D28BC7570BB6DA27A94F52417AD6DE1FBE265255F4051DD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:32:25.0628 0x1264 PxHlpa64 - ok
19:32:25.0687 0x1264 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:32:25.0737 0x1264 ql2300 - ok
19:32:25.0761 0x1264 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:32:25.0774 0x1264 ql40xx - ok
19:32:25.0808 0x1264 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
19:32:25.0836 0x1264 QWAVE - ok
19:32:25.0857 0x1264 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:32:25.0876 0x1264 QWAVEdrv - ok
19:32:25.0895 0x1264 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:32:25.0933 0x1264 RasAcd - ok
19:32:25.0960 0x1264 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:32:26.0000 0x1264 RasAgileVpn - ok
19:32:26.0013 0x1264 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
19:32:26.0056 0x1264 RasAuto - ok
19:32:26.0075 0x1264 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:26.0116 0x1264 Rasl2tp - ok
19:32:26.0143 0x1264 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
19:32:26.0194 0x1264 RasMan - ok
19:32:26.0210 0x1264 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:26.0251 0x1264 RasPppoe - ok
19:32:26.0270 0x1264 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:32:26.0312 0x1264 RasSstp - ok
19:32:26.0339 0x1264 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:32:26.0386 0x1264 rdbss - ok
19:32:26.0410 0x1264 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:32:26.0427 0x1264 rdpbus - ok
19:32:26.0438 0x1264 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:26.0476 0x1264 RDPCDD - ok
19:32:26.0513 0x1264 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:32:26.0555 0x1264 RDPDR - ok
19:32:26.0578 0x1264 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:32:26.0617 0x1264 RDPENCDD - ok
19:32:26.0626 0x1264 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:32:26.0664 0x1264 RDPREFMP - ok
19:32:26.0694 0x1264 [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:32:26.0739 0x1264 RDPWD - ok
19:32:26.0771 0x1264 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:32:26.0787 0x1264 rdyboost - ok
19:32:26.0817 0x1264 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:32:26.0859 0x1264 RemoteAccess - ok
19:32:26.0869 0x1264 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:32:26.0913 0x1264 RemoteRegistry - ok
19:32:26.0948 0x1264 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:32:26.0993 0x1264 RpcEptMapper - ok
19:32:27.0010 0x1264 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
19:32:27.0026 0x1264 RpcLocator - ok
19:32:27.0068 0x1264 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\System32\rpcss.dll
19:32:27.0123 0x1264 RpcSs - ok
19:32:27.0137 0x1264 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:32:27.0178 0x1264 rspndr - ok
19:32:27.0207 0x1264 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:32:27.0221 0x1264 s3cap - ok
19:32:27.0227 0x1264 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs C:\Windows\system32\lsass.exe
19:32:27.0246 0x1264 SamSs - ok
19:32:27.0263 0x1264 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:32:27.0275 0x1264 sbp2port - ok
19:32:27.0297 0x1264 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:32:27.0344 0x1264 SCardSvr - ok
19:32:27.0374 0x1264 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:32:27.0411 0x1264 scfilter - ok
19:32:27.0462 0x1264 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
19:32:27.0537 0x1264 Schedule - ok
19:32:27.0568 0x1264 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:32:27.0607 0x1264 SCPolicySvc - ok
19:32:27.0626 0x1264 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:32:27.0647 0x1264 SDRSVC - ok
19:32:27.0658 0x1264 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:32:27.0696 0x1264 secdrv - ok
19:32:27.0717 0x1264 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
19:32:27.0756 0x1264 seclogon - ok
19:32:27.0787 0x1264 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
19:32:27.0828 0x1264 SENS - ok
19:32:27.0843 0x1264 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:32:27.0861 0x1264 SensrSvc - ok
19:32:27.0872 0x1264 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:32:27.0887 0x1264 Serenum - ok
19:32:27.0919 0x1264 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:32:27.0936 0x1264 Serial - ok
19:32:27.0973 0x1264 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:32:27.0988 0x1264 sermouse - ok
19:32:28.0034 0x1264 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
19:32:28.0075 0x1264 SessionEnv - ok
19:32:28.0098 0x1264 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:32:28.0114 0x1264 sffdisk - ok
19:32:28.0128 0x1264 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:32:28.0143 0x1264 sffp_mmc - ok
19:32:28.0154 0x1264 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:32:28.0171 0x1264 sffp_sd - ok
19:32:28.0190 0x1264 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:32:28.0205 0x1264 sfloppy - ok
19:32:28.0248 0x1264 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:32:28.0298 0x1264 SharedAccess - ok
19:32:28.0334 0x1264 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:32:28.0384 0x1264 ShellHWDetection - ok
19:32:28.0412 0x1264 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:32:28.0423 0x1264 SiSRaid2 - ok
19:32:28.0451 0x1264 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:32:28.0463 0x1264 SiSRaid4 - ok
19:32:28.0513 0x1264 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:32:28.0554 0x1264 Smb - ok
19:32:28.0590 0x1264 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:32:28.0607 0x1264 SNMPTRAP - ok
19:32:28.0618 0x1264 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
19:32:28.0629 0x1264 spldr - ok
19:32:28.0659 0x1264 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
19:32:28.0717 0x1264 Spooler - ok
19:32:28.0841 0x1264 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
19:32:28.0989 0x1264 sppsvc - ok
19:32:29.0020 0x1264 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:32:29.0061 0x1264 sppuinotify - ok
19:32:29.0100 0x1264 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:32:29.0128 0x1264 srv - ok
19:32:29.0158 0x1264 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:32:29.0186 0x1264 srv2 - ok
19:32:29.0207 0x1264 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:32:29.0226 0x1264 srvnet - ok
19:32:29.0269 0x1264 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:32:29.0314 0x1264 SSDPSRV - ok
19:32:29.0322 0x1264 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:32:29.0369 0x1264 SstpSvc - ok
19:32:29.0415 0x1264 [ A97BFF59B3B983FDBDCD8AE6CF3C1E2D, 2FE0401BA152E856495902939F34F391D5572A7B6EBD340D114D08AC280F713B ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
19:32:29.0429 0x1264 ssudmdm - ok
19:32:29.0502 0x1264 [ B52021C841D8BE6F5A0196D6CEE054F5, D3CC582E8AF2DD6074A6E8489FDC0EDC11E21D5C18F6BE41FB763377B858BEF7 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
19:32:29.0523 0x1264 Stereo Service - ok
19:32:29.0538 0x1264 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:32:29.0549 0x1264 stexstor - ok
19:32:29.0595 0x1264 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
19:32:29.0635 0x1264 stisvc - ok
19:32:29.0670 0x1264 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:32:29.0681 0x1264 storflt - ok
19:32:29.0717 0x1264 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
19:32:29.0732 0x1264 StorSvc - ok
19:32:29.0772 0x1264 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:32:29.0783 0x1264 storvsc - ok
19:32:29.0798 0x1264 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
19:32:29.0809 0x1264 swenum - ok
19:32:29.0835 0x1264 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
19:32:29.0892 0x1264 swprv - ok
19:32:29.0978 0x1264 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
19:32:30.0067 0x1264 SysMain - ok
19:32:30.0102 0x1264 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:32:30.0127 0x1264 TabletInputService - ok
19:32:30.0159 0x1264 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:32:30.0209 0x1264 TapiSrv - ok
19:32:30.0236 0x1264 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
19:32:30.0277 0x1264 TBS - ok
19:32:30.0363 0x1264 [ F0E98C00A09FDF791525829A1D14240F, 4C3D96B1BE73A8B8FFCAA73DB5B33A84E30D076F2F737C65F33F52E1D9DCF38F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:32:30.0429 0x1264 Tcpip - ok
19:32:30.0507 0x1264 [ F0E98C00A09FDF791525829A1D14240F, 4C3D96B1BE73A8B8FFCAA73DB5B33A84E30D076F2F737C65F33F52E1D9DCF38F ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:32:30.0568 0x1264 TCPIP6 - ok
19:32:30.0598 0x1264 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:32:30.0636 0x1264 tcpipreg - ok
19:32:30.0651 0x1264 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:32:30.0692 0x1264 TDPIPE - ok
19:32:30.0722 0x1264 [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:32:30.0760 0x1264 TDTCP - ok
19:32:30.0792 0x1264 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:32:30.0832 0x1264 tdx - ok
19:32:30.0845 0x1264 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
19:32:30.0857 0x1264 TermDD - ok
19:32:30.0912 0x1264 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
19:32:30.0971 0x1264 TermService - ok
19:32:30.0990 0x1264 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
19:32:31.0011 0x1264 Themes - ok
19:32:31.0040 0x1264 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
19:32:31.0088 0x1264 THREADORDER - ok
19:32:31.0112 0x1264 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
19:32:31.0156 0x1264 TrkWks - ok
19:32:31.0195 0x1264 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:32:31.0238 0x1264 TrustedInstaller - ok
19:32:31.0259 0x1264 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:32:31.0297 0x1264 tssecsrv - ok
19:32:31.0324 0x1264 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:32:31.0339 0x1264 TsUsbFlt - ok
19:32:31.0380 0x1264 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:32:31.0424 0x1264 tunnel - ok
19:32:31.0439 0x1264 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:32:31.0452 0x1264 uagp35 - ok
19:32:31.0482 0x1264 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:32:31.0529 0x1264 udfs - ok
19:32:31.0552 0x1264 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:32:31.0570 0x1264 UI0Detect - ok
19:32:31.0600 0x1264 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:32:31.0612 0x1264 uliagpkx - ok
19:32:31.0634 0x1264 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
19:32:31.0653 0x1264 umbus - ok
19:32:31.0671 0x1264 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:32:31.0686 0x1264 UmPass - ok
19:32:31.0708 0x1264 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
19:32:31.0731 0x1264 UmRdpService - ok
19:32:31.0755 0x1264 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
19:32:31.0806 0x1264 upnphost - ok
19:32:31.0849 0x1264 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A, DE1CDDEEF2285CC8387E88ACB13C000576DC8819DF6DC648C988068B5C83BB15 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:32:31.0871 0x1264 usbaudio - ok
19:32:31.0888 0x1264 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829, 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:32:31.0906 0x1264 usbccgp - ok
19:32:31.0945 0x1264 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:32:31.0965 0x1264 usbcir - ok
19:32:31.0982 0x1264 [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:32:31.0998 0x1264 usbehci - ok
19:32:32.0022 0x1264 [ DC96BD9CCB8403251BCF25047573558E, 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:32:32.0059 0x1264 usbhub - ok
19:32:32.0074 0x1264 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:32:32.0089 0x1264 usbohci - ok
19:32:32.0116 0x1264 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:32:32.0134 0x1264 usbprint - ok
19:32:32.0161 0x1264 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:32:32.0179 0x1264 usbscan - ok
19:32:32.0194 0x1264 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:32:32.0211 0x1264 USBSTOR - ok
19:32:32.0228 0x1264 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:32:32.0243 0x1264 usbuhci - ok
19:32:32.0287 0x1264 [ 70D05EE263568A742D14E1876DF80532, D49D7B60EE30F2398B8B532F4A4C3F17535485F2BDB9B14AB600E2A4E3F12A6B ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
19:32:32.0305 0x1264 usb_rndisx - ok
19:32:32.0324 0x1264 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
19:32:32.0365 0x1264 UxSms - ok
19:32:32.0378 0x1264 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc C:\Windows\system32\lsass.exe
19:32:32.0395 0x1264 VaultSvc - ok
19:32:32.0421 0x1264 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:32:32.0434 0x1264 vdrvroot - ok
19:32:32.0487 0x1264 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
19:32:32.0542 0x1264 vds - ok
19:32:32.0562 0x1264 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:32:32.0580 0x1264 vga - ok
19:32:32.0594 0x1264 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:32:32.0633 0x1264 VgaSave - ok
19:32:32.0659 0x1264 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:32:32.0675 0x1264 vhdmp - ok
19:32:32.0703 0x1264 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
19:32:32.0713 0x1264 viaide - ok
19:32:32.0734 0x1264 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:32:32.0750 0x1264 vmbus - ok
19:32:32.0769 0x1264 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:32:32.0784 0x1264 VMBusHID - ok
19:32:32.0804 0x1264 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:32:32.0818 0x1264 volmgr - ok
19:32:32.0847 0x1264 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:32:32.0867 0x1264 volmgrx - ok
19:32:32.0894 0x1264 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:32:32.0912 0x1264 volsnap - ok
19:32:32.0960 0x1264 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:32:32.0974 0x1264 vsmraid - ok
19:32:33.0044 0x1264 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
19:32:33.0146 0x1264 VSS - ok
19:32:33.0169 0x1264 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:32:33.0187 0x1264 vwifibus - ok
19:32:33.0222 0x1264 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
19:32:33.0274 0x1264 W32Time - ok
19:32:33.0290 0x1264 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:32:33.0306 0x1264 WacomPen - ok
19:32:33.0351 0x1264 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:32:33.0394 0x1264 WANARP - ok
19:32:33.0402 0x1264 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:32:33.0441 0x1264 Wanarpv6 - ok
19:32:33.0511 0x1264 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
19:32:33.0574 0x1264 wbengine - ok
19:32:33.0595 0x1264 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:32:33.0622 0x1264 WbioSrvc - ok
19:32:33.0646 0x1264 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:32:33.0681 0x1264 wcncsvc - ok
19:32:33.0699 0x1264 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:32:33.0717 0x1264 WcsPlugInService - ok
19:32:33.0733 0x1264 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:32:33.0745 0x1264 Wd - ok
19:32:33.0784 0x1264 [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:32:33.0812 0x1264 Wdf01000 - ok
19:32:33.0831 0x1264 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:32:33.0855 0x1264 WdiServiceHost - ok
19:32:33.0862 0x1264 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:32:33.0885 0x1264 WdiSystemHost - ok
19:32:33.0917 0x1264 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
19:32:33.0946 0x1264 WebClient - ok
19:32:33.0970 0x1264 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:32:34.0020 0x1264 Wecsvc - ok
19:32:34.0028 0x1264 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:32:34.0072 0x1264 wercplsupport - ok
19:32:34.0090 0x1264 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
19:32:34.0132 0x1264 WerSvc - ok
19:32:34.0161 0x1264 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:32:34.0199 0x1264 WfpLwf - ok
19:32:34.0218 0x1264 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:32:34.0229 0x1264 WIMMount - ok
19:32:34.0245 0x1264 WinDefend - ok
19:32:34.0264 0x1264 WinHttpAutoProxySvc - ok
19:32:34.0317 0x1264 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:32:34.0367 0x1264 Winmgmt - ok
19:32:34.0449 0x1264 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
19:32:34.0550 0x1264 WinRM - ok
19:32:34.0605 0x1264 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:32:34.0623 0x1264 WinUsb - ok
19:32:34.0672 0x1264 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:32:34.0721 0x1264 Wlansvc - ok
19:32:34.0760 0x1264 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:32:34.0775 0x1264 WmiAcpi - ok
19:32:34.0804 0x1264 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:32:34.0825 0x1264 wmiApSrv - ok
19:32:34.0834 0x1264 WMPNetworkSvc - ok
19:32:34.0849 0x1264 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:32:34.0865 0x1264 WPCSvc - ok
19:32:34.0892 0x1264 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:32:34.0913 0x1264 WPDBusEnum - ok
19:32:34.0938 0x1264 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:32:34.0980 0x1264 ws2ifsl - ok
19:32:35.0002 0x1264 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
19:32:35.0026 0x1264 wscsvc - ok
19:32:35.0031 0x1264 WSearch - ok
19:32:35.0136 0x1264 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
19:32:35.0219 0x1264 wuauserv - ok
19:32:35.0248 0x1264 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:32:35.0287 0x1264 WudfPf - ok
19:32:35.0316 0x1264 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:32:35.0358 0x1264 WUDFRd - ok
19:32:35.0390 0x1264 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:32:35.0430 0x1264 wudfsvc - ok
19:32:35.0451 0x1264 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:32:35.0482 0x1264 WwanSvc - ok
19:32:35.0506 0x1264 ================ Scan global ===============================
19:32:35.0527 0x1264 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:32:35.0558 0x1264 [ EB6A48CC998E1090E44E8E7F1009A640, 94001F8AEB2A398E7C267C90183ABED2AFA6FC4C219027C861C6C1329093464A ] C:\Windows\system32\winsrv.dll
19:32:35.0574 0x1264 [ EB6A48CC998E1090E44E8E7F1009A640, 94001F8AEB2A398E7C267C90183ABED2AFA6FC4C219027C861C6C1329093464A ] C:\Windows\system32\winsrv.dll
19:32:35.0601 0x1264 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:32:35.0634 0x1264 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:32:35.0643 0x1264 [ Global ] - ok
19:32:35.0644 0x1264 ================ Scan MBR ==================================
19:32:35.0661 0x1264 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:32:35.0877 0x1264 \Device\Harddisk0\DR0 - ok
19:32:35.0881 0x1264 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:32:35.0996 0x1264 \Device\Harddisk1\DR1 - ok
19:32:35.0996 0x1264 ================ Scan VBR ==================================
19:32:36.0001 0x1264 [ 8BA252624D48A9E6794CE52FC1226443 ] \Device\Harddisk0\DR0\Partition1
19:32:36.0002 0x1264 \Device\Harddisk0\DR0\Partition1 - ok
19:32:36.0008 0x1264 [ 08781F7921DEB7829810AE29D20F8CFF ] \Device\Harddisk0\DR0\Partition2
19:32:36.0009 0x1264 \Device\Harddisk0\DR0\Partition2 - ok
19:32:36.0015 0x1264 [ 02701C1B71E9B6FB432D734B64B05B4F ] \Device\Harddisk0\DR0\Partition3
19:32:36.0016 0x1264 \Device\Harddisk0\DR0\Partition3 - ok
19:32:36.0022 0x1264 [ DCC752F2D4FA20F897D35AB96EF15F67 ] \Device\Harddisk0\DR0\Partition4
19:32:36.0024 0x1264 \Device\Harddisk0\DR0\Partition4 - ok
19:32:36.0029 0x1264 [ 7F40C290686CCC3A37206DC7C08FD23C ] \Device\Harddisk1\DR1\Partition1
19:32:36.0031 0x1264 \Device\Harddisk1\DR1\Partition1 - ok
19:32:36.0037 0x1264 [ 6CEF27D8C894A09A503BB2926F82ACD9 ] \Device\Harddisk1\DR1\Partition2
19:32:36.0038 0x1264 \Device\Harddisk1\DR1\Partition2 - ok
19:32:36.0043 0x1264 [ FC2894A4DA7F7885E993A8787DC92442 ] \Device\Harddisk1\DR1\Partition3
19:32:36.0060 0x1264 \Device\Harddisk1\DR1\Partition3 - ok
19:32:36.0060 0x1264 ================ Scan generic autorun ======================
19:32:36.0170 0x1264 [ 51B634D617073986FA73417318F7C121, CAB64175383F501FA515D335167334D7F2147F0889E5052484AA1FF866C6F8CF ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
19:32:36.0194 0x1264 AdobeAAMUpdater-1.0 - ok
19:32:36.0298 0x1264 [ 94A8196066774252DF015EEDF02CCA44, AD2DFDA427E3CCB5C8404F0AFAFE71C64B862D2E26A67E1BFC2B40738FD0B873 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
19:32:36.0371 0x1264 NvBackend - ok
19:32:36.0433 0x1264 [ 901AA7A38CE13F14B6BBEC38C0595698, 1E95F2048E2A1782807D52E9816ED267355718E24D01FF07ACE73D965EDE388A ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
19:32:36.0443 0x1264 BCSSync - ok
19:32:36.0471 0x1264 [ F8DBB32041336A94C676E6B70F759993, 5DD10E2696616F18A88526B06899C1874243BF2BF674F19C86228B975BCD9C1E ] C:\Program Files (x86)\QuickTime\qttask.exe
19:32:36.0478 0x1264 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
19:32:36.0479 0x1264 QuickTime Task ( UnsignedFile.Multi.Generic ) - warning
19:32:36.0531 0x1264 [ 6D313E4121365B2ABEED5A93F9B197E5, 94CDAD27F1A362A23F6CE0D65881EB8753B7A3744DE127022DB77B4459EE1FD6 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
19:32:36.0554 0x1264 SunJavaUpdateSched - ok
19:32:36.0626 0x1264 [ 84BFA134292210F7898C28D4C3B47E90, 3BBB713BCEB9D40167E9184284A9A6DBC8E7ED245AF210122E670BA528E1E123 ] C:\Program Files (x86)\SCSI Host\scsihost.exe
19:32:36.0682 0x1264 SCSI Host - detected UnsignedFile.Multi.Generic ( 1 )
19:32:36.0683 0x1264 SCSI Host ( UnsignedFile.Multi.Generic ) - warning
19:32:36.0683 0x1264 Force sending object to P2P due to detect: C:\Program Files (x86)\SCSI Host\scsihost.exe
19:32:36.0690 0x1264 Object send P2P result: false
19:32:36.0883 0x1264 [ C1021E7009C2A47BBD5D37A2C2579FF6, 5E93B4B77F3E17E3CEAA563E3063B446AB0D63E3335D2B21F5747E3CEAA880BE ] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
19:32:37.0009 0x1264 Rainlendar2 - ok
19:32:37.0752 0x1264 [ A70E699E0B0DD9C2B3B35E9A8167F903, 6CC7AFFEED646AA9C46C709C8B36751CA9EBCDDC70438ECE1D1328E6C1A02421 ] C:\Program Files\CCleaner\CCleaner64.exe
19:32:37.0995 0x1264 CCleaner Monitoring - ok
19:32:38.0015 0x1264 StartOn arrangeQueue->Count()Wizard - ok
19:32:38.0020 0x1264 StartOn cs->itemsWizard - ok
19:32:38.0435 0x1264 [ 60677791FA3336FCDDCB3A96C42BCB92, 3D7F8BDCEE42C288B5946C0DFE35C0DBA31D9454DF2E8812B2CEEE3F10D01BA8 ] C:\Users\m\AppData\Local\Temp\TranscendElite\TranscendElite.exe
19:32:38.0723 0x1264 StartOn With Windows - detected UnsignedFile.Multi.Generic ( 1 )
19:32:38.0724 0x1264 StartOn With Windows ( UnsignedFile.Multi.Generic ) - warning
19:32:38.0782 0x1264 [ 2C16CF611C87FAB86B287CFFBA91B647, 98A67AD02F8D49726D09E3C8BB83DE4C1ABF46874D43DB62C494EC92C693CE6C ] C:\Windows\SysWOW64\MASetupCleaner.exe
19:32:38.0789 0x1264 DeleteMarkAny - detected UnsignedFile.Multi.Generic ( 1 )
19:32:38.0789 0x1264 DeleteMarkAny ( UnsignedFile.Multi.Generic ) - warning
19:32:38.0809 0x1264 Report - ok
19:32:38.0959 0x1264 [ C1021E7009C2A47BBD5D37A2C2579FF6, 5E93B4B77F3E17E3CEAA563E3063B446AB0D63E3335D2B21F5747E3CEAA880BE ] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
19:32:39.0082 0x1264 Rainlendar2 - ok
19:32:39.0775 0x1264 [ A70E699E0B0DD9C2B3B35E9A8167F903, 6CC7AFFEED646AA9C46C709C8B36751CA9EBCDDC70438ECE1D1328E6C1A02421 ] C:\Program Files\CCleaner\CCleaner64.exe
19:32:40.0018 0x1264 CCleaner Monitoring - ok
19:32:40.0064 0x1264 Win FW state via NFP2: enabled ( trusted )
19:32:40.0064 0x1264 ============================================================
19:32:40.0065 0x1264 Scan finished
19:32:40.0065 0x1264 ============================================================
19:32:40.0077 0x03c4 Detected object count: 5
19:32:40.0077 0x03c4 Actual detected object count: 5
19:33:35.0527 0x03c4 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0527 0x03c4 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:35.0531 0x03c4 QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0531 0x03c4 QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:35.0533 0x03c4 SCSI Host ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0533 0x03c4 SCSI Host ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:35.0536 0x03c4 StartOn With Windows ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0536 0x03c4 StartOn With Windows ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:35.0538 0x03c4 DeleteMarkAny ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:35.0538 0x03c4 DeleteMarkAny ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
14.12.2016, 20:20
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50% CPU usage wenn idle... Anleitung von MBAR richtig lesen => richtiges Logfile posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.12.2016, 08:21
| #25 |
| | 50% CPU usage wenn idle...Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2014.11.18.05
rootkit: v2014.11.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Teng :: SATAN [administrator]
15.12.2016 07:38:19
mbar-log-2016-12-15 (07-38-19).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 385841
Time elapsed: 16 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
15.12.2016, 09:05
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50% CPU usage wenn idle...Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.12.2016, 10:31
| #27 |
| | 50% CPU usage wenn idle... Wie gesagt, das Programm kann sich nicht verbinden, daher auch kein Update. |
|
15.12.2016, 12:00
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50% CPU usage wenn idle... Ich dachte das haut mittlerweile hin  Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.12.2016, 12:16
| #29 |
| | 50% CPU usage wenn idle... nein, leider nicht. mein rechner macht aber schon von beginn an sperenzchen. windows update funktioniert auch nicht. habe irgendwie darunter noch ne alte xp-installation, dadurch scheint es komische konflikte zu geben. denke ich als laie, ich habe eigentlich gar keine ahnung  |
|
15.12.2016, 13:13
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50% CPU usage wenn idle... Bei soviel Altlasten sollte man dann auch mal einfach von vorn anfangen und das System komplett flachmachen und neu installieren. Man könnte sogar mal Windows 10 ausprobieren. Für großartige Spiele taugt diese Kiste aber wohl nicht mehr, dann kann man auch genauso gut ein Ubuntu MATE oder ein andere aktuelles Linux nehmen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu 50% CPU usage wenn idle... |
| 50% cpu, angeblich, coin-miner, cpu, gefunde, gelöscht, glaube, hilfe, hilfe!, malwarebytes, nicht, nicht mehr, wirklich |
Linear-Darstellung
