Dobrý den, prosím o kontrolu, pravděpodobně jsem si natahal do PC spoustu havěti, děkuji
Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-01-19 09:56:24
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 51 GB (67%) free of 76 GB
Total RAM: 1015 MB (17% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:46, on 19.1.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
C:\Users\Admin\AppData\Local\mbot_nl_014010212\upmbot_nl_014010212.exe
C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\QQPCNetFlow.exe
C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRealTimeSpeedup.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMChExt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=94493384_hao_pg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=94493384_hao_pg
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe" /regrun
O4 - HKLM\..\RunOnce: [upmbot_nl_014010212.exe] C:\Users\Admin\AppData\Local\mbot_nl_014010212\upmbot_nl_014010212.exe -runonce
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: QQPCMgr RTP Service (QQPCRTP) - Tencent - C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
O23 - Service: TAOFrame - Tencent - C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TAOFrame.exe
O23 - Service: Free Space Decimal Point (wucotusy) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Bracket Draft (xyqygolizbt) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Replicate Exit (zutuzuni) - Unknown owner - C:\Program.exe (file missing)
--
End of file - 5134 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22 172968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 974432]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
" QQPCTray"=C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe [2016-01-19 355296]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"upmbot_nl_014010212.exe"=C:\Users\Admin\AppData\Local\mbot_nl_014010212\upmbot_nl_014010212.exe [2016-01-19 3275952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20 1021128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Speed Launcher]
1418377822 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gupdate]
C:\Program Files\Company\gupdate\gupdate.exe [2016-01-19 79812]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsas]
C:\Program Files\t_201601190914\201601190914\lsas.exe [2016-01-19 557184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mbot_nl_014010212]
C:\Program Files\mbot_nl_014010212\mbot_nl_014010212.exe [2016-01-19 3955888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MTview]
C:\Program Files\MTV20151125\MTView.exe [2015-11-25 1875464]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
C:\Users\Admin\AppData\Local\Temp\setup.exe [2016-01-19 1922048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\QQPCRTP]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-01-19 09:56:24 ----D---- C:\rsit
2016-01-19 09:56:24 ----D---- C:\Program Files\trend micro
2016-01-19 09:46:25 ----A---- C:\Windows\system32\drivers\TS888.sys
2016-01-19 09:26:00 ----D---- C:\ProgramData\TXQMPC
2016-01-19 09:21:22 ----A---- C:\Windows\system32\drivers\TAOAccelerator.sys
2016-01-19 09:21:18 ----A---- C:\Windows\system32\drivers\TSDefenseBt.sys
2016-01-19 09:20:09 ----A---- C:\Windows\system32\TSSK.sys
2016-01-19 09:19:51 ----A---- C:\Windows\system32\drivers\TAOKernel.sys
2016-01-19 09:19:15 ----A---- C:\Windows\system32\drivers\TFsFlt.sys
2016-01-19 09:19:14 ----D---- C:\Program Files\Common Files\Tencent
2016-01-19 09:19:10 ----A---- C:\Windows\system32\drivers\TsFltMgr.sys
2016-01-19 09:16:30 ----D---- C:\Users\Admin\AppData\Roaming\Tencent
2016-01-19 09:16:30 ----D---- C:\Program Files\Tencent
2016-01-19 09:16:16 ----D---- C:\ProgramData\Tencent
2016-01-19 09:14:57 ----D---- C:\Program Files\t_201601190914
2016-01-19 09:14:21 ----D---- C:\Program Files\MTV20151125
2016-01-19 09:12:47 ----D---- C:\Users\Admin\AppData\Roaming\ASPackage
2016-01-19 09:12:47 ----D---- C:\Program Files\1115D9D5-1453191167-11DA-BBDA-35A1EF370016
2016-01-19 09:08:16 ----D---- C:\Users\Admin\AppData\Roaming\Opera Software
2016-01-19 09:06:47 ----D---- C:\Program Files\Opera
2016-01-19 09:06:37 ----RASH---- C:\MSDOS.SYS
2016-01-19 09:06:37 ----RASH---- C:\IO.SYS
2016-01-19 09:06:11 ----D---- C:\Users\Admin\AppData\Roaming\omniboxes
2016-01-19 09:05:26 ----D---- C:\Program Files\Company
2016-01-19 09:05:05 ----D---- C:\Program Files\mbot_nl_014010212
2016-01-11 12:53:05 ----D---- C:\Users\Admin\AppData\Roaming\29669
2016-01-11 12:46:32 ----D---- C:\e0e7bd8d32d602af25
======List of files/folders modified in the last 1 month======
2016-01-19 09:56:25 ----D---- C:\Windows\Temp
2016-01-19 09:56:24 ----RD---- C:\Program Files
2016-01-19 09:52:45 ----D---- C:\Windows\System32
2016-01-19 09:52:45 ----D---- C:\Windows\inf
2016-01-19 09:52:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-01-19 09:50:04 ----D---- C:\Windows\system32\Tasks
2016-01-19 09:46:25 ----D---- C:\Windows\system32\drivers
2016-01-19 09:45:37 ----D---- C:\Windows
2016-01-19 09:26:00 ----HD---- C:\ProgramData
2016-01-19 09:23:01 ----D---- C:\Windows\Prefetch
2016-01-19 09:20:20 ----RSD---- C:\Windows\Fonts
2016-01-19 09:19:14 ----D---- C:\Program Files\Common Files
2016-01-19 09:14:20 ----D---- C:\Windows\system32\drivers\etc
2016-01-18 12:10:17 ----SHD---- C:\System Volume Information
2016-01-14 08:32:36 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-01-14 08:19:30 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2016-01-14 07:39:08 ----D---- C:\Windows\system32\NDF
2016-01-11 12:49:24 ----D---- C:\Windows\system32\catroot2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 231800]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 QMIEProtect;QMIEProtect; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMIEProtect.sys [2016-01-12 50488]
R1 QMUdisk;tencent QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUdisk.sys [2016-01-19 62392]
R1 TAOKernelDriver;Tencent TAO kernel driver.; C:\Windows\System32\Drivers\TAOKernel.sys [2016-01-19 138552]
R1 TSDefenseBt;TSDefenseBt; C:\Windows\system32\DRIVERS\TSDefenseBt.sys [2016-01-19 14008]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 TAOAccelerator;Tencent TAOAccelerator driver.; \??\C:\Windows\system32\Drivers\TAOAccelerator.sys [2016-01-19 82008]
R3 TFsFlt;TFsFlt; C:\Windows\system32\Drivers\TFsFlt.sys [2016-01-19 150072]
R3 TS888;TS888; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TS888.sys [2016-01-19 30392]
S0 TsFltMgr;tencent TsFltMgr; C:\Windows\system32\drivers\TsFltMgr.sys [2016-01-14 128280]
S1 TSKSP;TSKSP; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TSKsp.sys [2016-01-19 209304]
S1 TSSysKit;TSSysKit; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TSSysKit.sys [2016-01-19 101560]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S2 QQSysMon;QQSysMon; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQSysMon.sys [2016-01-19 108984]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TSSK;TSSK; C:\Windows\System32\tssk.sys [2016-01-19 67896]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 22192]
R2 wucotusy;Free Space Decimal Point; C:\Program Files\1115D9D5-1453191167-11DA-BBDA-35A1EF370016\hnsw7110.tmp [2016-01-19 416256]
R2 xyqygolizbt;Bracket Draft; C:\Program Files\1115D9D5-1453191167-11DA-BBDA-35A1EF370016\knsf399D.tmpfs [2016-01-19 208384]
R2 zutuzuni;Replicate Exit; C:\Program Files\1115D9D5-1453191167-11DA-BBDA-35A1EF370016\jnsh596F.tmp [2016-01-19 307712]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-14 144200]
S2 QQPCRTP;QQPCMgr RTP Service; C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe [2016-01-19 301728]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-14 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-14 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 102912]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TAOFrame;TAOFrame; C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TAOFrame.exe [2016-01-19 293856]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-13 1343400]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrla
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: kontrla
ahoj,
prescanuj s TDSSKiller
prescanuj s TDSSKiller
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: kontrla
mbam neco nasel, tdsskiller nic, problem je tu porad, spousti se nejaka cinska okna..
Re: kontrla
Vloz aktualny log frst
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: kontrla
tady je log z tdsskiller
10:41:50.0557 0x028c TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
10:41:54.0579 0x028c ============================================================
10:41:54.0579 0x028c Current date / time: 2016/01/19 10:41:54.0579
10:41:54.0579 0x028c SystemInfo:
10:41:54.0579 0x028c
10:41:54.0579 0x028c OS Version: 6.1.7601 ServicePack: 1.0
10:41:54.0580 0x028c Product type: Workstation
10:41:54.0580 0x028c ComputerName: ADMINHPC-PC
10:41:54.0580 0x028c UserName: Admin
10:41:54.0580 0x028c Windows directory: C:\Windows
10:41:54.0580 0x028c System windows directory: C:\Windows
10:41:54.0580 0x028c Processor architecture: Intel x86
10:41:54.0581 0x028c Number of processors: 2
10:41:54.0581 0x028c Page size: 0x1000
10:41:54.0581 0x028c Boot type: Normal boot
10:41:54.0581 0x028c ============================================================
10:41:58.0835 0x028c KLMD registered as C:\Windows\system32\drivers\42229146.sys
10:42:02.0260 0x028c System UUID: {72468CB9-0C70-61D0-6EC1-F310679A688F}
10:42:05.0355 0x028c Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:42:05.0495 0x028c ============================================================
10:42:05.0495 0x028c \Device\Harddisk0\DR0:
10:42:05.0495 0x028c MBR partitions:
10:42:05.0495 0x028c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:42:05.0495 0x028c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
10:42:05.0495 0x028c ============================================================
10:42:05.0524 0x028c C: <-> \Device\Harddisk0\DR0\Partition2
10:42:05.0644 0x028c ============================================================
10:42:05.0644 0x028c Initialize success
10:42:05.0645 0x028c ============================================================
10:42:09.0316 0x085c ============================================================
10:42:09.0317 0x085c Scan started
10:42:09.0317 0x085c Mode: Manual;
10:42:09.0317 0x085c ============================================================
10:42:09.0317 0x085c KSN ping started
10:42:14.0435 0x085c KSN ping finished: true
10:42:15.0282 0x085c ================ Scan system memory ========================
10:42:15.0282 0x085c System memory - ok
10:42:15.0283 0x085c ================ Scan services =============================
10:42:15.0568 0x085c [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:42:15.0615 0x085c 1394ohci - ok
10:42:15.0763 0x085c [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:42:15.0806 0x085c ACPI - ok
10:42:15.0834 0x085c [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:42:15.0878 0x085c AcpiPmi - ok
10:42:15.0966 0x085c [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:42:15.0971 0x085c AdobeARMservice - ok
10:42:16.0116 0x085c [ 84DB0A40692CF8A58D1E3710FA5D121F, 0C29C59CAF056C79F56957DB06A8CF480D5BD7BDF6A4F0E9A72653806CF154D0 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:42:16.0126 0x085c AdobeFlashPlayerUpdateSvc - ok
10:42:16.0187 0x085c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:42:16.0238 0x085c adp94xx - ok
10:42:16.0264 0x085c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:42:16.0295 0x085c adpahci - ok
10:42:16.0327 0x085c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:42:16.0381 0x085c adpu320 - ok
10:42:16.0420 0x085c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:42:16.0436 0x085c AeLookupSvc - ok
10:42:16.0500 0x085c [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
10:42:16.0543 0x085c AFD - ok
10:42:16.0570 0x085c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
10:42:16.0615 0x085c agp440 - ok
10:42:16.0643 0x085c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:42:16.0685 0x085c aic78xx - ok
10:42:16.0712 0x085c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
10:42:16.0718 0x085c ALG - ok
10:42:16.0748 0x085c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
10:42:16.0762 0x085c aliide - ok
10:42:16.0790 0x085c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:42:16.0793 0x085c amdagp - ok
10:42:16.0817 0x085c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
10:42:16.0849 0x085c amdide - ok
10:42:16.0869 0x085c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:42:16.0896 0x085c AmdK8 - ok
10:42:16.0909 0x085c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:42:16.0974 0x085c AmdPPM - ok
10:42:17.0007 0x085c [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:42:17.0023 0x085c amdsata - ok
10:42:17.0053 0x085c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:42:17.0104 0x085c amdsbs - ok
10:42:17.0150 0x085c [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:42:17.0165 0x085c amdxata - ok
10:42:17.0202 0x085c [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
10:42:17.0235 0x085c AppID - ok
10:42:17.0272 0x085c [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:42:17.0276 0x085c AppIDSvc - ok
10:42:17.0311 0x085c [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
10:42:17.0314 0x085c Appinfo - ok
10:42:17.0356 0x085c [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:42:17.0374 0x085c AppMgmt - ok
10:42:17.0410 0x085c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
10:42:17.0469 0x085c arc - ok
10:42:17.0486 0x085c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:42:17.0525 0x085c arcsas - ok
10:42:17.0626 0x085c [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:42:17.0683 0x085c aspnet_state - ok
10:42:17.0712 0x085c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:42:17.0733 0x085c AsyncMac - ok
10:42:17.0760 0x085c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
10:42:17.0819 0x085c atapi - ok
10:42:17.0876 0x085c [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:42:17.0912 0x085c AudioEndpointBuilder - ok
10:42:17.0943 0x085c [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:42:17.0964 0x085c Audiosrv - ok
10:42:18.0007 0x085c [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:42:18.0013 0x085c AxInstSV - ok
10:42:18.0101 0x085c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
10:42:18.0142 0x085c b06bdrv - ok
10:42:18.0193 0x085c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:42:18.0242 0x085c b57nd60x - ok
10:42:18.0268 0x085c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
10:42:18.0274 0x085c BDESVC - ok
10:42:18.0291 0x085c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
10:42:18.0312 0x085c Beep - ok
10:42:18.0373 0x085c [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
10:42:18.0407 0x085c BFE - ok
10:42:18.0569 0x085c [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\system32\qmgr.dll
10:42:18.0644 0x085c BITS - ok
10:42:18.0701 0x085c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:42:18.0742 0x085c blbdrive - ok
10:42:18.0775 0x085c [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:42:18.0780 0x085c bowser - ok
10:42:18.0802 0x085c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:42:18.0841 0x085c BrFiltLo - ok
10:42:18.0868 0x085c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:42:18.0884 0x085c BrFiltUp - ok
10:42:18.0910 0x085c [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:42:18.0934 0x085c BridgeMP - ok
10:42:18.0975 0x085c [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
10:42:19.0003 0x085c Browser - ok
10:42:19.0042 0x085c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:42:19.0084 0x085c Brserid - ok
10:42:19.0116 0x085c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:42:19.0130 0x085c BrSerWdm - ok
10:42:19.0154 0x085c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:42:19.0165 0x085c BrUsbMdm - ok
10:42:19.0187 0x085c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:42:19.0199 0x085c BrUsbSer - ok
10:42:19.0210 0x085c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:42:19.0231 0x085c BTHMODEM - ok
10:42:19.0286 0x085c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
10:42:19.0305 0x085c bthserv - ok
10:42:19.0500 0x085c catchme - ok
10:42:19.0534 0x085c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:42:19.0582 0x085c cdfs - ok
10:42:19.0634 0x085c [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:42:19.0812 0x085c cdrom - ok
10:42:19.0835 0x085c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
10:42:19.0841 0x085c CertPropSvc - ok
10:42:19.0860 0x085c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
10:42:19.0875 0x085c circlass - ok
10:42:19.0915 0x085c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
10:42:19.0931 0x085c CLFS - ok
10:42:20.0001 0x085c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:42:20.0012 0x085c clr_optimization_v2.0.50727_32 - ok
10:42:20.0051 0x085c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:42:20.0151 0x085c clr_optimization_v4.0.30319_32 - ok
10:42:20.0177 0x085c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:42:20.0213 0x085c CmBatt - ok
10:42:20.0238 0x085c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:42:20.0253 0x085c cmdide - ok
10:42:20.0318 0x085c [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
10:42:20.0343 0x085c CNG - ok
10:42:20.0359 0x085c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:42:20.0375 0x085c Compbatt - ok
10:42:20.0404 0x085c [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:42:20.0417 0x085c CompositeBus - ok
10:42:20.0439 0x085c COMSysApp - ok
10:42:20.0462 0x085c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:42:20.0465 0x085c crcdisk - ok
10:42:20.0511 0x085c [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:42:20.0529 0x085c CryptSvc - ok
10:42:20.0573 0x085c [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
10:42:20.0618 0x085c CSC - ok
10:42:20.0743 0x085c [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
10:42:20.0772 0x085c CscService - ok
10:42:20.0832 0x085c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
10:42:20.0875 0x085c DcomLaunch - ok
10:42:20.0913 0x085c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
10:42:20.0948 0x085c defragsvc - ok
10:42:20.0982 0x085c [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:42:21.0030 0x085c DfsC - ok
10:42:21.0080 0x085c [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:42:21.0155 0x085c Dhcp - ok
10:42:21.0181 0x085c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
10:42:21.0209 0x085c discache - ok
10:42:21.0250 0x085c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
10:42:21.0259 0x085c Disk - ok
10:42:21.0302 0x085c [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:42:21.0348 0x085c dmvsc - ok
10:42:21.0380 0x085c [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:42:21.0430 0x085c Dnscache - ok
10:42:21.0472 0x085c [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
10:42:21.0521 0x085c dot3svc - ok
10:42:21.0548 0x085c [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
10:42:21.0607 0x085c DPS - ok
10:42:21.0650 0x085c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:42:21.0708 0x085c drmkaud - ok
10:42:21.0772 0x085c [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:42:21.0833 0x085c DXGKrnl - ok
10:42:21.0870 0x085c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
10:42:21.0887 0x085c EapHost - ok
10:42:22.0127 0x085c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
10:42:22.0342 0x085c ebdrv - ok
10:42:22.0410 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
10:42:22.0422 0x085c EFS - ok
10:42:22.0679 0x085c [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:42:22.0724 0x085c ehRecvr - ok
10:42:22.0761 0x085c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
10:42:22.0776 0x085c ehSched - ok
10:42:22.0838 0x085c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:42:22.0881 0x085c elxstor - ok
10:42:22.0913 0x085c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:42:22.0928 0x085c ErrDev - ok
10:42:23.0014 0x085c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
10:42:23.0056 0x085c EventSystem - ok
10:42:23.0108 0x085c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
10:42:23.0131 0x085c exfat - ok
10:42:23.0213 0x085c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:42:23.0272 0x085c fastfat - ok
10:42:23.0504 0x085c [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
10:42:23.0535 0x085c Fax - ok
10:42:23.0576 0x085c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:42:23.0623 0x085c fdc - ok
10:42:23.0655 0x085c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
10:42:23.0686 0x085c fdPHost - ok
10:42:23.0709 0x085c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
10:42:23.0739 0x085c FDResPub - ok
10:42:23.0757 0x085c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:42:23.0776 0x085c FileInfo - ok
10:42:23.0811 0x085c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:42:23.0831 0x085c Filetrace - ok
10:42:23.0851 0x085c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:42:23.0878 0x085c flpydisk - ok
10:42:23.0944 0x085c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:42:23.0960 0x085c FltMgr - ok
10:42:24.0166 0x085c [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
10:42:24.0241 0x085c FontCache - ok
10:42:24.0317 0x085c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:42:24.0341 0x085c FontCache3.0.0.0 - ok
10:42:24.0365 0x085c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:42:24.0411 0x085c FsDepends - ok
10:42:24.0444 0x085c [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:42:24.0477 0x085c Fs_Rec - ok
10:42:24.0529 0x085c [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:42:24.0571 0x085c fvevol - ok
10:42:24.0613 0x085c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:42:24.0714 0x085c gagp30kx - ok
10:42:24.0775 0x085c [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
10:42:24.0852 0x085c gpsvc - ok
10:42:24.0996 0x085c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:42:25.0018 0x085c gupdate - ok
10:42:25.0033 0x085c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:42:25.0040 0x085c gupdatem - ok
10:42:25.0072 0x085c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:42:25.0136 0x085c hcw85cir - ok
10:42:25.0195 0x085c [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:42:25.0253 0x085c HdAudAddService - ok
10:42:25.0304 0x085c [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:42:25.0325 0x085c HDAudBus - ok
10:42:25.0374 0x085c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:42:25.0386 0x085c HidBatt - ok
10:42:25.0411 0x085c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:42:25.0456 0x085c HidBth - ok
10:42:25.0504 0x085c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
10:42:25.0526 0x085c HidIr - ok
10:42:25.0579 0x085c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
10:42:25.0590 0x085c hidserv - ok
10:42:25.0630 0x085c [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:42:25.0659 0x085c HidUsb - ok
10:42:25.0691 0x085c [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
10:42:25.0702 0x085c hkmsvc - ok
10:42:25.0751 0x085c [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:42:25.0773 0x085c HomeGroupListener - ok
10:42:25.0815 0x085c [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:42:25.0829 0x085c HomeGroupProvider - ok
10:42:25.0893 0x085c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:42:25.0900 0x085c HpSAMD - ok
10:42:25.0987 0x085c [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:42:26.0030 0x085c HTTP - ok
10:42:26.0071 0x085c [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:42:26.0083 0x085c hwpolicy - ok
10:42:26.0132 0x085c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:42:26.0137 0x085c i8042prt - ok
10:42:26.0201 0x085c [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:42:26.0218 0x085c iaStorV - ok
10:42:26.0349 0x085c [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:42:26.0418 0x085c idsvc - ok
10:42:26.0509 0x085c IEEtwCollectorService - ok
10:42:27.0104 0x085c [ 9467514EA189475A6E7FDC5D7BDE9D3F, E6F5B99BF6B614832770F9310B06334A8174C7660DDEC7589433640527A14683 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
10:42:27.0366 0x085c igfx - ok
10:42:27.0425 0x085c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:42:27.0430 0x085c iirsp - ok
10:42:27.0509 0x085c [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
10:42:27.0555 0x085c IKEEXT - ok
10:42:27.0598 0x085c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
10:42:27.0600 0x085c intelide - ok
10:42:27.0625 0x085c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:42:27.0629 0x085c intelppm - ok
10:42:27.0663 0x085c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:42:27.0670 0x085c IPBusEnum - ok
10:42:27.0694 0x085c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:42:27.0699 0x085c IpFilterDriver - ok
10:42:27.0760 0x085c [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:42:27.0803 0x085c iphlpsvc - ok
10:42:27.0832 0x085c [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:42:27.0845 0x085c IPMIDRV - ok
10:42:27.0872 0x085c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:42:27.0878 0x085c IPNAT - ok
10:42:27.0915 0x085c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:42:27.0917 0x085c IRENUM - ok
10:42:27.0940 0x085c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:42:27.0944 0x085c isapnp - ok
10:42:28.0001 0x085c [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:42:28.0014 0x085c iScsiPrt - ok
10:42:28.0052 0x085c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:42:28.0055 0x085c kbdclass - ok
10:42:28.0104 0x085c [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:42:28.0106 0x085c kbdhid - ok
10:42:28.0125 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
10:42:28.0130 0x085c KeyIso - ok
10:42:28.0174 0x085c [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:42:28.0179 0x085c KSecDD - ok
10:42:28.0210 0x085c [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:42:28.0227 0x085c KSecPkg - ok
10:42:28.0279 0x085c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:42:28.0305 0x085c KtmRm - ok
10:42:28.0338 0x085c [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:42:28.0373 0x085c LanmanServer - ok
10:42:28.0410 0x085c [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:42:28.0454 0x085c LanmanWorkstation - ok
10:42:28.0496 0x085c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:42:28.0500 0x085c lltdio - ok
10:42:28.0574 0x085c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:42:28.0588 0x085c lltdsvc - ok
10:42:28.0609 0x085c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:42:28.0615 0x085c lmhosts - ok
10:42:28.0659 0x085c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:42:28.0665 0x085c LSI_FC - ok
10:42:28.0688 0x085c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:42:28.0695 0x085c LSI_SAS - ok
10:42:28.0708 0x085c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:42:28.0715 0x085c LSI_SAS2 - ok
10:42:28.0738 0x085c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:42:28.0745 0x085c LSI_SCSI - ok
10:42:28.0788 0x085c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
10:42:28.0792 0x085c luafv - ok
10:42:28.0820 0x085c [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:42:28.0829 0x085c Mcx2Svc - ok
10:42:28.0840 0x085c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
10:42:28.0847 0x085c megasas - ok
10:42:28.0870 0x085c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:42:28.0883 0x085c MegaSR - ok
10:42:28.0944 0x085c Microsoft SharePoint Workspace Audit Service - ok
10:42:28.0963 0x085c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
10:42:28.0970 0x085c MMCSS - ok
10:42:28.0987 0x085c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
10:42:28.0991 0x085c Modem - ok
10:42:29.0022 0x085c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:42:29.0025 0x085c monitor - ok
10:42:29.0043 0x085c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:42:29.0046 0x085c mouclass - ok
10:42:29.0075 0x085c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\drivers\mouhid.sys
10:42:29.0086 0x085c mouhid - ok
10:42:29.0110 0x085c [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:42:29.0116 0x085c mountmgr - ok
10:42:29.0181 0x085c [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:42:29.0208 0x085c MpFilter - ok
10:42:29.0227 0x085c [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
10:42:29.0235 0x085c mpio - ok
10:42:29.0404 0x085c [ BB7BB66A8DAF16950F83AE7BF498AF8F, A96FC3BE055C52B98E7ECDF68D69081620F829B04B5496C73D87F271E40EA638 ] MpKsl49b9e412 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7A6A2DC-4510-43E7-96F1-D4A4E1E7717B}\MpKsl49b9e412.sys
10:42:29.0408 0x085c MpKsl49b9e412 - ok
10:42:29.0438 0x085c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:42:29.0452 0x085c mpsdrv - ok
10:42:29.0508 0x085c [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:42:29.0551 0x085c MpsSvc - ok
10:42:29.0605 0x085c [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:42:29.0623 0x085c MRxDAV - ok
10:42:29.0659 0x085c [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:42:29.0676 0x085c mrxsmb - ok
10:42:29.0723 0x085c [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:42:29.0741 0x085c mrxsmb10 - ok
10:42:29.0776 0x085c [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:42:29.0782 0x085c mrxsmb20 - ok
10:42:29.0814 0x085c [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
10:42:29.0818 0x085c msahci - ok
10:42:29.0853 0x085c [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:42:29.0863 0x085c msdsm - ok
10:42:29.0891 0x085c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
10:42:29.0902 0x085c MSDTC - ok
10:42:29.0937 0x085c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:42:29.0940 0x085c Msfs - ok
10:42:29.0975 0x085c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:42:29.0978 0x085c mshidkmdf - ok
10:42:29.0995 0x085c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:42:29.0998 0x085c msisadrv - ok
10:42:30.0038 0x085c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:42:30.0048 0x085c MSiSCSI - ok
10:42:30.0059 0x085c msiserver - ok
10:42:30.0094 0x085c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:42:30.0097 0x085c MSKSSRV - ok
10:42:30.0165 0x085c [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:42:30.0176 0x085c MsMpSvc - ok
10:42:30.0202 0x085c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:42:30.0205 0x085c MSPCLOCK - ok
10:42:30.0217 0x085c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:42:30.0220 0x085c MSPQM - ok
10:42:30.0248 0x085c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:42:30.0265 0x085c MsRPC - ok
10:42:30.0289 0x085c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:42:30.0292 0x085c mssmbios - ok
10:42:30.0314 0x085c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:42:30.0316 0x085c MSTEE - ok
10:42:30.0343 0x085c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:42:30.0347 0x085c MTConfig - ok
10:42:30.0372 0x085c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
10:42:30.0375 0x085c Mup - ok
10:42:30.0438 0x085c [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
10:42:30.0458 0x085c napagent - ok
10:42:30.0514 0x085c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:42:30.0540 0x085c NativeWifiP - ok
10:42:30.0633 0x085c [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:42:30.0679 0x085c NDIS - ok
10:42:30.0715 0x085c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:42:30.0732 0x085c NdisCap - ok
10:42:30.0760 0x085c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:42:30.0764 0x085c NdisTapi - ok
10:42:30.0801 0x085c [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:42:30.0805 0x085c Ndisuio - ok
10:42:30.0833 0x085c [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:42:30.0839 0x085c NdisWan - ok
10:42:30.0865 0x085c [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:42:30.0877 0x085c NDProxy - ok
10:42:30.0907 0x085c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:42:30.0912 0x085c NetBIOS - ok
10:42:30.0937 0x085c [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:42:30.0954 0x085c NetBT - ok
10:42:30.0971 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
10:42:30.0976 0x085c Netlogon - ok
10:42:31.0048 0x085c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
10:42:31.0075 0x085c Netman - ok
10:42:31.0124 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0157 0x085c NetMsmqActivator - ok
10:42:31.0175 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0183 0x085c NetPipeActivator - ok
10:42:31.0222 0x085c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
10:42:31.0248 0x085c netprofm - ok
10:42:31.0275 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0282 0x085c NetTcpActivator - ok
10:42:31.0315 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0322 0x085c NetTcpPortSharing - ok
10:42:31.0374 0x085c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:42:31.0378 0x085c nfrd960 - ok
10:42:31.0415 0x085c [ 6A83B8AF342E61DEE353BAA81F67B7DA, F883A69DC57A203CEF4A264ADA3669EFA11149FE479A32FF38A37C86D24D7DE7 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:42:31.0420 0x085c NisDrv - ok
10:42:31.0453 0x085c [ 877C975D6FED8B12C445312D1286771E, 2FD5F2FE0414D00B8E4EF389E1AD11356C14F700A906770B0AB88B464D963948 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:42:31.0467 0x085c NisSrv - ok
10:42:31.0509 0x085c [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:42:31.0535 0x085c NlaSvc - ok
10:42:31.0556 0x085c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:42:31.0559 0x085c Npfs - ok
10:42:31.0583 0x085c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
10:42:31.0590 0x085c nsi - ok
10:42:31.0609 0x085c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:42:31.0611 0x085c nsiproxy - ok
10:42:31.0711 0x085c [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:42:31.0787 0x085c Ntfs - ok
10:42:31.0810 0x085c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
10:42:31.0813 0x085c Null - ok
10:42:31.0851 0x085c [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:42:31.0858 0x085c nvraid - ok
10:42:31.0879 0x085c [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:42:31.0896 0x085c nvstor - ok
10:42:31.0927 0x085c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:42:31.0934 0x085c nv_agp - ok
10:42:31.0957 0x085c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:42:31.0970 0x085c ohci1394 - ok
10:42:32.0041 0x085c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:42:32.0058 0x085c ose - ok
10:42:32.0375 0x085c [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:42:32.0701 0x085c osppsvc - ok
10:42:33.0105 0x085c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:42:33.0177 0x085c p2pimsvc - ok
10:42:33.0503 0x085c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
10:42:33.0601 0x085c p2psvc - ok
10:42:33.0743 0x085c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\drivers\parport.sys
10:42:33.0972 0x085c Parport - ok
10:42:34.0118 0x085c [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:42:34.0210 0x085c partmgr - ok
10:42:34.0295 0x085c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:42:34.0391 0x085c Parvdm - ok
10:42:34.0541 0x085c [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:42:34.0611 0x085c PcaSvc - ok
10:42:34.0754 0x085c [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
10:42:34.0790 0x085c pci - ok
10:42:34.0958 0x085c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
10:42:34.0969 0x085c pciide - ok
10:42:35.0002 0x085c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:42:35.0017 0x085c pcmcia - ok
10:42:35.0040 0x085c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
10:42:35.0050 0x085c pcw - ok
10:42:35.0101 0x085c [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:42:35.0126 0x085c PEAUTH - ok
10:42:35.0221 0x085c [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:42:35.0299 0x085c PeerDistSvc - ok
10:42:35.0497 0x085c [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
10:42:35.0574 0x085c pla - ok
10:42:35.0643 0x085c [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:42:35.0675 0x085c PlugPlay - ok
10:42:35.0695 0x085c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:42:35.0700 0x085c PNRPAutoReg - ok
10:42:35.0740 0x085c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:42:35.0757 0x085c PNRPsvc - ok
10:42:35.0824 0x085c [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:42:35.0866 0x085c PolicyAgent - ok
10:42:35.0919 0x085c [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
10:42:35.0932 0x085c Power - ok
10:42:35.0980 0x085c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:42:35.0985 0x085c PptpMiniport - ok
10:42:36.0009 0x085c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
10:42:36.0014 0x085c Processor - ok
10:42:36.0050 0x085c [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:42:36.0068 0x085c ProfSvc - ok
10:42:36.0105 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:42:36.0110 0x085c ProtectedStorage - ok
10:42:36.0154 0x085c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:42:36.0173 0x085c Psched - ok
10:42:36.0274 0x085c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:42:36.0359 0x085c ql2300 - ok
10:42:36.0394 0x085c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:42:36.0415 0x085c ql40xx - ok
10:42:36.0600 0x085c QMIEProtect - ok
10:42:36.0609 0x085c QMUdisk - ok
10:42:36.0689 0x085c [ 5B56F95A13F51D5FA313475A9E33592A, E381FB559E60720AD892726F58B508CA7B636C4F5B36904F79C660D3FE22E8F9 ] QQPCRTP C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
10:42:36.0770 0x085c QQPCRTP - ok
10:42:36.0791 0x085c QQSysMon - ok
10:42:36.0863 0x085c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
10:42:36.0887 0x085c QWAVE - ok
10:42:36.0918 0x085c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:42:36.0923 0x085c QWAVEdrv - ok
10:42:36.0943 0x085c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:42:36.0946 0x085c RasAcd - ok
10:42:36.0996 0x085c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:42:37.0000 0x085c RasAgileVpn - ok
10:42:37.0044 0x085c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
10:42:37.0055 0x085c RasAuto - ok
10:42:37.0096 0x085c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:42:37.0101 0x085c Rasl2tp - ok
10:42:37.0166 0x085c [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
10:42:37.0192 0x085c RasMan - ok
10:42:37.0220 0x085c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:42:37.0226 0x085c RasPppoe - ok
10:42:37.0247 0x085c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:42:37.0251 0x085c RasSstp - ok
10:42:37.0282 0x085c [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:42:37.0298 0x085c rdbss - ok
10:42:37.0329 0x085c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:42:37.0341 0x085c rdpbus - ok
10:42:37.0361 0x085c [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:42:37.0363 0x085c RDPCDD - ok
10:42:37.0399 0x085c [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:42:37.0408 0x085c RDPDR - ok
10:42:37.0440 0x085c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:42:37.0443 0x085c RDPENCDD - ok
10:42:37.0462 0x085c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:42:37.0464 0x085c RDPREFMP - ok
10:42:37.0527 0x085c [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:42:37.0543 0x085c RdpVideoMiniport - ok
10:42:37.0605 0x085c [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:42:37.0623 0x085c RDPWD - ok
10:42:37.0671 0x085c [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:42:37.0688 0x085c rdyboost - ok
10:42:37.0724 0x085c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:42:37.0733 0x085c RemoteAccess - ok
10:42:37.0782 0x085c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:42:37.0799 0x085c RemoteRegistry - ok
10:42:37.0826 0x085c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:42:37.0847 0x085c RpcEptMapper - ok
10:42:37.0880 0x085c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
10:42:37.0886 0x085c RpcLocator - ok
10:42:37.0947 0x085c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
10:42:37.0969 0x085c RpcSs - ok
10:42:38.0000 0x085c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:42:38.0003 0x085c rspndr - ok
10:42:38.0029 0x085c [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:42:38.0055 0x085c s3cap - ok
10:42:38.0077 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
10:42:38.0082 0x085c SamSs - ok
10:42:38.0219 0x085c [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:42:38.0226 0x085c sbp2port - ok
10:42:38.0256 0x085c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:42:38.0271 0x085c SCardSvr - ok
10:42:38.0282 0x085c [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:42:38.0287 0x085c scfilter - ok
10:42:38.0360 0x085c [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
10:42:38.0410 0x085c Schedule - ok
10:42:38.0431 0x085c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:42:38.0436 0x085c SCPolicySvc - ok
10:42:38.0477 0x085c [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:42:38.0490 0x085c SDRSVC - ok
10:42:38.0528 0x085c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:42:38.0532 0x085c secdrv - ok
10:42:38.0558 0x085c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
10:42:38.0566 0x085c seclogon - ok
10:42:38.0585 0x085c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
10:42:38.0594 0x085c SENS - ok
10:42:38.0616 0x085c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:42:38.0625 0x085c SensrSvc - ok
10:42:38.0648 0x085c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:42:38.0652 0x085c Serenum - ok
10:42:38.0686 0x085c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\drivers\serial.sys
10:42:38.0692 0x085c Serial - ok
10:42:38.0715 0x085c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:42:38.0719 0x085c sermouse - ok
10:42:38.0776 0x085c [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
10:42:38.0789 0x085c SessionEnv - ok
10:42:38.0804 0x085c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:42:38.0807 0x085c sffdisk - ok
10:42:38.0825 0x085c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:42:38.0833 0x085c sffp_mmc - ok
10:42:38.0856 0x085c [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:42:38.0859 0x085c sffp_sd - ok
10:42:38.0878 0x085c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:42:41.0342 0x085c sfloppy - ok
10:42:41.0401 0x085c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:42:41.0452 0x085c SharedAccess - ok
10:42:41.0502 0x085c [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:42:41.0553 0x085c ShellHWDetection - ok
10:42:41.0602 0x085c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:42:41.0607 0x085c sisagp - ok
10:42:41.0658 0x085c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:42:41.0662 0x085c SiSRaid2 - ok
10:42:41.0685 0x085c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:42:41.0691 0x085c SiSRaid4 - ok
10:42:41.0733 0x085c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:42:41.0739 0x085c Smb - ok
10:42:41.0781 0x085c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:42:41.0791 0x085c SNMPTRAP - ok
10:42:41.0807 0x085c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
10:42:41.0810 0x085c spldr - ok
10:42:41.0874 0x085c [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
10:42:41.0899 0x085c Spooler - ok
10:42:42.0177 0x085c [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
10:42:42.0383 0x085c sppsvc - ok
10:42:42.0420 0x085c [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:42:42.0431 0x085c sppuinotify - ok
10:42:42.0475 0x085c [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:42:42.0525 0x085c srv - ok
10:42:42.0564 0x085c [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:42:42.0606 0x085c srv2 - ok
10:42:42.0647 0x085c [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:42:42.0673 0x085c srvnet - ok
10:42:42.0713 0x085c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:42:42.0731 0x085c SSDPSRV - ok
10:42:42.0769 0x085c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:42:42.0783 0x085c SstpSvc - ok
10:42:42.0855 0x085c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:42:42.0860 0x085c stexstor - ok
10:42:42.0918 0x085c [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
10:42:42.0954 0x085c StiSvc - ok
10:42:42.0982 0x085c [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:42:42.0986 0x085c storflt - ok
10:42:43.0022 0x085c [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
10:42:43.0030 0x085c StorSvc - ok
10:42:43.0055 0x085c [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:42:43.0061 0x085c storvsc - ok
10:42:43.0094 0x085c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:42:43.0097 0x085c swenum - ok
10:42:43.0142 0x085c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
10:42:43.0168 0x085c swprv - ok
10:42:43.0286 0x085c [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
10:42:43.0373 0x085c SysMain - ok
10:42:43.0415 0x085c [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
10:42:43.0425 0x085c TabletInputService - ok
10:42:43.0497 0x085c [ F05047626E0390FF2792835500F70920, EF5E65602387B69735DDD7A82F03FFD551A28308E81670543633C29057566AE0 ] TAOAccelerator C:\Windows\system32\Drivers\TAOAccelerator.sys
10:42:43.0510 0x085c TAOAccelerator - ok
10:42:43.0541 0x085c [ D1AC9003E39B6239792F844557ACD5E6, C8F54971F2B1231BEC1760B99ECEA27E0AD60AAA664428B5C278A3C7C024C756 ] TAOKernelDriver C:\Windows\system32\Drivers\TAOKernel.sys
10:42:43.0557 0x085c TAOKernelDriver - ok
10:42:43.0596 0x085c [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
10:42:43.0621 0x085c TapiSrv - ok
10:42:43.0642 0x085c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
10:42:43.0665 0x085c TBS - ok
10:42:43.0782 0x085c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:42:43.0865 0x085c Tcpip - ok
10:42:43.0976 0x085c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:42:44.0028 0x085c TCPIP6 - ok
10:42:44.0087 0x085c [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:42:44.0091 0x085c tcpipreg - ok
10:42:44.0130 0x085c [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:42:44.0134 0x085c TDPIPE - ok
10:42:44.0162 0x085c [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:42:44.0166 0x085c TDTCP - ok
10:42:44.0199 0x085c [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:42:44.0205 0x085c tdx - ok
10:42:44.0240 0x085c [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:42:44.0245 0x085c TermDD - ok
10:42:44.0303 0x085c [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
10:42:44.0353 0x085c TermService - ok
10:42:44.0471 0x085c [ 4E607FA5DF30D62EAB84E2D4745745F6, 61FE896F8774DFDD772367D3FAA398E6A513F3A1931FBB120E1E2D8347EA625B ] TFsFlt C:\Windows\system32\Drivers\TFsFlt.sys
10:42:44.0480 0x085c TFsFlt - ok
10:42:44.0528 0x085c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
10:42:44.0533 0x085c Themes - ok
10:42:44.0555 0x085c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
10:42:44.0560 0x085c THREADORDER - ok
10:42:44.0605 0x085c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
10:42:44.0620 0x085c TrkWks - ok
10:42:44.0706 0x085c [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:42:44.0740 0x085c TrustedInstaller - ok
10:42:44.0750 0x085c TS888 - ok
10:42:44.0813 0x085c [ DA5F124A8D025AFA1E44E231AD222B8B, 43DBAE62CC3929B53253782BB5229F339B109E568AEFB565081CEC386B2A7B02 ] TSDefenseBt C:\Windows\system32\DRIVERS\TSDefenseBt.sys
10:42:44.0815 0x085c TSDefenseBt - ok
10:42:44.0850 0x085c [ 25C7982D4294CB464606A24A5A0B3B44, 2AAEC324BA21F87CE6FD36307DE32CC15582AE946FB9F674FC669DCCA8B794B7 ] TsFltMgr C:\Windows\system32\drivers\TsFltMgr.sys
10:42:44.0866 0x085c TsFltMgr - ok
10:42:44.0875 0x085c TSKSP - ok
10:42:44.0911 0x085c [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:42:44.0937 0x085c tssecsrv - ok
10:42:44.0981 0x085c [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:42:44.0986 0x085c TsUsbFlt - ok
10:42:45.0013 0x085c [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:42:45.0017 0x085c TsUsbGD - ok
10:42:45.0066 0x085c [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:42:45.0073 0x085c tunnel - ok
10:42:45.0095 0x085c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:42:45.0100 0x085c uagp35 - ok
10:42:45.0138 0x085c [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:42:45.0154 0x085c udfs - ok
10:42:45.0192 0x085c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:42:45.0201 0x085c UI0Detect - ok
10:42:45.0235 0x085c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:42:45.0240 0x085c uliagpkx - ok
10:42:45.0282 0x085c [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:42:45.0286 0x085c umbus - ok
10:42:45.0315 0x085c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:42:45.0318 0x085c UmPass - ok
10:42:45.0356 0x085c [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
10:42:45.0374 0x085c UmRdpService - ok
10:42:45.0415 0x085c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
10:42:45.0440 0x085c upnphost - ok
10:42:45.0492 0x085c [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:42:45.0511 0x085c usbccgp - ok
10:42:45.0561 0x085c [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:42:45.0568 0x085c usbcir - ok
10:42:45.0603 0x085c [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:42:45.0607 0x085c usbehci - ok
10:42:45.0672 0x085c [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:42:45.0696 0x085c usbhub - ok
10:42:45.0715 0x085c [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:42:45.0719 0x085c usbohci - ok
10:42:45.0751 0x085c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:42:45.0755 0x085c usbprint - ok
10:42:45.0789 0x085c [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:42:46.0236 0x085c USBSTOR - ok
10:42:46.0273 0x085c [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:42:46.0277 0x085c usbuhci - ok
10:42:46.0303 0x085c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
10:42:46.0312 0x085c UxSms - ok
10:42:46.0331 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
10:42:46.0336 0x085c VaultSvc - ok
10:42:46.0378 0x085c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:42:46.0382 0x085c vdrvroot - ok
10:42:46.0430 0x085c [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
10:42:46.0465 0x085c vds - ok
10:42:46.0498 0x085c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:42:46.0501 0x085c vga - ok
10:42:46.0540 0x085c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:42:46.0542 0x085c VgaSave - ok
10:42:46.0582 0x085c [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:42:46.0600 0x085c vhdmp - ok
10:42:46.0631 0x085c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:42:46.0637 0x085c viaagp - ok
10:42:46.0663 0x085c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:42:46.0667 0x085c ViaC7 - ok
10:42:46.0708 0x085c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
10:42:46.0711 0x085c viaide - ok
10:42:46.0733 0x085c [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:42:46.0743 0x085c vmbus - ok
10:42:46.0772 0x085c [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:42:46.0792 0x085c VMBusHID - ok
10:42:46.0818 0x085c [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:42:46.0822 0x085c volmgr - ok
10:42:46.0853 0x085c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:42:46.0879 0x085c volmgrx - ok
10:42:46.0939 0x085c [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:42:46.0956 0x085c volsnap - ok
10:42:47.0006 0x085c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:42:47.0024 0x085c vsmraid - ok
10:42:47.0151 0x085c [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
10:42:47.0226 0x085c VSS - ok
10:42:47.0251 0x085c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:42:47.0255 0x085c vwifibus - ok
10:42:47.0311 0x085c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
10:42:47.0362 0x085c W32Time - ok
10:42:47.0399 0x085c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:42:47.0403 0x085c WacomPen - ok
10:42:47.0435 0x085c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:42:47.0440 0x085c WANARP - ok
10:42:47.0452 0x085c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:42:47.0456 0x085c Wanarpv6 - ok
10:42:47.0640 0x085c [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:42:47.0728 0x085c WatAdminSvc - ok
10:42:47.0924 0x085c [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
10:42:48.0009 0x085c wbengine - ok
10:42:48.0061 0x085c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:42:48.0078 0x085c WbioSrvc - ok
10:42:48.0123 0x085c [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:42:48.0148 0x085c wcncsvc - ok
10:42:48.0177 0x085c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:42:48.0188 0x085c WcsPlugInService - ok
10:42:48.0236 0x085c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
10:42:48.0240 0x085c Wd - ok
10:42:48.0293 0x085c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:42:48.0327 0x085c Wdf01000 - ok
10:42:48.0366 0x085c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:42:48.0376 0x085c WdiServiceHost - ok
10:42:48.0390 0x085c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:42:48.0401 0x085c WdiSystemHost - ok
10:42:48.0438 0x085c [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
10:42:48.0480 0x085c WebClient - ok
10:42:48.0529 0x085c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:42:48.0555 0x085c Wecsvc - ok
10:42:48.0582 0x085c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:42:48.0592 0x085c wercplsupport - ok
10:42:48.0642 0x085c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
10:42:48.0655 0x085c WerSvc - ok
10:42:48.0685 0x085c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:42:48.0688 0x085c WfpLwf - ok
10:42:48.0709 0x085c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:42:48.0713 0x085c WIMMount - ok
10:42:48.0799 0x085c [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:42:48.0868 0x085c WinDefend - ok
10:42:48.0918 0x085c WinHttpAutoProxySvc - ok
10:42:48.0991 0x085c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:42:49.0009 0x085c Winmgmt - ok
10:42:49.0116 0x085c [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
10:42:49.0200 0x085c WinRM - ok
10:42:49.0269 0x085c [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:42:49.0273 0x085c WinUsb - ok
10:42:49.0351 0x085c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:42:49.0446 0x085c Wlansvc - ok
10:42:49.0501 0x085c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:42:49.0504 0x085c WmiAcpi - ok
10:42:49.0556 0x085c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:42:49.0565 0x085c wmiApSrv - ok
10:42:49.0664 0x085c [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:42:49.0732 0x085c WMPNetworkSvc - ok
10:42:49.0761 0x085c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:42:49.0770 0x085c WPCSvc - ok
10:42:49.0795 0x085c [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:42:49.0808 0x085c WPDBusEnum - ok
10:42:49.0825 0x085c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:42:49.0829 0x085c ws2ifsl - ok
10:42:49.0853 0x085c [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
10:42:49.0865 0x085c wscsvc - ok
10:42:49.0875 0x085c WSearch - ok
10:42:50.0071 0x085c [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
10:42:50.0199 0x085c wuauserv - ok
10:42:50.0271 0x085c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:42:50.0283 0x085c WudfPf - ok
10:42:50.0325 0x085c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:42:50.0339 0x085c WUDFRd - ok
10:42:50.0379 0x085c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:42:50.0387 0x085c wudfsvc - ok
10:42:50.0429 0x085c [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
10:42:50.0446 0x085c WwanSvc - ok
10:42:50.0484 0x085c ================ Scan global ===============================
10:42:50.0515 0x085c [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
10:42:50.0545 0x085c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:42:50.0573 0x085c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:42:50.0617 0x085c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
10:42:50.0656 0x085c [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
10:42:50.0671 0x085c [ Global ] - ok
10:42:50.0672 0x085c ================ Scan MBR ==================================
10:42:50.0684 0x085c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:42:50.0868 0x085c \Device\Harddisk0\DR0 - ok
10:42:50.0869 0x085c ================ Scan VBR ==================================
10:42:50.0876 0x085c [ 72AEE4CCDFC0E5E59BC082E15A780779 ] \Device\Harddisk0\DR0\Partition1
10:42:50.0880 0x085c \Device\Harddisk0\DR0\Partition1 - ok
10:42:50.0889 0x085c [ FB19E6AE57A79E3FBF94589C27756AA8 ] \Device\Harddisk0\DR0\Partition2
10:42:50.0891 0x085c \Device\Harddisk0\DR0\Partition2 - ok
10:42:50.0895 0x085c ================ Scan generic autorun ======================
10:42:50.0977 0x085c [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] c:\Program Files\Microsoft Security Client\msseces.exe
10:42:51.0050 0x085c MSC - ok
10:42:51.0098 0x085c [ 68239842340DDFF8993DFD9127553EDA, 9FEC34A35D5A91FEF1C4859AFD0C2538C5CD3E1792FB118487368CFDF66CBCA0 ] C:\Windows\system32\igfxtray.exe
10:42:51.0127 0x085c IgfxTray - ok
10:42:51.0155 0x085c [ 004763BDF8E48244DBB9FDFDE3065EBC, AA88911C51D73C501C67F62A907425EF91D1820D3ED581F0952619EBB6216F14 ] C:\Windows\system32\hkcmd.exe
10:42:51.0171 0x085c HotKeysCmds - ok
10:42:51.0192 0x085c [ CD1102E5D340216138C7F56FA8D26998, 805BE128B6A52E304A91AD44B6A7322BAD5F72CD400DB5E74D8EF47424894266 ] C:\Windows\system32\igfxpers.exe
10:42:51.0208 0x085c Persistence - ok
10:42:51.0268 0x085c [ CBF182B8F76D28BFA4054D38D6551247, 3BB617DE6B424CB32CF2B0473777EF73199DA384EA5EB84888C6D38E0BAD2D4B ] C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
10:42:51.0317 0x085c QQPCTray - ok
10:42:51.0321 0x085c Waiting for KSN requests completion. In queue: 44
10:42:52.0322 0x085c Waiting for KSN requests completion. In queue: 44
10:42:53.0322 0x085c Waiting for KSN requests completion. In queue: 44
10:42:54.0616 0x085c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
10:42:54.0626 0x085c AV detected via SS2: 电脑管家系统防护, C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCMgr.exe ( ), 0x51000 ( enabled : updated )
10:42:54.0735 0x085c Win FW state via NFP2: enabled ( trusted )
10:42:57.0146 0x085c ============================================================
10:42:57.0146 0x085c Scan finished
10:42:57.0146 0x085c ============================================================
10:42:57.0181 0x0ac0 Detected object count: 0
10:42:57.0181 0x0ac0 Actual detected object count: 0
10:43:05.0131 0x0d0c Deinitialize success
10:41:50.0557 0x028c TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
10:41:54.0579 0x028c ============================================================
10:41:54.0579 0x028c Current date / time: 2016/01/19 10:41:54.0579
10:41:54.0579 0x028c SystemInfo:
10:41:54.0579 0x028c
10:41:54.0579 0x028c OS Version: 6.1.7601 ServicePack: 1.0
10:41:54.0580 0x028c Product type: Workstation
10:41:54.0580 0x028c ComputerName: ADMINHPC-PC
10:41:54.0580 0x028c UserName: Admin
10:41:54.0580 0x028c Windows directory: C:\Windows
10:41:54.0580 0x028c System windows directory: C:\Windows
10:41:54.0580 0x028c Processor architecture: Intel x86
10:41:54.0581 0x028c Number of processors: 2
10:41:54.0581 0x028c Page size: 0x1000
10:41:54.0581 0x028c Boot type: Normal boot
10:41:54.0581 0x028c ============================================================
10:41:58.0835 0x028c KLMD registered as C:\Windows\system32\drivers\42229146.sys
10:42:02.0260 0x028c System UUID: {72468CB9-0C70-61D0-6EC1-F310679A688F}
10:42:05.0355 0x028c Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:42:05.0495 0x028c ============================================================
10:42:05.0495 0x028c \Device\Harddisk0\DR0:
10:42:05.0495 0x028c MBR partitions:
10:42:05.0495 0x028c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:42:05.0495 0x028c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
10:42:05.0495 0x028c ============================================================
10:42:05.0524 0x028c C: <-> \Device\Harddisk0\DR0\Partition2
10:42:05.0644 0x028c ============================================================
10:42:05.0644 0x028c Initialize success
10:42:05.0645 0x028c ============================================================
10:42:09.0316 0x085c ============================================================
10:42:09.0317 0x085c Scan started
10:42:09.0317 0x085c Mode: Manual;
10:42:09.0317 0x085c ============================================================
10:42:09.0317 0x085c KSN ping started
10:42:14.0435 0x085c KSN ping finished: true
10:42:15.0282 0x085c ================ Scan system memory ========================
10:42:15.0282 0x085c System memory - ok
10:42:15.0283 0x085c ================ Scan services =============================
10:42:15.0568 0x085c [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:42:15.0615 0x085c 1394ohci - ok
10:42:15.0763 0x085c [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:42:15.0806 0x085c ACPI - ok
10:42:15.0834 0x085c [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:42:15.0878 0x085c AcpiPmi - ok
10:42:15.0966 0x085c [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:42:15.0971 0x085c AdobeARMservice - ok
10:42:16.0116 0x085c [ 84DB0A40692CF8A58D1E3710FA5D121F, 0C29C59CAF056C79F56957DB06A8CF480D5BD7BDF6A4F0E9A72653806CF154D0 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:42:16.0126 0x085c AdobeFlashPlayerUpdateSvc - ok
10:42:16.0187 0x085c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:42:16.0238 0x085c adp94xx - ok
10:42:16.0264 0x085c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:42:16.0295 0x085c adpahci - ok
10:42:16.0327 0x085c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:42:16.0381 0x085c adpu320 - ok
10:42:16.0420 0x085c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:42:16.0436 0x085c AeLookupSvc - ok
10:42:16.0500 0x085c [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
10:42:16.0543 0x085c AFD - ok
10:42:16.0570 0x085c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
10:42:16.0615 0x085c agp440 - ok
10:42:16.0643 0x085c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:42:16.0685 0x085c aic78xx - ok
10:42:16.0712 0x085c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
10:42:16.0718 0x085c ALG - ok
10:42:16.0748 0x085c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
10:42:16.0762 0x085c aliide - ok
10:42:16.0790 0x085c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:42:16.0793 0x085c amdagp - ok
10:42:16.0817 0x085c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
10:42:16.0849 0x085c amdide - ok
10:42:16.0869 0x085c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:42:16.0896 0x085c AmdK8 - ok
10:42:16.0909 0x085c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:42:16.0974 0x085c AmdPPM - ok
10:42:17.0007 0x085c [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:42:17.0023 0x085c amdsata - ok
10:42:17.0053 0x085c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:42:17.0104 0x085c amdsbs - ok
10:42:17.0150 0x085c [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:42:17.0165 0x085c amdxata - ok
10:42:17.0202 0x085c [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
10:42:17.0235 0x085c AppID - ok
10:42:17.0272 0x085c [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:42:17.0276 0x085c AppIDSvc - ok
10:42:17.0311 0x085c [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
10:42:17.0314 0x085c Appinfo - ok
10:42:17.0356 0x085c [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:42:17.0374 0x085c AppMgmt - ok
10:42:17.0410 0x085c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
10:42:17.0469 0x085c arc - ok
10:42:17.0486 0x085c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:42:17.0525 0x085c arcsas - ok
10:42:17.0626 0x085c [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:42:17.0683 0x085c aspnet_state - ok
10:42:17.0712 0x085c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:42:17.0733 0x085c AsyncMac - ok
10:42:17.0760 0x085c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
10:42:17.0819 0x085c atapi - ok
10:42:17.0876 0x085c [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:42:17.0912 0x085c AudioEndpointBuilder - ok
10:42:17.0943 0x085c [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:42:17.0964 0x085c Audiosrv - ok
10:42:18.0007 0x085c [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:42:18.0013 0x085c AxInstSV - ok
10:42:18.0101 0x085c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
10:42:18.0142 0x085c b06bdrv - ok
10:42:18.0193 0x085c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:42:18.0242 0x085c b57nd60x - ok
10:42:18.0268 0x085c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
10:42:18.0274 0x085c BDESVC - ok
10:42:18.0291 0x085c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
10:42:18.0312 0x085c Beep - ok
10:42:18.0373 0x085c [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
10:42:18.0407 0x085c BFE - ok
10:42:18.0569 0x085c [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\system32\qmgr.dll
10:42:18.0644 0x085c BITS - ok
10:42:18.0701 0x085c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:42:18.0742 0x085c blbdrive - ok
10:42:18.0775 0x085c [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:42:18.0780 0x085c bowser - ok
10:42:18.0802 0x085c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:42:18.0841 0x085c BrFiltLo - ok
10:42:18.0868 0x085c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:42:18.0884 0x085c BrFiltUp - ok
10:42:18.0910 0x085c [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:42:18.0934 0x085c BridgeMP - ok
10:42:18.0975 0x085c [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
10:42:19.0003 0x085c Browser - ok
10:42:19.0042 0x085c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:42:19.0084 0x085c Brserid - ok
10:42:19.0116 0x085c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:42:19.0130 0x085c BrSerWdm - ok
10:42:19.0154 0x085c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:42:19.0165 0x085c BrUsbMdm - ok
10:42:19.0187 0x085c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:42:19.0199 0x085c BrUsbSer - ok
10:42:19.0210 0x085c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:42:19.0231 0x085c BTHMODEM - ok
10:42:19.0286 0x085c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
10:42:19.0305 0x085c bthserv - ok
10:42:19.0500 0x085c catchme - ok
10:42:19.0534 0x085c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:42:19.0582 0x085c cdfs - ok
10:42:19.0634 0x085c [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:42:19.0812 0x085c cdrom - ok
10:42:19.0835 0x085c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
10:42:19.0841 0x085c CertPropSvc - ok
10:42:19.0860 0x085c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
10:42:19.0875 0x085c circlass - ok
10:42:19.0915 0x085c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
10:42:19.0931 0x085c CLFS - ok
10:42:20.0001 0x085c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:42:20.0012 0x085c clr_optimization_v2.0.50727_32 - ok
10:42:20.0051 0x085c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:42:20.0151 0x085c clr_optimization_v4.0.30319_32 - ok
10:42:20.0177 0x085c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:42:20.0213 0x085c CmBatt - ok
10:42:20.0238 0x085c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:42:20.0253 0x085c cmdide - ok
10:42:20.0318 0x085c [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
10:42:20.0343 0x085c CNG - ok
10:42:20.0359 0x085c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:42:20.0375 0x085c Compbatt - ok
10:42:20.0404 0x085c [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:42:20.0417 0x085c CompositeBus - ok
10:42:20.0439 0x085c COMSysApp - ok
10:42:20.0462 0x085c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:42:20.0465 0x085c crcdisk - ok
10:42:20.0511 0x085c [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:42:20.0529 0x085c CryptSvc - ok
10:42:20.0573 0x085c [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
10:42:20.0618 0x085c CSC - ok
10:42:20.0743 0x085c [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
10:42:20.0772 0x085c CscService - ok
10:42:20.0832 0x085c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
10:42:20.0875 0x085c DcomLaunch - ok
10:42:20.0913 0x085c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
10:42:20.0948 0x085c defragsvc - ok
10:42:20.0982 0x085c [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:42:21.0030 0x085c DfsC - ok
10:42:21.0080 0x085c [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:42:21.0155 0x085c Dhcp - ok
10:42:21.0181 0x085c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
10:42:21.0209 0x085c discache - ok
10:42:21.0250 0x085c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
10:42:21.0259 0x085c Disk - ok
10:42:21.0302 0x085c [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:42:21.0348 0x085c dmvsc - ok
10:42:21.0380 0x085c [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:42:21.0430 0x085c Dnscache - ok
10:42:21.0472 0x085c [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
10:42:21.0521 0x085c dot3svc - ok
10:42:21.0548 0x085c [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
10:42:21.0607 0x085c DPS - ok
10:42:21.0650 0x085c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:42:21.0708 0x085c drmkaud - ok
10:42:21.0772 0x085c [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:42:21.0833 0x085c DXGKrnl - ok
10:42:21.0870 0x085c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
10:42:21.0887 0x085c EapHost - ok
10:42:22.0127 0x085c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
10:42:22.0342 0x085c ebdrv - ok
10:42:22.0410 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
10:42:22.0422 0x085c EFS - ok
10:42:22.0679 0x085c [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:42:22.0724 0x085c ehRecvr - ok
10:42:22.0761 0x085c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
10:42:22.0776 0x085c ehSched - ok
10:42:22.0838 0x085c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:42:22.0881 0x085c elxstor - ok
10:42:22.0913 0x085c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:42:22.0928 0x085c ErrDev - ok
10:42:23.0014 0x085c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
10:42:23.0056 0x085c EventSystem - ok
10:42:23.0108 0x085c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
10:42:23.0131 0x085c exfat - ok
10:42:23.0213 0x085c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:42:23.0272 0x085c fastfat - ok
10:42:23.0504 0x085c [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
10:42:23.0535 0x085c Fax - ok
10:42:23.0576 0x085c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:42:23.0623 0x085c fdc - ok
10:42:23.0655 0x085c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
10:42:23.0686 0x085c fdPHost - ok
10:42:23.0709 0x085c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
10:42:23.0739 0x085c FDResPub - ok
10:42:23.0757 0x085c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:42:23.0776 0x085c FileInfo - ok
10:42:23.0811 0x085c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:42:23.0831 0x085c Filetrace - ok
10:42:23.0851 0x085c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:42:23.0878 0x085c flpydisk - ok
10:42:23.0944 0x085c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:42:23.0960 0x085c FltMgr - ok
10:42:24.0166 0x085c [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
10:42:24.0241 0x085c FontCache - ok
10:42:24.0317 0x085c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:42:24.0341 0x085c FontCache3.0.0.0 - ok
10:42:24.0365 0x085c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:42:24.0411 0x085c FsDepends - ok
10:42:24.0444 0x085c [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:42:24.0477 0x085c Fs_Rec - ok
10:42:24.0529 0x085c [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:42:24.0571 0x085c fvevol - ok
10:42:24.0613 0x085c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:42:24.0714 0x085c gagp30kx - ok
10:42:24.0775 0x085c [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
10:42:24.0852 0x085c gpsvc - ok
10:42:24.0996 0x085c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:42:25.0018 0x085c gupdate - ok
10:42:25.0033 0x085c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:42:25.0040 0x085c gupdatem - ok
10:42:25.0072 0x085c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:42:25.0136 0x085c hcw85cir - ok
10:42:25.0195 0x085c [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:42:25.0253 0x085c HdAudAddService - ok
10:42:25.0304 0x085c [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:42:25.0325 0x085c HDAudBus - ok
10:42:25.0374 0x085c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:42:25.0386 0x085c HidBatt - ok
10:42:25.0411 0x085c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:42:25.0456 0x085c HidBth - ok
10:42:25.0504 0x085c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
10:42:25.0526 0x085c HidIr - ok
10:42:25.0579 0x085c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
10:42:25.0590 0x085c hidserv - ok
10:42:25.0630 0x085c [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:42:25.0659 0x085c HidUsb - ok
10:42:25.0691 0x085c [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
10:42:25.0702 0x085c hkmsvc - ok
10:42:25.0751 0x085c [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:42:25.0773 0x085c HomeGroupListener - ok
10:42:25.0815 0x085c [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:42:25.0829 0x085c HomeGroupProvider - ok
10:42:25.0893 0x085c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:42:25.0900 0x085c HpSAMD - ok
10:42:25.0987 0x085c [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:42:26.0030 0x085c HTTP - ok
10:42:26.0071 0x085c [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:42:26.0083 0x085c hwpolicy - ok
10:42:26.0132 0x085c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:42:26.0137 0x085c i8042prt - ok
10:42:26.0201 0x085c [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:42:26.0218 0x085c iaStorV - ok
10:42:26.0349 0x085c [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:42:26.0418 0x085c idsvc - ok
10:42:26.0509 0x085c IEEtwCollectorService - ok
10:42:27.0104 0x085c [ 9467514EA189475A6E7FDC5D7BDE9D3F, E6F5B99BF6B614832770F9310B06334A8174C7660DDEC7589433640527A14683 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
10:42:27.0366 0x085c igfx - ok
10:42:27.0425 0x085c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:42:27.0430 0x085c iirsp - ok
10:42:27.0509 0x085c [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
10:42:27.0555 0x085c IKEEXT - ok
10:42:27.0598 0x085c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
10:42:27.0600 0x085c intelide - ok
10:42:27.0625 0x085c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:42:27.0629 0x085c intelppm - ok
10:42:27.0663 0x085c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:42:27.0670 0x085c IPBusEnum - ok
10:42:27.0694 0x085c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:42:27.0699 0x085c IpFilterDriver - ok
10:42:27.0760 0x085c [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:42:27.0803 0x085c iphlpsvc - ok
10:42:27.0832 0x085c [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:42:27.0845 0x085c IPMIDRV - ok
10:42:27.0872 0x085c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:42:27.0878 0x085c IPNAT - ok
10:42:27.0915 0x085c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:42:27.0917 0x085c IRENUM - ok
10:42:27.0940 0x085c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:42:27.0944 0x085c isapnp - ok
10:42:28.0001 0x085c [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:42:28.0014 0x085c iScsiPrt - ok
10:42:28.0052 0x085c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:42:28.0055 0x085c kbdclass - ok
10:42:28.0104 0x085c [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:42:28.0106 0x085c kbdhid - ok
10:42:28.0125 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
10:42:28.0130 0x085c KeyIso - ok
10:42:28.0174 0x085c [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:42:28.0179 0x085c KSecDD - ok
10:42:28.0210 0x085c [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:42:28.0227 0x085c KSecPkg - ok
10:42:28.0279 0x085c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:42:28.0305 0x085c KtmRm - ok
10:42:28.0338 0x085c [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:42:28.0373 0x085c LanmanServer - ok
10:42:28.0410 0x085c [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:42:28.0454 0x085c LanmanWorkstation - ok
10:42:28.0496 0x085c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:42:28.0500 0x085c lltdio - ok
10:42:28.0574 0x085c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:42:28.0588 0x085c lltdsvc - ok
10:42:28.0609 0x085c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:42:28.0615 0x085c lmhosts - ok
10:42:28.0659 0x085c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:42:28.0665 0x085c LSI_FC - ok
10:42:28.0688 0x085c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:42:28.0695 0x085c LSI_SAS - ok
10:42:28.0708 0x085c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:42:28.0715 0x085c LSI_SAS2 - ok
10:42:28.0738 0x085c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:42:28.0745 0x085c LSI_SCSI - ok
10:42:28.0788 0x085c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
10:42:28.0792 0x085c luafv - ok
10:42:28.0820 0x085c [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:42:28.0829 0x085c Mcx2Svc - ok
10:42:28.0840 0x085c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
10:42:28.0847 0x085c megasas - ok
10:42:28.0870 0x085c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:42:28.0883 0x085c MegaSR - ok
10:42:28.0944 0x085c Microsoft SharePoint Workspace Audit Service - ok
10:42:28.0963 0x085c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
10:42:28.0970 0x085c MMCSS - ok
10:42:28.0987 0x085c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
10:42:28.0991 0x085c Modem - ok
10:42:29.0022 0x085c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:42:29.0025 0x085c monitor - ok
10:42:29.0043 0x085c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:42:29.0046 0x085c mouclass - ok
10:42:29.0075 0x085c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\drivers\mouhid.sys
10:42:29.0086 0x085c mouhid - ok
10:42:29.0110 0x085c [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:42:29.0116 0x085c mountmgr - ok
10:42:29.0181 0x085c [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:42:29.0208 0x085c MpFilter - ok
10:42:29.0227 0x085c [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
10:42:29.0235 0x085c mpio - ok
10:42:29.0404 0x085c [ BB7BB66A8DAF16950F83AE7BF498AF8F, A96FC3BE055C52B98E7ECDF68D69081620F829B04B5496C73D87F271E40EA638 ] MpKsl49b9e412 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7A6A2DC-4510-43E7-96F1-D4A4E1E7717B}\MpKsl49b9e412.sys
10:42:29.0408 0x085c MpKsl49b9e412 - ok
10:42:29.0438 0x085c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:42:29.0452 0x085c mpsdrv - ok
10:42:29.0508 0x085c [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:42:29.0551 0x085c MpsSvc - ok
10:42:29.0605 0x085c [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:42:29.0623 0x085c MRxDAV - ok
10:42:29.0659 0x085c [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:42:29.0676 0x085c mrxsmb - ok
10:42:29.0723 0x085c [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:42:29.0741 0x085c mrxsmb10 - ok
10:42:29.0776 0x085c [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:42:29.0782 0x085c mrxsmb20 - ok
10:42:29.0814 0x085c [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
10:42:29.0818 0x085c msahci - ok
10:42:29.0853 0x085c [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:42:29.0863 0x085c msdsm - ok
10:42:29.0891 0x085c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
10:42:29.0902 0x085c MSDTC - ok
10:42:29.0937 0x085c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:42:29.0940 0x085c Msfs - ok
10:42:29.0975 0x085c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:42:29.0978 0x085c mshidkmdf - ok
10:42:29.0995 0x085c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:42:29.0998 0x085c msisadrv - ok
10:42:30.0038 0x085c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:42:30.0048 0x085c MSiSCSI - ok
10:42:30.0059 0x085c msiserver - ok
10:42:30.0094 0x085c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:42:30.0097 0x085c MSKSSRV - ok
10:42:30.0165 0x085c [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:42:30.0176 0x085c MsMpSvc - ok
10:42:30.0202 0x085c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:42:30.0205 0x085c MSPCLOCK - ok
10:42:30.0217 0x085c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:42:30.0220 0x085c MSPQM - ok
10:42:30.0248 0x085c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:42:30.0265 0x085c MsRPC - ok
10:42:30.0289 0x085c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:42:30.0292 0x085c mssmbios - ok
10:42:30.0314 0x085c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:42:30.0316 0x085c MSTEE - ok
10:42:30.0343 0x085c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:42:30.0347 0x085c MTConfig - ok
10:42:30.0372 0x085c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
10:42:30.0375 0x085c Mup - ok
10:42:30.0438 0x085c [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
10:42:30.0458 0x085c napagent - ok
10:42:30.0514 0x085c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:42:30.0540 0x085c NativeWifiP - ok
10:42:30.0633 0x085c [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:42:30.0679 0x085c NDIS - ok
10:42:30.0715 0x085c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:42:30.0732 0x085c NdisCap - ok
10:42:30.0760 0x085c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:42:30.0764 0x085c NdisTapi - ok
10:42:30.0801 0x085c [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:42:30.0805 0x085c Ndisuio - ok
10:42:30.0833 0x085c [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:42:30.0839 0x085c NdisWan - ok
10:42:30.0865 0x085c [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:42:30.0877 0x085c NDProxy - ok
10:42:30.0907 0x085c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:42:30.0912 0x085c NetBIOS - ok
10:42:30.0937 0x085c [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:42:30.0954 0x085c NetBT - ok
10:42:30.0971 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
10:42:30.0976 0x085c Netlogon - ok
10:42:31.0048 0x085c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
10:42:31.0075 0x085c Netman - ok
10:42:31.0124 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0157 0x085c NetMsmqActivator - ok
10:42:31.0175 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0183 0x085c NetPipeActivator - ok
10:42:31.0222 0x085c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
10:42:31.0248 0x085c netprofm - ok
10:42:31.0275 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0282 0x085c NetTcpActivator - ok
10:42:31.0315 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0322 0x085c NetTcpPortSharing - ok
10:42:31.0374 0x085c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:42:31.0378 0x085c nfrd960 - ok
10:42:31.0415 0x085c [ 6A83B8AF342E61DEE353BAA81F67B7DA, F883A69DC57A203CEF4A264ADA3669EFA11149FE479A32FF38A37C86D24D7DE7 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:42:31.0420 0x085c NisDrv - ok
10:42:31.0453 0x085c [ 877C975D6FED8B12C445312D1286771E, 2FD5F2FE0414D00B8E4EF389E1AD11356C14F700A906770B0AB88B464D963948 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:42:31.0467 0x085c NisSrv - ok
10:42:31.0509 0x085c [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:42:31.0535 0x085c NlaSvc - ok
10:42:31.0556 0x085c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:42:31.0559 0x085c Npfs - ok
10:42:31.0583 0x085c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
10:42:31.0590 0x085c nsi - ok
10:42:31.0609 0x085c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:42:31.0611 0x085c nsiproxy - ok
10:42:31.0711 0x085c [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:42:31.0787 0x085c Ntfs - ok
10:42:31.0810 0x085c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
10:42:31.0813 0x085c Null - ok
10:42:31.0851 0x085c [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:42:31.0858 0x085c nvraid - ok
10:42:31.0879 0x085c [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:42:31.0896 0x085c nvstor - ok
10:42:31.0927 0x085c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:42:31.0934 0x085c nv_agp - ok
10:42:31.0957 0x085c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:42:31.0970 0x085c ohci1394 - ok
10:42:32.0041 0x085c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:42:32.0058 0x085c ose - ok
10:42:32.0375 0x085c [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:42:32.0701 0x085c osppsvc - ok
10:42:33.0105 0x085c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:42:33.0177 0x085c p2pimsvc - ok
10:42:33.0503 0x085c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
10:42:33.0601 0x085c p2psvc - ok
10:42:33.0743 0x085c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\drivers\parport.sys
10:42:33.0972 0x085c Parport - ok
10:42:34.0118 0x085c [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:42:34.0210 0x085c partmgr - ok
10:42:34.0295 0x085c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:42:34.0391 0x085c Parvdm - ok
10:42:34.0541 0x085c [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:42:34.0611 0x085c PcaSvc - ok
10:42:34.0754 0x085c [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
10:42:34.0790 0x085c pci - ok
10:42:34.0958 0x085c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
10:42:34.0969 0x085c pciide - ok
10:42:35.0002 0x085c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:42:35.0017 0x085c pcmcia - ok
10:42:35.0040 0x085c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
10:42:35.0050 0x085c pcw - ok
10:42:35.0101 0x085c [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:42:35.0126 0x085c PEAUTH - ok
10:42:35.0221 0x085c [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:42:35.0299 0x085c PeerDistSvc - ok
10:42:35.0497 0x085c [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
10:42:35.0574 0x085c pla - ok
10:42:35.0643 0x085c [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:42:35.0675 0x085c PlugPlay - ok
10:42:35.0695 0x085c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:42:35.0700 0x085c PNRPAutoReg - ok
10:42:35.0740 0x085c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:42:35.0757 0x085c PNRPsvc - ok
10:42:35.0824 0x085c [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:42:35.0866 0x085c PolicyAgent - ok
10:42:35.0919 0x085c [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
10:42:35.0932 0x085c Power - ok
10:42:35.0980 0x085c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:42:35.0985 0x085c PptpMiniport - ok
10:42:36.0009 0x085c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
10:42:36.0014 0x085c Processor - ok
10:42:36.0050 0x085c [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:42:36.0068 0x085c ProfSvc - ok
10:42:36.0105 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:42:36.0110 0x085c ProtectedStorage - ok
10:42:36.0154 0x085c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:42:36.0173 0x085c Psched - ok
10:42:36.0274 0x085c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:42:36.0359 0x085c ql2300 - ok
10:42:36.0394 0x085c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:42:36.0415 0x085c ql40xx - ok
10:42:36.0600 0x085c QMIEProtect - ok
10:42:36.0609 0x085c QMUdisk - ok
10:42:36.0689 0x085c [ 5B56F95A13F51D5FA313475A9E33592A, E381FB559E60720AD892726F58B508CA7B636C4F5B36904F79C660D3FE22E8F9 ] QQPCRTP C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
10:42:36.0770 0x085c QQPCRTP - ok
10:42:36.0791 0x085c QQSysMon - ok
10:42:36.0863 0x085c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
10:42:36.0887 0x085c QWAVE - ok
10:42:36.0918 0x085c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:42:36.0923 0x085c QWAVEdrv - ok
10:42:36.0943 0x085c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:42:36.0946 0x085c RasAcd - ok
10:42:36.0996 0x085c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:42:37.0000 0x085c RasAgileVpn - ok
10:42:37.0044 0x085c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
10:42:37.0055 0x085c RasAuto - ok
10:42:37.0096 0x085c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:42:37.0101 0x085c Rasl2tp - ok
10:42:37.0166 0x085c [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
10:42:37.0192 0x085c RasMan - ok
10:42:37.0220 0x085c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:42:37.0226 0x085c RasPppoe - ok
10:42:37.0247 0x085c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:42:37.0251 0x085c RasSstp - ok
10:42:37.0282 0x085c [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:42:37.0298 0x085c rdbss - ok
10:42:37.0329 0x085c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:42:37.0341 0x085c rdpbus - ok
10:42:37.0361 0x085c [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:42:37.0363 0x085c RDPCDD - ok
10:42:37.0399 0x085c [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:42:37.0408 0x085c RDPDR - ok
10:42:37.0440 0x085c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:42:37.0443 0x085c RDPENCDD - ok
10:42:37.0462 0x085c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:42:37.0464 0x085c RDPREFMP - ok
10:42:37.0527 0x085c [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:42:37.0543 0x085c RdpVideoMiniport - ok
10:42:37.0605 0x085c [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:42:37.0623 0x085c RDPWD - ok
10:42:37.0671 0x085c [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:42:37.0688 0x085c rdyboost - ok
10:42:37.0724 0x085c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:42:37.0733 0x085c RemoteAccess - ok
10:42:37.0782 0x085c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:42:37.0799 0x085c RemoteRegistry - ok
10:42:37.0826 0x085c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:42:37.0847 0x085c RpcEptMapper - ok
10:42:37.0880 0x085c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
10:42:37.0886 0x085c RpcLocator - ok
10:42:37.0947 0x085c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
10:42:37.0969 0x085c RpcSs - ok
10:42:38.0000 0x085c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:42:38.0003 0x085c rspndr - ok
10:42:38.0029 0x085c [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:42:38.0055 0x085c s3cap - ok
10:42:38.0077 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
10:42:38.0082 0x085c SamSs - ok
10:42:38.0219 0x085c [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:42:38.0226 0x085c sbp2port - ok
10:42:38.0256 0x085c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:42:38.0271 0x085c SCardSvr - ok
10:42:38.0282 0x085c [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:42:38.0287 0x085c scfilter - ok
10:42:38.0360 0x085c [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
10:42:38.0410 0x085c Schedule - ok
10:42:38.0431 0x085c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:42:38.0436 0x085c SCPolicySvc - ok
10:42:38.0477 0x085c [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:42:38.0490 0x085c SDRSVC - ok
10:42:38.0528 0x085c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:42:38.0532 0x085c secdrv - ok
10:42:38.0558 0x085c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
10:42:38.0566 0x085c seclogon - ok
10:42:38.0585 0x085c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
10:42:38.0594 0x085c SENS - ok
10:42:38.0616 0x085c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:42:38.0625 0x085c SensrSvc - ok
10:42:38.0648 0x085c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:42:38.0652 0x085c Serenum - ok
10:42:38.0686 0x085c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\drivers\serial.sys
10:42:38.0692 0x085c Serial - ok
10:42:38.0715 0x085c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:42:38.0719 0x085c sermouse - ok
10:42:38.0776 0x085c [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
10:42:38.0789 0x085c SessionEnv - ok
10:42:38.0804 0x085c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:42:38.0807 0x085c sffdisk - ok
10:42:38.0825 0x085c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:42:38.0833 0x085c sffp_mmc - ok
10:42:38.0856 0x085c [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:42:38.0859 0x085c sffp_sd - ok
10:42:38.0878 0x085c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:42:41.0342 0x085c sfloppy - ok
10:42:41.0401 0x085c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:42:41.0452 0x085c SharedAccess - ok
10:42:41.0502 0x085c [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:42:41.0553 0x085c ShellHWDetection - ok
10:42:41.0602 0x085c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:42:41.0607 0x085c sisagp - ok
10:42:41.0658 0x085c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:42:41.0662 0x085c SiSRaid2 - ok
10:42:41.0685 0x085c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:42:41.0691 0x085c SiSRaid4 - ok
10:42:41.0733 0x085c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:42:41.0739 0x085c Smb - ok
10:42:41.0781 0x085c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:42:41.0791 0x085c SNMPTRAP - ok
10:42:41.0807 0x085c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
10:42:41.0810 0x085c spldr - ok
10:42:41.0874 0x085c [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
10:42:41.0899 0x085c Spooler - ok
10:42:42.0177 0x085c [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
10:42:42.0383 0x085c sppsvc - ok
10:42:42.0420 0x085c [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:42:42.0431 0x085c sppuinotify - ok
10:42:42.0475 0x085c [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:42:42.0525 0x085c srv - ok
10:42:42.0564 0x085c [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:42:42.0606 0x085c srv2 - ok
10:42:42.0647 0x085c [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:42:42.0673 0x085c srvnet - ok
10:42:42.0713 0x085c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:42:42.0731 0x085c SSDPSRV - ok
10:42:42.0769 0x085c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:42:42.0783 0x085c SstpSvc - ok
10:42:42.0855 0x085c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:42:42.0860 0x085c stexstor - ok
10:42:42.0918 0x085c [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
10:42:42.0954 0x085c StiSvc - ok
10:42:42.0982 0x085c [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:42:42.0986 0x085c storflt - ok
10:42:43.0022 0x085c [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
10:42:43.0030 0x085c StorSvc - ok
10:42:43.0055 0x085c [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:42:43.0061 0x085c storvsc - ok
10:42:43.0094 0x085c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:42:43.0097 0x085c swenum - ok
10:42:43.0142 0x085c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
10:42:43.0168 0x085c swprv - ok
10:42:43.0286 0x085c [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
10:42:43.0373 0x085c SysMain - ok
10:42:43.0415 0x085c [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
10:42:43.0425 0x085c TabletInputService - ok
10:42:43.0497 0x085c [ F05047626E0390FF2792835500F70920, EF5E65602387B69735DDD7A82F03FFD551A28308E81670543633C29057566AE0 ] TAOAccelerator C:\Windows\system32\Drivers\TAOAccelerator.sys
10:42:43.0510 0x085c TAOAccelerator - ok
10:42:43.0541 0x085c [ D1AC9003E39B6239792F844557ACD5E6, C8F54971F2B1231BEC1760B99ECEA27E0AD60AAA664428B5C278A3C7C024C756 ] TAOKernelDriver C:\Windows\system32\Drivers\TAOKernel.sys
10:42:43.0557 0x085c TAOKernelDriver - ok
10:42:43.0596 0x085c [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
10:42:43.0621 0x085c TapiSrv - ok
10:42:43.0642 0x085c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
10:42:43.0665 0x085c TBS - ok
10:42:43.0782 0x085c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:42:43.0865 0x085c Tcpip - ok
10:42:43.0976 0x085c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:42:44.0028 0x085c TCPIP6 - ok
10:42:44.0087 0x085c [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:42:44.0091 0x085c tcpipreg - ok
10:42:44.0130 0x085c [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:42:44.0134 0x085c TDPIPE - ok
10:42:44.0162 0x085c [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:42:44.0166 0x085c TDTCP - ok
10:42:44.0199 0x085c [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:42:44.0205 0x085c tdx - ok
10:42:44.0240 0x085c [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:42:44.0245 0x085c TermDD - ok
10:42:44.0303 0x085c [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
10:42:44.0353 0x085c TermService - ok
10:42:44.0471 0x085c [ 4E607FA5DF30D62EAB84E2D4745745F6, 61FE896F8774DFDD772367D3FAA398E6A513F3A1931FBB120E1E2D8347EA625B ] TFsFlt C:\Windows\system32\Drivers\TFsFlt.sys
10:42:44.0480 0x085c TFsFlt - ok
10:42:44.0528 0x085c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
10:42:44.0533 0x085c Themes - ok
10:42:44.0555 0x085c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
10:42:44.0560 0x085c THREADORDER - ok
10:42:44.0605 0x085c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
10:42:44.0620 0x085c TrkWks - ok
10:42:44.0706 0x085c [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:42:44.0740 0x085c TrustedInstaller - ok
10:42:44.0750 0x085c TS888 - ok
10:42:44.0813 0x085c [ DA5F124A8D025AFA1E44E231AD222B8B, 43DBAE62CC3929B53253782BB5229F339B109E568AEFB565081CEC386B2A7B02 ] TSDefenseBt C:\Windows\system32\DRIVERS\TSDefenseBt.sys
10:42:44.0815 0x085c TSDefenseBt - ok
10:42:44.0850 0x085c [ 25C7982D4294CB464606A24A5A0B3B44, 2AAEC324BA21F87CE6FD36307DE32CC15582AE946FB9F674FC669DCCA8B794B7 ] TsFltMgr C:\Windows\system32\drivers\TsFltMgr.sys
10:42:44.0866 0x085c TsFltMgr - ok
10:42:44.0875 0x085c TSKSP - ok
10:42:44.0911 0x085c [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:42:44.0937 0x085c tssecsrv - ok
10:42:44.0981 0x085c [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:42:44.0986 0x085c TsUsbFlt - ok
10:42:45.0013 0x085c [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:42:45.0017 0x085c TsUsbGD - ok
10:42:45.0066 0x085c [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:42:45.0073 0x085c tunnel - ok
10:42:45.0095 0x085c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:42:45.0100 0x085c uagp35 - ok
10:42:45.0138 0x085c [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:42:45.0154 0x085c udfs - ok
10:42:45.0192 0x085c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:42:45.0201 0x085c UI0Detect - ok
10:42:45.0235 0x085c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:42:45.0240 0x085c uliagpkx - ok
10:42:45.0282 0x085c [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:42:45.0286 0x085c umbus - ok
10:42:45.0315 0x085c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:42:45.0318 0x085c UmPass - ok
10:42:45.0356 0x085c [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
10:42:45.0374 0x085c UmRdpService - ok
10:42:45.0415 0x085c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
10:42:45.0440 0x085c upnphost - ok
10:42:45.0492 0x085c [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:42:45.0511 0x085c usbccgp - ok
10:42:45.0561 0x085c [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:42:45.0568 0x085c usbcir - ok
10:42:45.0603 0x085c [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:42:45.0607 0x085c usbehci - ok
10:42:45.0672 0x085c [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:42:45.0696 0x085c usbhub - ok
10:42:45.0715 0x085c [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:42:45.0719 0x085c usbohci - ok
10:42:45.0751 0x085c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:42:45.0755 0x085c usbprint - ok
10:42:45.0789 0x085c [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:42:46.0236 0x085c USBSTOR - ok
10:42:46.0273 0x085c [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:42:46.0277 0x085c usbuhci - ok
10:42:46.0303 0x085c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
10:42:46.0312 0x085c UxSms - ok
10:42:46.0331 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
10:42:46.0336 0x085c VaultSvc - ok
10:42:46.0378 0x085c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:42:46.0382 0x085c vdrvroot - ok
10:42:46.0430 0x085c [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
10:42:46.0465 0x085c vds - ok
10:42:46.0498 0x085c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:42:46.0501 0x085c vga - ok
10:42:46.0540 0x085c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:42:46.0542 0x085c VgaSave - ok
10:42:46.0582 0x085c [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:42:46.0600 0x085c vhdmp - ok
10:42:46.0631 0x085c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:42:46.0637 0x085c viaagp - ok
10:42:46.0663 0x085c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:42:46.0667 0x085c ViaC7 - ok
10:42:46.0708 0x085c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
10:42:46.0711 0x085c viaide - ok
10:42:46.0733 0x085c [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:42:46.0743 0x085c vmbus - ok
10:42:46.0772 0x085c [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:42:46.0792 0x085c VMBusHID - ok
10:42:46.0818 0x085c [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:42:46.0822 0x085c volmgr - ok
10:42:46.0853 0x085c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:42:46.0879 0x085c volmgrx - ok
10:42:46.0939 0x085c [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:42:46.0956 0x085c volsnap - ok
10:42:47.0006 0x085c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:42:47.0024 0x085c vsmraid - ok
10:42:47.0151 0x085c [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
10:42:47.0226 0x085c VSS - ok
10:42:47.0251 0x085c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:42:47.0255 0x085c vwifibus - ok
10:42:47.0311 0x085c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
10:42:47.0362 0x085c W32Time - ok
10:42:47.0399 0x085c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:42:47.0403 0x085c WacomPen - ok
10:42:47.0435 0x085c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:42:47.0440 0x085c WANARP - ok
10:42:47.0452 0x085c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:42:47.0456 0x085c Wanarpv6 - ok
10:42:47.0640 0x085c [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:42:47.0728 0x085c WatAdminSvc - ok
10:42:47.0924 0x085c [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
10:42:48.0009 0x085c wbengine - ok
10:42:48.0061 0x085c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:42:48.0078 0x085c WbioSrvc - ok
10:42:48.0123 0x085c [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:42:48.0148 0x085c wcncsvc - ok
10:42:48.0177 0x085c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:42:48.0188 0x085c WcsPlugInService - ok
10:42:48.0236 0x085c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
10:42:48.0240 0x085c Wd - ok
10:42:48.0293 0x085c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:42:48.0327 0x085c Wdf01000 - ok
10:42:48.0366 0x085c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:42:48.0376 0x085c WdiServiceHost - ok
10:42:48.0390 0x085c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:42:48.0401 0x085c WdiSystemHost - ok
10:42:48.0438 0x085c [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
10:42:48.0480 0x085c WebClient - ok
10:42:48.0529 0x085c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:42:48.0555 0x085c Wecsvc - ok
10:42:48.0582 0x085c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:42:48.0592 0x085c wercplsupport - ok
10:42:48.0642 0x085c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
10:42:48.0655 0x085c WerSvc - ok
10:42:48.0685 0x085c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:42:48.0688 0x085c WfpLwf - ok
10:42:48.0709 0x085c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:42:48.0713 0x085c WIMMount - ok
10:42:48.0799 0x085c [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:42:48.0868 0x085c WinDefend - ok
10:42:48.0918 0x085c WinHttpAutoProxySvc - ok
10:42:48.0991 0x085c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:42:49.0009 0x085c Winmgmt - ok
10:42:49.0116 0x085c [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
10:42:49.0200 0x085c WinRM - ok
10:42:49.0269 0x085c [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:42:49.0273 0x085c WinUsb - ok
10:42:49.0351 0x085c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:42:49.0446 0x085c Wlansvc - ok
10:42:49.0501 0x085c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:42:49.0504 0x085c WmiAcpi - ok
10:42:49.0556 0x085c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:42:49.0565 0x085c wmiApSrv - ok
10:42:49.0664 0x085c [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:42:49.0732 0x085c WMPNetworkSvc - ok
10:42:49.0761 0x085c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:42:49.0770 0x085c WPCSvc - ok
10:42:49.0795 0x085c [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:42:49.0808 0x085c WPDBusEnum - ok
10:42:49.0825 0x085c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:42:49.0829 0x085c ws2ifsl - ok
10:42:49.0853 0x085c [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
10:42:49.0865 0x085c wscsvc - ok
10:42:49.0875 0x085c WSearch - ok
10:42:50.0071 0x085c [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
10:42:50.0199 0x085c wuauserv - ok
10:42:50.0271 0x085c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:42:50.0283 0x085c WudfPf - ok
10:42:50.0325 0x085c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:42:50.0339 0x085c WUDFRd - ok
10:42:50.0379 0x085c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:42:50.0387 0x085c wudfsvc - ok
10:42:50.0429 0x085c [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
10:42:50.0446 0x085c WwanSvc - ok
10:42:50.0484 0x085c ================ Scan global ===============================
10:42:50.0515 0x085c [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
10:42:50.0545 0x085c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:42:50.0573 0x085c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:42:50.0617 0x085c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
10:42:50.0656 0x085c [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
10:42:50.0671 0x085c [ Global ] - ok
10:42:50.0672 0x085c ================ Scan MBR ==================================
10:42:50.0684 0x085c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:42:50.0868 0x085c \Device\Harddisk0\DR0 - ok
10:42:50.0869 0x085c ================ Scan VBR ==================================
10:42:50.0876 0x085c [ 72AEE4CCDFC0E5E59BC082E15A780779 ] \Device\Harddisk0\DR0\Partition1
10:42:50.0880 0x085c \Device\Harddisk0\DR0\Partition1 - ok
10:42:50.0889 0x085c [ FB19E6AE57A79E3FBF94589C27756AA8 ] \Device\Harddisk0\DR0\Partition2
10:42:50.0891 0x085c \Device\Harddisk0\DR0\Partition2 - ok
10:42:50.0895 0x085c ================ Scan generic autorun ======================
10:42:50.0977 0x085c [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] c:\Program Files\Microsoft Security Client\msseces.exe
10:42:51.0050 0x085c MSC - ok
10:42:51.0098 0x085c [ 68239842340DDFF8993DFD9127553EDA, 9FEC34A35D5A91FEF1C4859AFD0C2538C5CD3E1792FB118487368CFDF66CBCA0 ] C:\Windows\system32\igfxtray.exe
10:42:51.0127 0x085c IgfxTray - ok
10:42:51.0155 0x085c [ 004763BDF8E48244DBB9FDFDE3065EBC, AA88911C51D73C501C67F62A907425EF91D1820D3ED581F0952619EBB6216F14 ] C:\Windows\system32\hkcmd.exe
10:42:51.0171 0x085c HotKeysCmds - ok
10:42:51.0192 0x085c [ CD1102E5D340216138C7F56FA8D26998, 805BE128B6A52E304A91AD44B6A7322BAD5F72CD400DB5E74D8EF47424894266 ] C:\Windows\system32\igfxpers.exe
10:42:51.0208 0x085c Persistence - ok
10:42:51.0268 0x085c [ CBF182B8F76D28BFA4054D38D6551247, 3BB617DE6B424CB32CF2B0473777EF73199DA384EA5EB84888C6D38E0BAD2D4B ] C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
10:42:51.0317 0x085c QQPCTray - ok
10:42:51.0321 0x085c Waiting for KSN requests completion. In queue: 44
10:42:52.0322 0x085c Waiting for KSN requests completion. In queue: 44
10:42:53.0322 0x085c Waiting for KSN requests completion. In queue: 44
10:42:54.0616 0x085c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
10:42:54.0626 0x085c AV detected via SS2: 电脑管家系统防护, C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCMgr.exe ( ), 0x51000 ( enabled : updated )
10:42:54.0735 0x085c Win FW state via NFP2: enabled ( trusted )
10:42:57.0146 0x085c ============================================================
10:42:57.0146 0x085c Scan finished
10:42:57.0146 0x085c ============================================================
10:42:57.0181 0x0ac0 Detected object count: 0
10:42:57.0181 0x0ac0 Actual detected object count: 0
10:43:05.0131 0x0d0c Deinitialize success
Re: kontrla
tady je log z tdsskiller
10:41:50.0557 0x028c TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
10:41:54.0579 0x028c ============================================================
10:41:54.0579 0x028c Current date / time: 2016/01/19 10:41:54.0579
10:41:54.0579 0x028c SystemInfo:
10:41:54.0579 0x028c
10:41:54.0579 0x028c OS Version: 6.1.7601 ServicePack: 1.0
10:41:54.0580 0x028c Product type: Workstation
10:41:54.0580 0x028c ComputerName: ADMINHPC-PC
10:41:54.0580 0x028c UserName: Admin
10:41:54.0580 0x028c Windows directory: C:\Windows
10:41:54.0580 0x028c System windows directory: C:\Windows
10:41:54.0580 0x028c Processor architecture: Intel x86
10:41:54.0581 0x028c Number of processors: 2
10:41:54.0581 0x028c Page size: 0x1000
10:41:54.0581 0x028c Boot type: Normal boot
10:41:54.0581 0x028c ============================================================
10:41:58.0835 0x028c KLMD registered as C:\Windows\system32\drivers\42229146.sys
10:42:02.0260 0x028c System UUID: {72468CB9-0C70-61D0-6EC1-F310679A688F}
10:42:05.0355 0x028c Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:42:05.0495 0x028c ============================================================
10:42:05.0495 0x028c \Device\Harddisk0\DR0:
10:42:05.0495 0x028c MBR partitions:
10:42:05.0495 0x028c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:42:05.0495 0x028c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
10:42:05.0495 0x028c ============================================================
10:42:05.0524 0x028c C: <-> \Device\Harddisk0\DR0\Partition2
10:42:05.0644 0x028c ============================================================
10:42:05.0644 0x028c Initialize success
10:42:05.0645 0x028c ============================================================
10:42:09.0316 0x085c ============================================================
10:42:09.0317 0x085c Scan started
10:42:09.0317 0x085c Mode: Manual;
10:42:09.0317 0x085c ============================================================
10:42:09.0317 0x085c KSN ping started
10:42:14.0435 0x085c KSN ping finished: true
10:42:15.0282 0x085c ================ Scan system memory ========================
10:42:15.0282 0x085c System memory - ok
10:42:15.0283 0x085c ================ Scan services =============================
10:42:15.0568 0x085c [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:42:15.0615 0x085c 1394ohci - ok
10:42:15.0763 0x085c [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:42:15.0806 0x085c ACPI - ok
10:42:15.0834 0x085c [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:42:15.0878 0x085c AcpiPmi - ok
10:42:15.0966 0x085c [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:42:15.0971 0x085c AdobeARMservice - ok
10:42:16.0116 0x085c [ 84DB0A40692CF8A58D1E3710FA5D121F, 0C29C59CAF056C79F56957DB06A8CF480D5BD7BDF6A4F0E9A72653806CF154D0 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:42:16.0126 0x085c AdobeFlashPlayerUpdateSvc - ok
10:42:16.0187 0x085c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:42:16.0238 0x085c adp94xx - ok
10:42:16.0264 0x085c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:42:16.0295 0x085c adpahci - ok
10:42:16.0327 0x085c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:42:16.0381 0x085c adpu320 - ok
10:42:16.0420 0x085c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:42:16.0436 0x085c AeLookupSvc - ok
10:42:16.0500 0x085c [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
10:42:16.0543 0x085c AFD - ok
10:42:16.0570 0x085c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
10:42:16.0615 0x085c agp440 - ok
10:42:16.0643 0x085c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:42:16.0685 0x085c aic78xx - ok
10:42:16.0712 0x085c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
10:42:16.0718 0x085c ALG - ok
10:42:16.0748 0x085c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
10:42:16.0762 0x085c aliide - ok
10:42:16.0790 0x085c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:42:16.0793 0x085c amdagp - ok
10:42:16.0817 0x085c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
10:42:16.0849 0x085c amdide - ok
10:42:16.0869 0x085c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:42:16.0896 0x085c AmdK8 - ok
10:42:16.0909 0x085c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:42:16.0974 0x085c AmdPPM - ok
10:42:17.0007 0x085c [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:42:17.0023 0x085c amdsata - ok
10:42:17.0053 0x085c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:42:17.0104 0x085c amdsbs - ok
10:42:17.0150 0x085c [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:42:17.0165 0x085c amdxata - ok
10:42:17.0202 0x085c [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
10:42:17.0235 0x085c AppID - ok
10:42:17.0272 0x085c [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:42:17.0276 0x085c AppIDSvc - ok
10:42:17.0311 0x085c [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
10:42:17.0314 0x085c Appinfo - ok
10:42:17.0356 0x085c [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:42:17.0374 0x085c AppMgmt - ok
10:42:17.0410 0x085c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
10:42:17.0469 0x085c arc - ok
10:42:17.0486 0x085c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:42:17.0525 0x085c arcsas - ok
10:42:17.0626 0x085c [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:42:17.0683 0x085c aspnet_state - ok
10:42:17.0712 0x085c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:42:17.0733 0x085c AsyncMac - ok
10:42:17.0760 0x085c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
10:42:17.0819 0x085c atapi - ok
10:42:17.0876 0x085c [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:42:17.0912 0x085c AudioEndpointBuilder - ok
10:42:17.0943 0x085c [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:42:17.0964 0x085c Audiosrv - ok
10:42:18.0007 0x085c [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:42:18.0013 0x085c AxInstSV - ok
10:42:18.0101 0x085c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
10:42:18.0142 0x085c b06bdrv - ok
10:42:18.0193 0x085c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:42:18.0242 0x085c b57nd60x - ok
10:42:18.0268 0x085c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
10:42:18.0274 0x085c BDESVC - ok
10:42:18.0291 0x085c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
10:42:18.0312 0x085c Beep - ok
10:42:18.0373 0x085c [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
10:42:18.0407 0x085c BFE - ok
10:42:18.0569 0x085c [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\system32\qmgr.dll
10:42:18.0644 0x085c BITS - ok
10:42:18.0701 0x085c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:42:18.0742 0x085c blbdrive - ok
10:42:18.0775 0x085c [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:42:18.0780 0x085c bowser - ok
10:42:18.0802 0x085c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:42:18.0841 0x085c BrFiltLo - ok
10:42:18.0868 0x085c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:42:18.0884 0x085c BrFiltUp - ok
10:42:18.0910 0x085c [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:42:18.0934 0x085c BridgeMP - ok
10:42:18.0975 0x085c [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
10:42:19.0003 0x085c Browser - ok
10:42:19.0042 0x085c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:42:19.0084 0x085c Brserid - ok
10:42:19.0116 0x085c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:42:19.0130 0x085c BrSerWdm - ok
10:42:19.0154 0x085c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:42:19.0165 0x085c BrUsbMdm - ok
10:42:19.0187 0x085c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:42:19.0199 0x085c BrUsbSer - ok
10:42:19.0210 0x085c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:42:19.0231 0x085c BTHMODEM - ok
10:42:19.0286 0x085c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
10:42:19.0305 0x085c bthserv - ok
10:42:19.0500 0x085c catchme - ok
10:42:19.0534 0x085c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:42:19.0582 0x085c cdfs - ok
10:42:19.0634 0x085c [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:42:19.0812 0x085c cdrom - ok
10:42:19.0835 0x085c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
10:42:19.0841 0x085c CertPropSvc - ok
10:42:19.0860 0x085c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
10:42:19.0875 0x085c circlass - ok
10:42:19.0915 0x085c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
10:42:19.0931 0x085c CLFS - ok
10:42:20.0001 0x085c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:42:20.0012 0x085c clr_optimization_v2.0.50727_32 - ok
10:42:20.0051 0x085c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:42:20.0151 0x085c clr_optimization_v4.0.30319_32 - ok
10:42:20.0177 0x085c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:42:20.0213 0x085c CmBatt - ok
10:42:20.0238 0x085c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:42:20.0253 0x085c cmdide - ok
10:42:20.0318 0x085c [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
10:42:20.0343 0x085c CNG - ok
10:42:20.0359 0x085c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:42:20.0375 0x085c Compbatt - ok
10:42:20.0404 0x085c [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:42:20.0417 0x085c CompositeBus - ok
10:42:20.0439 0x085c COMSysApp - ok
10:42:20.0462 0x085c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:42:20.0465 0x085c crcdisk - ok
10:42:20.0511 0x085c [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:42:20.0529 0x085c CryptSvc - ok
10:42:20.0573 0x085c [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
10:42:20.0618 0x085c CSC - ok
10:42:20.0743 0x085c [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
10:42:20.0772 0x085c CscService - ok
10:42:20.0832 0x085c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
10:42:20.0875 0x085c DcomLaunch - ok
10:42:20.0913 0x085c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
10:42:20.0948 0x085c defragsvc - ok
10:42:20.0982 0x085c [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:42:21.0030 0x085c DfsC - ok
10:42:21.0080 0x085c [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:42:21.0155 0x085c Dhcp - ok
10:42:21.0181 0x085c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
10:42:21.0209 0x085c discache - ok
10:42:21.0250 0x085c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
10:42:21.0259 0x085c Disk - ok
10:42:21.0302 0x085c [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:42:21.0348 0x085c dmvsc - ok
10:42:21.0380 0x085c [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:42:21.0430 0x085c Dnscache - ok
10:42:21.0472 0x085c [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
10:42:21.0521 0x085c dot3svc - ok
10:42:21.0548 0x085c [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
10:42:21.0607 0x085c DPS - ok
10:42:21.0650 0x085c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:42:21.0708 0x085c drmkaud - ok
10:42:21.0772 0x085c [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:42:21.0833 0x085c DXGKrnl - ok
10:42:21.0870 0x085c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
10:42:21.0887 0x085c EapHost - ok
10:42:22.0127 0x085c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
10:42:22.0342 0x085c ebdrv - ok
10:42:22.0410 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
10:42:22.0422 0x085c EFS - ok
10:42:22.0679 0x085c [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:42:22.0724 0x085c ehRecvr - ok
10:42:22.0761 0x085c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
10:42:22.0776 0x085c ehSched - ok
10:42:22.0838 0x085c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:42:22.0881 0x085c elxstor - ok
10:42:22.0913 0x085c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:42:22.0928 0x085c ErrDev - ok
10:42:23.0014 0x085c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
10:42:23.0056 0x085c EventSystem - ok
10:42:23.0108 0x085c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
10:42:23.0131 0x085c exfat - ok
10:42:23.0213 0x085c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:42:23.0272 0x085c fastfat - ok
10:42:23.0504 0x085c [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
10:42:23.0535 0x085c Fax - ok
10:42:23.0576 0x085c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:42:23.0623 0x085c fdc - ok
10:42:23.0655 0x085c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
10:42:23.0686 0x085c fdPHost - ok
10:42:23.0709 0x085c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
10:42:23.0739 0x085c FDResPub - ok
10:42:23.0757 0x085c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:42:23.0776 0x085c FileInfo - ok
10:42:23.0811 0x085c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:42:23.0831 0x085c Filetrace - ok
10:42:23.0851 0x085c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:42:23.0878 0x085c flpydisk - ok
10:42:23.0944 0x085c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:42:23.0960 0x085c FltMgr - ok
10:42:24.0166 0x085c [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
10:42:24.0241 0x085c FontCache - ok
10:42:24.0317 0x085c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:42:24.0341 0x085c FontCache3.0.0.0 - ok
10:42:24.0365 0x085c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:42:24.0411 0x085c FsDepends - ok
10:42:24.0444 0x085c [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:42:24.0477 0x085c Fs_Rec - ok
10:42:24.0529 0x085c [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:42:24.0571 0x085c fvevol - ok
10:42:24.0613 0x085c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:42:24.0714 0x085c gagp30kx - ok
10:42:24.0775 0x085c [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
10:42:24.0852 0x085c gpsvc - ok
10:42:24.0996 0x085c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:42:25.0018 0x085c gupdate - ok
10:42:25.0033 0x085c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:42:25.0040 0x085c gupdatem - ok
10:42:25.0072 0x085c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:42:25.0136 0x085c hcw85cir - ok
10:42:25.0195 0x085c [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:42:25.0253 0x085c HdAudAddService - ok
10:42:25.0304 0x085c [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:42:25.0325 0x085c HDAudBus - ok
10:42:25.0374 0x085c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:42:25.0386 0x085c HidBatt - ok
10:42:25.0411 0x085c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:42:25.0456 0x085c HidBth - ok
10:42:25.0504 0x085c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
10:42:25.0526 0x085c HidIr - ok
10:42:25.0579 0x085c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
10:42:25.0590 0x085c hidserv - ok
10:42:25.0630 0x085c [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:42:25.0659 0x085c HidUsb - ok
10:42:25.0691 0x085c [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
10:42:25.0702 0x085c hkmsvc - ok
10:42:25.0751 0x085c [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:42:25.0773 0x085c HomeGroupListener - ok
10:42:25.0815 0x085c [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:42:25.0829 0x085c HomeGroupProvider - ok
10:42:25.0893 0x085c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:42:25.0900 0x085c HpSAMD - ok
10:42:25.0987 0x085c [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:42:26.0030 0x085c HTTP - ok
10:42:26.0071 0x085c [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:42:26.0083 0x085c hwpolicy - ok
10:42:26.0132 0x085c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:42:26.0137 0x085c i8042prt - ok
10:42:26.0201 0x085c [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:42:26.0218 0x085c iaStorV - ok
10:42:26.0349 0x085c [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:42:26.0418 0x085c idsvc - ok
10:42:26.0509 0x085c IEEtwCollectorService - ok
10:42:27.0104 0x085c [ 9467514EA189475A6E7FDC5D7BDE9D3F, E6F5B99BF6B614832770F9310B06334A8174C7660DDEC7589433640527A14683 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
10:42:27.0366 0x085c igfx - ok
10:42:27.0425 0x085c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:42:27.0430 0x085c iirsp - ok
10:42:27.0509 0x085c [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
10:42:27.0555 0x085c IKEEXT - ok
10:42:27.0598 0x085c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
10:42:27.0600 0x085c intelide - ok
10:42:27.0625 0x085c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:42:27.0629 0x085c intelppm - ok
10:42:27.0663 0x085c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:42:27.0670 0x085c IPBusEnum - ok
10:42:27.0694 0x085c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:42:27.0699 0x085c IpFilterDriver - ok
10:42:27.0760 0x085c [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:42:27.0803 0x085c iphlpsvc - ok
10:42:27.0832 0x085c [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:42:27.0845 0x085c IPMIDRV - ok
10:42:27.0872 0x085c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:42:27.0878 0x085c IPNAT - ok
10:42:27.0915 0x085c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:42:27.0917 0x085c IRENUM - ok
10:42:27.0940 0x085c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:42:27.0944 0x085c isapnp - ok
10:42:28.0001 0x085c [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:42:28.0014 0x085c iScsiPrt - ok
10:42:28.0052 0x085c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:42:28.0055 0x085c kbdclass - ok
10:42:28.0104 0x085c [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:42:28.0106 0x085c kbdhid - ok
10:42:28.0125 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
10:42:28.0130 0x085c KeyIso - ok
10:42:28.0174 0x085c [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:42:28.0179 0x085c KSecDD - ok
10:42:28.0210 0x085c [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:42:28.0227 0x085c KSecPkg - ok
10:42:28.0279 0x085c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:42:28.0305 0x085c KtmRm - ok
10:42:28.0338 0x085c [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:42:28.0373 0x085c LanmanServer - ok
10:42:28.0410 0x085c [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:42:28.0454 0x085c LanmanWorkstation - ok
10:42:28.0496 0x085c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:42:28.0500 0x085c lltdio - ok
10:42:28.0574 0x085c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:42:28.0588 0x085c lltdsvc - ok
10:42:28.0609 0x085c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:42:28.0615 0x085c lmhosts - ok
10:42:28.0659 0x085c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:42:28.0665 0x085c LSI_FC - ok
10:42:28.0688 0x085c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:42:28.0695 0x085c LSI_SAS - ok
10:42:28.0708 0x085c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:42:28.0715 0x085c LSI_SAS2 - ok
10:42:28.0738 0x085c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:42:28.0745 0x085c LSI_SCSI - ok
10:42:28.0788 0x085c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
10:42:28.0792 0x085c luafv - ok
10:42:28.0820 0x085c [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:42:28.0829 0x085c Mcx2Svc - ok
10:42:28.0840 0x085c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
10:42:28.0847 0x085c megasas - ok
10:42:28.0870 0x085c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:42:28.0883 0x085c MegaSR - ok
10:42:28.0944 0x085c Microsoft SharePoint Workspace Audit Service - ok
10:42:28.0963 0x085c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
10:42:28.0970 0x085c MMCSS - ok
10:42:28.0987 0x085c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
10:42:28.0991 0x085c Modem - ok
10:42:29.0022 0x085c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:42:29.0025 0x085c monitor - ok
10:42:29.0043 0x085c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:42:29.0046 0x085c mouclass - ok
10:42:29.0075 0x085c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\drivers\mouhid.sys
10:42:29.0086 0x085c mouhid - ok
10:42:29.0110 0x085c [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:42:29.0116 0x085c mountmgr - ok
10:42:29.0181 0x085c [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:42:29.0208 0x085c MpFilter - ok
10:42:29.0227 0x085c [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
10:42:29.0235 0x085c mpio - ok
10:42:29.0404 0x085c [ BB7BB66A8DAF16950F83AE7BF498AF8F, A96FC3BE055C52B98E7ECDF68D69081620F829B04B5496C73D87F271E40EA638 ] MpKsl49b9e412 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7A6A2DC-4510-43E7-96F1-D4A4E1E7717B}\MpKsl49b9e412.sys
10:42:29.0408 0x085c MpKsl49b9e412 - ok
10:42:29.0438 0x085c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:42:29.0452 0x085c mpsdrv - ok
10:42:29.0508 0x085c [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:42:29.0551 0x085c MpsSvc - ok
10:42:29.0605 0x085c [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:42:29.0623 0x085c MRxDAV - ok
10:42:29.0659 0x085c [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:42:29.0676 0x085c mrxsmb - ok
10:42:29.0723 0x085c [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:42:29.0741 0x085c mrxsmb10 - ok
10:42:29.0776 0x085c [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:42:29.0782 0x085c mrxsmb20 - ok
10:42:29.0814 0x085c [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
10:42:29.0818 0x085c msahci - ok
10:42:29.0853 0x085c [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:42:29.0863 0x085c msdsm - ok
10:42:29.0891 0x085c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
10:42:29.0902 0x085c MSDTC - ok
10:42:29.0937 0x085c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:42:29.0940 0x085c Msfs - ok
10:42:29.0975 0x085c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:42:29.0978 0x085c mshidkmdf - ok
10:42:29.0995 0x085c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:42:29.0998 0x085c msisadrv - ok
10:42:30.0038 0x085c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:42:30.0048 0x085c MSiSCSI - ok
10:42:30.0059 0x085c msiserver - ok
10:42:30.0094 0x085c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:42:30.0097 0x085c MSKSSRV - ok
10:42:30.0165 0x085c [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:42:30.0176 0x085c MsMpSvc - ok
10:42:30.0202 0x085c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:42:30.0205 0x085c MSPCLOCK - ok
10:42:30.0217 0x085c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:42:30.0220 0x085c MSPQM - ok
10:42:30.0248 0x085c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:42:30.0265 0x085c MsRPC - ok
10:42:30.0289 0x085c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:42:30.0292 0x085c mssmbios - ok
10:42:30.0314 0x085c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:42:30.0316 0x085c MSTEE - ok
10:42:30.0343 0x085c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:42:30.0347 0x085c MTConfig - ok
10:42:30.0372 0x085c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
10:42:30.0375 0x085c Mup - ok
10:42:30.0438 0x085c [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
10:42:30.0458 0x085c napagent - ok
10:42:30.0514 0x085c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:42:30.0540 0x085c NativeWifiP - ok
10:42:30.0633 0x085c [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:42:30.0679 0x085c NDIS - ok
10:42:30.0715 0x085c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:42:30.0732 0x085c NdisCap - ok
10:42:30.0760 0x085c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:42:30.0764 0x085c NdisTapi - ok
10:42:30.0801 0x085c [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:42:30.0805 0x085c Ndisuio - ok
10:42:30.0833 0x085c [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:42:30.0839 0x085c NdisWan - ok
10:42:30.0865 0x085c [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:42:30.0877 0x085c NDProxy - ok
10:42:30.0907 0x085c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:42:30.0912 0x085c NetBIOS - ok
10:42:30.0937 0x085c [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:42:30.0954 0x085c NetBT - ok
10:42:30.0971 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
10:42:30.0976 0x085c Netlogon - ok
10:42:31.0048 0x085c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
10:42:31.0075 0x085c Netman - ok
10:42:31.0124 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0157 0x085c NetMsmqActivator - ok
10:42:31.0175 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0183 0x085c NetPipeActivator - ok
10:42:31.0222 0x085c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
10:42:31.0248 0x085c netprofm - ok
10:42:31.0275 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0282 0x085c NetTcpActivator - ok
10:42:31.0315 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0322 0x085c NetTcpPortSharing - ok
10:42:31.0374 0x085c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:42:31.0378 0x085c nfrd960 - ok
10:42:31.0415 0x085c [ 6A83B8AF342E61DEE353BAA81F67B7DA, F883A69DC57A203CEF4A264ADA3669EFA11149FE479A32FF38A37C86D24D7DE7 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:42:31.0420 0x085c NisDrv - ok
10:42:31.0453 0x085c [ 877C975D6FED8B12C445312D1286771E, 2FD5F2FE0414D00B8E4EF389E1AD11356C14F700A906770B0AB88B464D963948 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:42:31.0467 0x085c NisSrv - ok
10:42:31.0509 0x085c [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:42:31.0535 0x085c NlaSvc - ok
10:42:31.0556 0x085c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:42:31.0559 0x085c Npfs - ok
10:42:31.0583 0x085c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
10:42:31.0590 0x085c nsi - ok
10:42:31.0609 0x085c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:42:31.0611 0x085c nsiproxy - ok
10:42:31.0711 0x085c [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:42:31.0787 0x085c Ntfs - ok
10:42:31.0810 0x085c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
10:42:31.0813 0x085c Null - ok
10:42:31.0851 0x085c [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:42:31.0858 0x085c nvraid - ok
10:42:31.0879 0x085c [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:42:31.0896 0x085c nvstor - ok
10:42:31.0927 0x085c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:42:31.0934 0x085c nv_agp - ok
10:42:31.0957 0x085c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:42:31.0970 0x085c ohci1394 - ok
10:42:32.0041 0x085c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:42:32.0058 0x085c ose - ok
10:42:32.0375 0x085c [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:42:32.0701 0x085c osppsvc - ok
10:42:33.0105 0x085c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:42:33.0177 0x085c p2pimsvc - ok
10:42:33.0503 0x085c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
10:42:33.0601 0x085c p2psvc - ok
10:42:33.0743 0x085c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\drivers\parport.sys
10:42:33.0972 0x085c Parport - ok
10:42:34.0118 0x085c [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:42:34.0210 0x085c partmgr - ok
10:42:34.0295 0x085c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:42:34.0391 0x085c Parvdm - ok
10:42:34.0541 0x085c [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:42:34.0611 0x085c PcaSvc - ok
10:42:34.0754 0x085c [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
10:42:34.0790 0x085c pci - ok
10:42:34.0958 0x085c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
10:42:34.0969 0x085c pciide - ok
10:42:35.0002 0x085c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:42:35.0017 0x085c pcmcia - ok
10:42:35.0040 0x085c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
10:42:35.0050 0x085c pcw - ok
10:42:35.0101 0x085c [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:42:35.0126 0x085c PEAUTH - ok
10:42:35.0221 0x085c [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:42:35.0299 0x085c PeerDistSvc - ok
10:42:35.0497 0x085c [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
10:42:35.0574 0x085c pla - ok
10:42:35.0643 0x085c [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:42:35.0675 0x085c PlugPlay - ok
10:42:35.0695 0x085c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:42:35.0700 0x085c PNRPAutoReg - ok
10:42:35.0740 0x085c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:42:35.0757 0x085c PNRPsvc - ok
10:42:35.0824 0x085c [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:42:35.0866 0x085c PolicyAgent - ok
10:42:35.0919 0x085c [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
10:42:35.0932 0x085c Power - ok
10:42:35.0980 0x085c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:42:35.0985 0x085c PptpMiniport - ok
10:42:36.0009 0x085c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
10:42:36.0014 0x085c Processor - ok
10:42:36.0050 0x085c [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:42:36.0068 0x085c ProfSvc - ok
10:42:36.0105 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:42:36.0110 0x085c ProtectedStorage - ok
10:42:36.0154 0x085c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:42:36.0173 0x085c Psched - ok
10:42:36.0274 0x085c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:42:36.0359 0x085c ql2300 - ok
10:42:36.0394 0x085c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:42:36.0415 0x085c ql40xx - ok
10:42:36.0600 0x085c QMIEProtect - ok
10:42:36.0609 0x085c QMUdisk - ok
10:42:36.0689 0x085c [ 5B56F95A13F51D5FA313475A9E33592A, E381FB559E60720AD892726F58B508CA7B636C4F5B36904F79C660D3FE22E8F9 ] QQPCRTP C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
10:42:36.0770 0x085c QQPCRTP - ok
10:42:36.0791 0x085c QQSysMon - ok
10:42:36.0863 0x085c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
10:42:36.0887 0x085c QWAVE - ok
10:42:36.0918 0x085c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:42:36.0923 0x085c QWAVEdrv - ok
10:42:36.0943 0x085c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:42:36.0946 0x085c RasAcd - ok
10:42:36.0996 0x085c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:42:37.0000 0x085c RasAgileVpn - ok
10:42:37.0044 0x085c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
10:42:37.0055 0x085c RasAuto - ok
10:42:37.0096 0x085c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:42:37.0101 0x085c Rasl2tp - ok
10:42:37.0166 0x085c [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
10:42:37.0192 0x085c RasMan - ok
10:42:37.0220 0x085c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:42:37.0226 0x085c RasPppoe - ok
10:42:37.0247 0x085c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:42:37.0251 0x085c RasSstp - ok
10:42:37.0282 0x085c [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:42:37.0298 0x085c rdbss - ok
10:42:37.0329 0x085c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:42:37.0341 0x085c rdpbus - ok
10:42:37.0361 0x085c [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:42:37.0363 0x085c RDPCDD - ok
10:42:37.0399 0x085c [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:42:37.0408 0x085c RDPDR - ok
10:42:37.0440 0x085c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:42:37.0443 0x085c RDPENCDD - ok
10:42:37.0462 0x085c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:42:37.0464 0x085c RDPREFMP - ok
10:42:37.0527 0x085c [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:42:37.0543 0x085c RdpVideoMiniport - ok
10:42:37.0605 0x085c [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:42:37.0623 0x085c RDPWD - ok
10:42:37.0671 0x085c [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:42:37.0688 0x085c rdyboost - ok
10:42:37.0724 0x085c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:42:37.0733 0x085c RemoteAccess - ok
10:42:37.0782 0x085c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:42:37.0799 0x085c RemoteRegistry - ok
10:42:37.0826 0x085c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:42:37.0847 0x085c RpcEptMapper - ok
10:42:37.0880 0x085c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
10:42:37.0886 0x085c RpcLocator - ok
10:42:37.0947 0x085c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
10:42:37.0969 0x085c RpcSs - ok
10:42:38.0000 0x085c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:42:38.0003 0x085c rspndr - ok
10:42:38.0029 0x085c [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:42:38.0055 0x085c s3cap - ok
10:42:38.0077 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
10:42:38.0082 0x085c SamSs - ok
10:42:38.0219 0x085c [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:42:38.0226 0x085c sbp2port - ok
10:42:38.0256 0x085c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:42:38.0271 0x085c SCardSvr - ok
10:42:38.0282 0x085c [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:42:38.0287 0x085c scfilter - ok
10:42:38.0360 0x085c [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
10:42:38.0410 0x085c Schedule - ok
10:42:38.0431 0x085c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:42:38.0436 0x085c SCPolicySvc - ok
10:42:38.0477 0x085c [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:42:38.0490 0x085c SDRSVC - ok
10:42:38.0528 0x085c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:42:38.0532 0x085c secdrv - ok
10:42:38.0558 0x085c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
10:42:38.0566 0x085c seclogon - ok
10:42:38.0585 0x085c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
10:42:38.0594 0x085c SENS - ok
10:42:38.0616 0x085c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:42:38.0625 0x085c SensrSvc - ok
10:42:38.0648 0x085c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:42:38.0652 0x085c Serenum - ok
10:42:38.0686 0x085c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\drivers\serial.sys
10:42:38.0692 0x085c Serial - ok
10:42:38.0715 0x085c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:42:38.0719 0x085c sermouse - ok
10:42:38.0776 0x085c [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
10:42:38.0789 0x085c SessionEnv - ok
10:42:38.0804 0x085c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:42:38.0807 0x085c sffdisk - ok
10:42:38.0825 0x085c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:42:38.0833 0x085c sffp_mmc - ok
10:42:38.0856 0x085c [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:42:38.0859 0x085c sffp_sd - ok
10:42:38.0878 0x085c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:42:41.0342 0x085c sfloppy - ok
10:42:41.0401 0x085c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:42:41.0452 0x085c SharedAccess - ok
10:42:41.0502 0x085c [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:42:41.0553 0x085c ShellHWDetection - ok
10:42:41.0602 0x085c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:42:41.0607 0x085c sisagp - ok
10:42:41.0658 0x085c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:42:41.0662 0x085c SiSRaid2 - ok
10:42:41.0685 0x085c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:42:41.0691 0x085c SiSRaid4 - ok
10:42:41.0733 0x085c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:42:41.0739 0x085c Smb - ok
10:42:41.0781 0x085c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:42:41.0791 0x085c SNMPTRAP - ok
10:42:41.0807 0x085c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
10:42:41.0810 0x085c spldr - ok
10:42:41.0874 0x085c [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
10:42:41.0899 0x085c Spooler - ok
10:42:42.0177 0x085c [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
10:42:42.0383 0x085c sppsvc - ok
10:42:42.0420 0x085c [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:42:42.0431 0x085c sppuinotify - ok
10:42:42.0475 0x085c [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:42:42.0525 0x085c srv - ok
10:42:42.0564 0x085c [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:42:42.0606 0x085c srv2 - ok
10:42:42.0647 0x085c [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:42:42.0673 0x085c srvnet - ok
10:42:42.0713 0x085c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:42:42.0731 0x085c SSDPSRV - ok
10:42:42.0769 0x085c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:42:42.0783 0x085c SstpSvc - ok
10:42:42.0855 0x085c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:42:42.0860 0x085c stexstor - ok
10:42:42.0918 0x085c [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
10:42:42.0954 0x085c StiSvc - ok
10:42:42.0982 0x085c [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:42:42.0986 0x085c storflt - ok
10:42:43.0022 0x085c [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
10:42:43.0030 0x085c StorSvc - ok
10:42:43.0055 0x085c [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:42:43.0061 0x085c storvsc - ok
10:42:43.0094 0x085c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:42:43.0097 0x085c swenum - ok
10:42:43.0142 0x085c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
10:42:43.0168 0x085c swprv - ok
10:42:43.0286 0x085c [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
10:42:43.0373 0x085c SysMain - ok
10:42:43.0415 0x085c [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
10:42:43.0425 0x085c TabletInputService - ok
10:42:43.0497 0x085c [ F05047626E0390FF2792835500F70920, EF5E65602387B69735DDD7A82F03FFD551A28308E81670543633C29057566AE0 ] TAOAccelerator C:\Windows\system32\Drivers\TAOAccelerator.sys
10:42:43.0510 0x085c TAOAccelerator - ok
10:42:43.0541 0x085c [ D1AC9003E39B6239792F844557ACD5E6, C8F54971F2B1231BEC1760B99ECEA27E0AD60AAA664428B5C278A3C7C024C756 ] TAOKernelDriver C:\Windows\system32\Drivers\TAOKernel.sys
10:42:43.0557 0x085c TAOKernelDriver - ok
10:42:43.0596 0x085c [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
10:42:43.0621 0x085c TapiSrv - ok
10:42:43.0642 0x085c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
10:42:43.0665 0x085c TBS - ok
10:42:43.0782 0x085c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:42:43.0865 0x085c Tcpip - ok
10:42:43.0976 0x085c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:42:44.0028 0x085c TCPIP6 - ok
10:42:44.0087 0x085c [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:42:44.0091 0x085c tcpipreg - ok
10:42:44.0130 0x085c [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:42:44.0134 0x085c TDPIPE - ok
10:42:44.0162 0x085c [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:42:44.0166 0x085c TDTCP - ok
10:42:44.0199 0x085c [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:42:44.0205 0x085c tdx - ok
10:42:44.0240 0x085c [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:42:44.0245 0x085c TermDD - ok
10:42:44.0303 0x085c [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
10:42:44.0353 0x085c TermService - ok
10:42:44.0471 0x085c [ 4E607FA5DF30D62EAB84E2D4745745F6, 61FE896F8774DFDD772367D3FAA398E6A513F3A1931FBB120E1E2D8347EA625B ] TFsFlt C:\Windows\system32\Drivers\TFsFlt.sys
10:42:44.0480 0x085c TFsFlt - ok
10:42:44.0528 0x085c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
10:42:44.0533 0x085c Themes - ok
10:42:44.0555 0x085c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
10:42:44.0560 0x085c THREADORDER - ok
10:42:44.0605 0x085c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
10:42:44.0620 0x085c TrkWks - ok
10:42:44.0706 0x085c [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:42:44.0740 0x085c TrustedInstaller - ok
10:42:44.0750 0x085c TS888 - ok
10:42:44.0813 0x085c [ DA5F124A8D025AFA1E44E231AD222B8B, 43DBAE62CC3929B53253782BB5229F339B109E568AEFB565081CEC386B2A7B02 ] TSDefenseBt C:\Windows\system32\DRIVERS\TSDefenseBt.sys
10:42:44.0815 0x085c TSDefenseBt - ok
10:42:44.0850 0x085c [ 25C7982D4294CB464606A24A5A0B3B44, 2AAEC324BA21F87CE6FD36307DE32CC15582AE946FB9F674FC669DCCA8B794B7 ] TsFltMgr C:\Windows\system32\drivers\TsFltMgr.sys
10:42:44.0866 0x085c TsFltMgr - ok
10:42:44.0875 0x085c TSKSP - ok
10:42:44.0911 0x085c [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:42:44.0937 0x085c tssecsrv - ok
10:42:44.0981 0x085c [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:42:44.0986 0x085c TsUsbFlt - ok
10:42:45.0013 0x085c [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:42:45.0017 0x085c TsUsbGD - ok
10:42:45.0066 0x085c [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:42:45.0073 0x085c tunnel - ok
10:42:45.0095 0x085c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:42:45.0100 0x085c uagp35 - ok
10:42:45.0138 0x085c [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:42:45.0154 0x085c udfs - ok
10:42:45.0192 0x085c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:42:45.0201 0x085c UI0Detect - ok
10:42:45.0235 0x085c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:42:45.0240 0x085c uliagpkx - ok
10:42:45.0282 0x085c [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:42:45.0286 0x085c umbus - ok
10:42:45.0315 0x085c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:42:45.0318 0x085c UmPass - ok
10:42:45.0356 0x085c [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
10:42:45.0374 0x085c UmRdpService - ok
10:42:45.0415 0x085c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
10:42:45.0440 0x085c upnphost - ok
10:42:45.0492 0x085c [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:42:45.0511 0x085c usbccgp - ok
10:42:45.0561 0x085c [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:42:45.0568 0x085c usbcir - ok
10:42:45.0603 0x085c [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:42:45.0607 0x085c usbehci - ok
10:42:45.0672 0x085c [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:42:45.0696 0x085c usbhub - ok
10:42:45.0715 0x085c [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:42:45.0719 0x085c usbohci - ok
10:42:45.0751 0x085c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:42:45.0755 0x085c usbprint - ok
10:42:45.0789 0x085c [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:42:46.0236 0x085c USBSTOR - ok
10:42:46.0273 0x085c [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:42:46.0277 0x085c usbuhci - ok
10:42:46.0303 0x085c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
10:42:46.0312 0x085c UxSms - ok
10:42:46.0331 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
10:42:46.0336 0x085c VaultSvc - ok
10:42:46.0378 0x085c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:42:46.0382 0x085c vdrvroot - ok
10:42:46.0430 0x085c [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
10:42:46.0465 0x085c vds - ok
10:42:46.0498 0x085c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:42:46.0501 0x085c vga - ok
10:42:46.0540 0x085c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:42:46.0542 0x085c VgaSave - ok
10:42:46.0582 0x085c [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:42:46.0600 0x085c vhdmp - ok
10:42:46.0631 0x085c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:42:46.0637 0x085c viaagp - ok
10:42:46.0663 0x085c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:42:46.0667 0x085c ViaC7 - ok
10:42:46.0708 0x085c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
10:42:46.0711 0x085c viaide - ok
10:42:46.0733 0x085c [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:42:46.0743 0x085c vmbus - ok
10:42:46.0772 0x085c [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:42:46.0792 0x085c VMBusHID - ok
10:42:46.0818 0x085c [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:42:46.0822 0x085c volmgr - ok
10:42:46.0853 0x085c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:42:46.0879 0x085c volmgrx - ok
10:42:46.0939 0x085c [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:42:46.0956 0x085c volsnap - ok
10:42:47.0006 0x085c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:42:47.0024 0x085c vsmraid - ok
10:42:47.0151 0x085c [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
10:42:47.0226 0x085c VSS - ok
10:42:47.0251 0x085c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:42:47.0255 0x085c vwifibus - ok
10:42:47.0311 0x085c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
10:42:47.0362 0x085c W32Time - ok
10:42:47.0399 0x085c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:42:47.0403 0x085c WacomPen - ok
10:42:47.0435 0x085c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:42:47.0440 0x085c WANARP - ok
10:42:47.0452 0x085c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:42:47.0456 0x085c Wanarpv6 - ok
10:42:47.0640 0x085c [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:42:47.0728 0x085c WatAdminSvc - ok
10:42:47.0924 0x085c [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
10:42:48.0009 0x085c wbengine - ok
10:42:48.0061 0x085c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:42:48.0078 0x085c WbioSrvc - ok
10:42:48.0123 0x085c [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:42:48.0148 0x085c wcncsvc - ok
10:42:48.0177 0x085c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:42:48.0188 0x085c WcsPlugInService - ok
10:42:48.0236 0x085c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
10:42:48.0240 0x085c Wd - ok
10:42:48.0293 0x085c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:42:48.0327 0x085c Wdf01000 - ok
10:42:48.0366 0x085c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:42:48.0376 0x085c WdiServiceHost - ok
10:42:48.0390 0x085c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:42:48.0401 0x085c WdiSystemHost - ok
10:42:48.0438 0x085c [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
10:42:48.0480 0x085c WebClient - ok
10:42:48.0529 0x085c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:42:48.0555 0x085c Wecsvc - ok
10:42:48.0582 0x085c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:42:48.0592 0x085c wercplsupport - ok
10:42:48.0642 0x085c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
10:42:48.0655 0x085c WerSvc - ok
10:42:48.0685 0x085c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:42:48.0688 0x085c WfpLwf - ok
10:42:48.0709 0x085c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:42:48.0713 0x085c WIMMount - ok
10:42:48.0799 0x085c [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:42:48.0868 0x085c WinDefend - ok
10:42:48.0918 0x085c WinHttpAutoProxySvc - ok
10:42:48.0991 0x085c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:42:49.0009 0x085c Winmgmt - ok
10:42:49.0116 0x085c [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
10:42:49.0200 0x085c WinRM - ok
10:42:49.0269 0x085c [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:42:49.0273 0x085c WinUsb - ok
10:42:49.0351 0x085c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:42:49.0446 0x085c Wlansvc - ok
10:42:49.0501 0x085c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:42:49.0504 0x085c WmiAcpi - ok
10:42:49.0556 0x085c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:42:49.0565 0x085c wmiApSrv - ok
10:42:49.0664 0x085c [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:42:49.0732 0x085c WMPNetworkSvc - ok
10:42:49.0761 0x085c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:42:49.0770 0x085c WPCSvc - ok
10:42:49.0795 0x085c [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:42:49.0808 0x085c WPDBusEnum - ok
10:42:49.0825 0x085c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:42:49.0829 0x085c ws2ifsl - ok
10:42:49.0853 0x085c [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
10:42:49.0865 0x085c wscsvc - ok
10:42:49.0875 0x085c WSearch - ok
10:42:50.0071 0x085c [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
10:42:50.0199 0x085c wuauserv - ok
10:42:50.0271 0x085c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:42:50.0283 0x085c WudfPf - ok
10:42:50.0325 0x085c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:42:50.0339 0x085c WUDFRd - ok
10:42:50.0379 0x085c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:42:50.0387 0x085c wudfsvc - ok
10:42:50.0429 0x085c [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
10:42:50.0446 0x085c WwanSvc - ok
10:42:50.0484 0x085c ================ Scan global ===============================
10:42:50.0515 0x085c [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
10:42:50.0545 0x085c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:42:50.0573 0x085c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:42:50.0617 0x085c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
10:42:50.0656 0x085c [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
10:42:50.0671 0x085c [ Global ] - ok
10:42:50.0672 0x085c ================ Scan MBR ==================================
10:42:50.0684 0x085c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:42:50.0868 0x085c \Device\Harddisk0\DR0 - ok
10:42:50.0869 0x085c ================ Scan VBR ==================================
10:42:50.0876 0x085c [ 72AEE4CCDFC0E5E59BC082E15A780779 ] \Device\Harddisk0\DR0\Partition1
10:42:50.0880 0x085c \Device\Harddisk0\DR0\Partition1 - ok
10:42:50.0889 0x085c [ FB19E6AE57A79E3FBF94589C27756AA8 ] \Device\Harddisk0\DR0\Partition2
10:42:50.0891 0x085c \Device\Harddisk0\DR0\Partition2 - ok
10:42:50.0895 0x085c ================ Scan generic autorun ======================
10:42:50.0977 0x085c [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] c:\Program Files\Microsoft Security Client\msseces.exe
10:42:51.0050 0x085c MSC - ok
10:42:51.0098 0x085c [ 68239842340DDFF8993DFD9127553EDA, 9FEC34A35D5A91FEF1C4859AFD0C2538C5CD3E1792FB118487368CFDF66CBCA0 ] C:\Windows\system32\igfxtray.exe
10:42:51.0127 0x085c IgfxTray - ok
10:42:51.0155 0x085c [ 004763BDF8E48244DBB9FDFDE3065EBC, AA88911C51D73C501C67F62A907425EF91D1820D3ED581F0952619EBB6216F14 ] C:\Windows\system32\hkcmd.exe
10:42:51.0171 0x085c HotKeysCmds - ok
10:42:51.0192 0x085c [ CD1102E5D340216138C7F56FA8D26998, 805BE128B6A52E304A91AD44B6A7322BAD5F72CD400DB5E74D8EF47424894266 ] C:\Windows\system32\igfxpers.exe
10:42:51.0208 0x085c Persistence - ok
10:42:51.0268 0x085c [ CBF182B8F76D28BFA4054D38D6551247, 3BB617DE6B424CB32CF2B0473777EF73199DA384EA5EB84888C6D38E0BAD2D4B ] C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
10:42:51.0317 0x085c QQPCTray - ok
10:42:51.0321 0x085c Waiting for KSN requests completion. In queue: 44
10:42:52.0322 0x085c Waiting for KSN requests completion. In queue: 44
10:42:53.0322 0x085c Waiting for KSN requests completion. In queue: 44
10:42:54.0616 0x085c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
10:42:54.0626 0x085c AV detected via SS2: 电脑管家系统防护, C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCMgr.exe ( ), 0x51000 ( enabled : updated )
10:42:54.0735 0x085c Win FW state via NFP2: enabled ( trusted )
10:42:57.0146 0x085c ============================================================
10:42:57.0146 0x085c Scan finished
10:42:57.0146 0x085c ============================================================
10:42:57.0181 0x0ac0 Detected object count: 0
10:42:57.0181 0x0ac0 Actual detected object count: 0
10:43:05.0131 0x0d0c Deinitialize success
10:41:50.0557 0x028c TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
10:41:54.0579 0x028c ============================================================
10:41:54.0579 0x028c Current date / time: 2016/01/19 10:41:54.0579
10:41:54.0579 0x028c SystemInfo:
10:41:54.0579 0x028c
10:41:54.0579 0x028c OS Version: 6.1.7601 ServicePack: 1.0
10:41:54.0580 0x028c Product type: Workstation
10:41:54.0580 0x028c ComputerName: ADMINHPC-PC
10:41:54.0580 0x028c UserName: Admin
10:41:54.0580 0x028c Windows directory: C:\Windows
10:41:54.0580 0x028c System windows directory: C:\Windows
10:41:54.0580 0x028c Processor architecture: Intel x86
10:41:54.0581 0x028c Number of processors: 2
10:41:54.0581 0x028c Page size: 0x1000
10:41:54.0581 0x028c Boot type: Normal boot
10:41:54.0581 0x028c ============================================================
10:41:58.0835 0x028c KLMD registered as C:\Windows\system32\drivers\42229146.sys
10:42:02.0260 0x028c System UUID: {72468CB9-0C70-61D0-6EC1-F310679A688F}
10:42:05.0355 0x028c Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:42:05.0495 0x028c ============================================================
10:42:05.0495 0x028c \Device\Harddisk0\DR0:
10:42:05.0495 0x028c MBR partitions:
10:42:05.0495 0x028c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:42:05.0495 0x028c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
10:42:05.0495 0x028c ============================================================
10:42:05.0524 0x028c C: <-> \Device\Harddisk0\DR0\Partition2
10:42:05.0644 0x028c ============================================================
10:42:05.0644 0x028c Initialize success
10:42:05.0645 0x028c ============================================================
10:42:09.0316 0x085c ============================================================
10:42:09.0317 0x085c Scan started
10:42:09.0317 0x085c Mode: Manual;
10:42:09.0317 0x085c ============================================================
10:42:09.0317 0x085c KSN ping started
10:42:14.0435 0x085c KSN ping finished: true
10:42:15.0282 0x085c ================ Scan system memory ========================
10:42:15.0282 0x085c System memory - ok
10:42:15.0283 0x085c ================ Scan services =============================
10:42:15.0568 0x085c [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:42:15.0615 0x085c 1394ohci - ok
10:42:15.0763 0x085c [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:42:15.0806 0x085c ACPI - ok
10:42:15.0834 0x085c [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:42:15.0878 0x085c AcpiPmi - ok
10:42:15.0966 0x085c [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:42:15.0971 0x085c AdobeARMservice - ok
10:42:16.0116 0x085c [ 84DB0A40692CF8A58D1E3710FA5D121F, 0C29C59CAF056C79F56957DB06A8CF480D5BD7BDF6A4F0E9A72653806CF154D0 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:42:16.0126 0x085c AdobeFlashPlayerUpdateSvc - ok
10:42:16.0187 0x085c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:42:16.0238 0x085c adp94xx - ok
10:42:16.0264 0x085c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:42:16.0295 0x085c adpahci - ok
10:42:16.0327 0x085c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:42:16.0381 0x085c adpu320 - ok
10:42:16.0420 0x085c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:42:16.0436 0x085c AeLookupSvc - ok
10:42:16.0500 0x085c [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
10:42:16.0543 0x085c AFD - ok
10:42:16.0570 0x085c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
10:42:16.0615 0x085c agp440 - ok
10:42:16.0643 0x085c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:42:16.0685 0x085c aic78xx - ok
10:42:16.0712 0x085c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
10:42:16.0718 0x085c ALG - ok
10:42:16.0748 0x085c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
10:42:16.0762 0x085c aliide - ok
10:42:16.0790 0x085c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:42:16.0793 0x085c amdagp - ok
10:42:16.0817 0x085c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
10:42:16.0849 0x085c amdide - ok
10:42:16.0869 0x085c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:42:16.0896 0x085c AmdK8 - ok
10:42:16.0909 0x085c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:42:16.0974 0x085c AmdPPM - ok
10:42:17.0007 0x085c [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:42:17.0023 0x085c amdsata - ok
10:42:17.0053 0x085c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:42:17.0104 0x085c amdsbs - ok
10:42:17.0150 0x085c [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:42:17.0165 0x085c amdxata - ok
10:42:17.0202 0x085c [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
10:42:17.0235 0x085c AppID - ok
10:42:17.0272 0x085c [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:42:17.0276 0x085c AppIDSvc - ok
10:42:17.0311 0x085c [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
10:42:17.0314 0x085c Appinfo - ok
10:42:17.0356 0x085c [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:42:17.0374 0x085c AppMgmt - ok
10:42:17.0410 0x085c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
10:42:17.0469 0x085c arc - ok
10:42:17.0486 0x085c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:42:17.0525 0x085c arcsas - ok
10:42:17.0626 0x085c [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:42:17.0683 0x085c aspnet_state - ok
10:42:17.0712 0x085c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:42:17.0733 0x085c AsyncMac - ok
10:42:17.0760 0x085c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
10:42:17.0819 0x085c atapi - ok
10:42:17.0876 0x085c [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:42:17.0912 0x085c AudioEndpointBuilder - ok
10:42:17.0943 0x085c [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:42:17.0964 0x085c Audiosrv - ok
10:42:18.0007 0x085c [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:42:18.0013 0x085c AxInstSV - ok
10:42:18.0101 0x085c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
10:42:18.0142 0x085c b06bdrv - ok
10:42:18.0193 0x085c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:42:18.0242 0x085c b57nd60x - ok
10:42:18.0268 0x085c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
10:42:18.0274 0x085c BDESVC - ok
10:42:18.0291 0x085c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
10:42:18.0312 0x085c Beep - ok
10:42:18.0373 0x085c [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
10:42:18.0407 0x085c BFE - ok
10:42:18.0569 0x085c [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\system32\qmgr.dll
10:42:18.0644 0x085c BITS - ok
10:42:18.0701 0x085c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:42:18.0742 0x085c blbdrive - ok
10:42:18.0775 0x085c [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:42:18.0780 0x085c bowser - ok
10:42:18.0802 0x085c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:42:18.0841 0x085c BrFiltLo - ok
10:42:18.0868 0x085c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:42:18.0884 0x085c BrFiltUp - ok
10:42:18.0910 0x085c [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:42:18.0934 0x085c BridgeMP - ok
10:42:18.0975 0x085c [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
10:42:19.0003 0x085c Browser - ok
10:42:19.0042 0x085c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:42:19.0084 0x085c Brserid - ok
10:42:19.0116 0x085c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:42:19.0130 0x085c BrSerWdm - ok
10:42:19.0154 0x085c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:42:19.0165 0x085c BrUsbMdm - ok
10:42:19.0187 0x085c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:42:19.0199 0x085c BrUsbSer - ok
10:42:19.0210 0x085c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:42:19.0231 0x085c BTHMODEM - ok
10:42:19.0286 0x085c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
10:42:19.0305 0x085c bthserv - ok
10:42:19.0500 0x085c catchme - ok
10:42:19.0534 0x085c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:42:19.0582 0x085c cdfs - ok
10:42:19.0634 0x085c [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:42:19.0812 0x085c cdrom - ok
10:42:19.0835 0x085c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
10:42:19.0841 0x085c CertPropSvc - ok
10:42:19.0860 0x085c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
10:42:19.0875 0x085c circlass - ok
10:42:19.0915 0x085c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
10:42:19.0931 0x085c CLFS - ok
10:42:20.0001 0x085c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:42:20.0012 0x085c clr_optimization_v2.0.50727_32 - ok
10:42:20.0051 0x085c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:42:20.0151 0x085c clr_optimization_v4.0.30319_32 - ok
10:42:20.0177 0x085c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:42:20.0213 0x085c CmBatt - ok
10:42:20.0238 0x085c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:42:20.0253 0x085c cmdide - ok
10:42:20.0318 0x085c [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
10:42:20.0343 0x085c CNG - ok
10:42:20.0359 0x085c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:42:20.0375 0x085c Compbatt - ok
10:42:20.0404 0x085c [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:42:20.0417 0x085c CompositeBus - ok
10:42:20.0439 0x085c COMSysApp - ok
10:42:20.0462 0x085c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:42:20.0465 0x085c crcdisk - ok
10:42:20.0511 0x085c [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:42:20.0529 0x085c CryptSvc - ok
10:42:20.0573 0x085c [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
10:42:20.0618 0x085c CSC - ok
10:42:20.0743 0x085c [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
10:42:20.0772 0x085c CscService - ok
10:42:20.0832 0x085c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
10:42:20.0875 0x085c DcomLaunch - ok
10:42:20.0913 0x085c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
10:42:20.0948 0x085c defragsvc - ok
10:42:20.0982 0x085c [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:42:21.0030 0x085c DfsC - ok
10:42:21.0080 0x085c [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:42:21.0155 0x085c Dhcp - ok
10:42:21.0181 0x085c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
10:42:21.0209 0x085c discache - ok
10:42:21.0250 0x085c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
10:42:21.0259 0x085c Disk - ok
10:42:21.0302 0x085c [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:42:21.0348 0x085c dmvsc - ok
10:42:21.0380 0x085c [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:42:21.0430 0x085c Dnscache - ok
10:42:21.0472 0x085c [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
10:42:21.0521 0x085c dot3svc - ok
10:42:21.0548 0x085c [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
10:42:21.0607 0x085c DPS - ok
10:42:21.0650 0x085c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:42:21.0708 0x085c drmkaud - ok
10:42:21.0772 0x085c [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:42:21.0833 0x085c DXGKrnl - ok
10:42:21.0870 0x085c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
10:42:21.0887 0x085c EapHost - ok
10:42:22.0127 0x085c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
10:42:22.0342 0x085c ebdrv - ok
10:42:22.0410 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
10:42:22.0422 0x085c EFS - ok
10:42:22.0679 0x085c [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:42:22.0724 0x085c ehRecvr - ok
10:42:22.0761 0x085c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
10:42:22.0776 0x085c ehSched - ok
10:42:22.0838 0x085c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:42:22.0881 0x085c elxstor - ok
10:42:22.0913 0x085c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:42:22.0928 0x085c ErrDev - ok
10:42:23.0014 0x085c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
10:42:23.0056 0x085c EventSystem - ok
10:42:23.0108 0x085c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
10:42:23.0131 0x085c exfat - ok
10:42:23.0213 0x085c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:42:23.0272 0x085c fastfat - ok
10:42:23.0504 0x085c [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
10:42:23.0535 0x085c Fax - ok
10:42:23.0576 0x085c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:42:23.0623 0x085c fdc - ok
10:42:23.0655 0x085c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
10:42:23.0686 0x085c fdPHost - ok
10:42:23.0709 0x085c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
10:42:23.0739 0x085c FDResPub - ok
10:42:23.0757 0x085c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:42:23.0776 0x085c FileInfo - ok
10:42:23.0811 0x085c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:42:23.0831 0x085c Filetrace - ok
10:42:23.0851 0x085c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:42:23.0878 0x085c flpydisk - ok
10:42:23.0944 0x085c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:42:23.0960 0x085c FltMgr - ok
10:42:24.0166 0x085c [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
10:42:24.0241 0x085c FontCache - ok
10:42:24.0317 0x085c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:42:24.0341 0x085c FontCache3.0.0.0 - ok
10:42:24.0365 0x085c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:42:24.0411 0x085c FsDepends - ok
10:42:24.0444 0x085c [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:42:24.0477 0x085c Fs_Rec - ok
10:42:24.0529 0x085c [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:42:24.0571 0x085c fvevol - ok
10:42:24.0613 0x085c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:42:24.0714 0x085c gagp30kx - ok
10:42:24.0775 0x085c [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
10:42:24.0852 0x085c gpsvc - ok
10:42:24.0996 0x085c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:42:25.0018 0x085c gupdate - ok
10:42:25.0033 0x085c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:42:25.0040 0x085c gupdatem - ok
10:42:25.0072 0x085c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:42:25.0136 0x085c hcw85cir - ok
10:42:25.0195 0x085c [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:42:25.0253 0x085c HdAudAddService - ok
10:42:25.0304 0x085c [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:42:25.0325 0x085c HDAudBus - ok
10:42:25.0374 0x085c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:42:25.0386 0x085c HidBatt - ok
10:42:25.0411 0x085c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:42:25.0456 0x085c HidBth - ok
10:42:25.0504 0x085c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
10:42:25.0526 0x085c HidIr - ok
10:42:25.0579 0x085c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
10:42:25.0590 0x085c hidserv - ok
10:42:25.0630 0x085c [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:42:25.0659 0x085c HidUsb - ok
10:42:25.0691 0x085c [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
10:42:25.0702 0x085c hkmsvc - ok
10:42:25.0751 0x085c [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:42:25.0773 0x085c HomeGroupListener - ok
10:42:25.0815 0x085c [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:42:25.0829 0x085c HomeGroupProvider - ok
10:42:25.0893 0x085c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:42:25.0900 0x085c HpSAMD - ok
10:42:25.0987 0x085c [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:42:26.0030 0x085c HTTP - ok
10:42:26.0071 0x085c [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:42:26.0083 0x085c hwpolicy - ok
10:42:26.0132 0x085c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:42:26.0137 0x085c i8042prt - ok
10:42:26.0201 0x085c [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:42:26.0218 0x085c iaStorV - ok
10:42:26.0349 0x085c [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:42:26.0418 0x085c idsvc - ok
10:42:26.0509 0x085c IEEtwCollectorService - ok
10:42:27.0104 0x085c [ 9467514EA189475A6E7FDC5D7BDE9D3F, E6F5B99BF6B614832770F9310B06334A8174C7660DDEC7589433640527A14683 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
10:42:27.0366 0x085c igfx - ok
10:42:27.0425 0x085c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:42:27.0430 0x085c iirsp - ok
10:42:27.0509 0x085c [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
10:42:27.0555 0x085c IKEEXT - ok
10:42:27.0598 0x085c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
10:42:27.0600 0x085c intelide - ok
10:42:27.0625 0x085c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:42:27.0629 0x085c intelppm - ok
10:42:27.0663 0x085c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:42:27.0670 0x085c IPBusEnum - ok
10:42:27.0694 0x085c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:42:27.0699 0x085c IpFilterDriver - ok
10:42:27.0760 0x085c [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:42:27.0803 0x085c iphlpsvc - ok
10:42:27.0832 0x085c [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:42:27.0845 0x085c IPMIDRV - ok
10:42:27.0872 0x085c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:42:27.0878 0x085c IPNAT - ok
10:42:27.0915 0x085c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:42:27.0917 0x085c IRENUM - ok
10:42:27.0940 0x085c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:42:27.0944 0x085c isapnp - ok
10:42:28.0001 0x085c [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:42:28.0014 0x085c iScsiPrt - ok
10:42:28.0052 0x085c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:42:28.0055 0x085c kbdclass - ok
10:42:28.0104 0x085c [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:42:28.0106 0x085c kbdhid - ok
10:42:28.0125 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
10:42:28.0130 0x085c KeyIso - ok
10:42:28.0174 0x085c [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:42:28.0179 0x085c KSecDD - ok
10:42:28.0210 0x085c [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:42:28.0227 0x085c KSecPkg - ok
10:42:28.0279 0x085c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:42:28.0305 0x085c KtmRm - ok
10:42:28.0338 0x085c [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:42:28.0373 0x085c LanmanServer - ok
10:42:28.0410 0x085c [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:42:28.0454 0x085c LanmanWorkstation - ok
10:42:28.0496 0x085c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:42:28.0500 0x085c lltdio - ok
10:42:28.0574 0x085c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:42:28.0588 0x085c lltdsvc - ok
10:42:28.0609 0x085c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:42:28.0615 0x085c lmhosts - ok
10:42:28.0659 0x085c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:42:28.0665 0x085c LSI_FC - ok
10:42:28.0688 0x085c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:42:28.0695 0x085c LSI_SAS - ok
10:42:28.0708 0x085c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:42:28.0715 0x085c LSI_SAS2 - ok
10:42:28.0738 0x085c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:42:28.0745 0x085c LSI_SCSI - ok
10:42:28.0788 0x085c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
10:42:28.0792 0x085c luafv - ok
10:42:28.0820 0x085c [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:42:28.0829 0x085c Mcx2Svc - ok
10:42:28.0840 0x085c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
10:42:28.0847 0x085c megasas - ok
10:42:28.0870 0x085c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:42:28.0883 0x085c MegaSR - ok
10:42:28.0944 0x085c Microsoft SharePoint Workspace Audit Service - ok
10:42:28.0963 0x085c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
10:42:28.0970 0x085c MMCSS - ok
10:42:28.0987 0x085c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
10:42:28.0991 0x085c Modem - ok
10:42:29.0022 0x085c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:42:29.0025 0x085c monitor - ok
10:42:29.0043 0x085c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:42:29.0046 0x085c mouclass - ok
10:42:29.0075 0x085c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\drivers\mouhid.sys
10:42:29.0086 0x085c mouhid - ok
10:42:29.0110 0x085c [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:42:29.0116 0x085c mountmgr - ok
10:42:29.0181 0x085c [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:42:29.0208 0x085c MpFilter - ok
10:42:29.0227 0x085c [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
10:42:29.0235 0x085c mpio - ok
10:42:29.0404 0x085c [ BB7BB66A8DAF16950F83AE7BF498AF8F, A96FC3BE055C52B98E7ECDF68D69081620F829B04B5496C73D87F271E40EA638 ] MpKsl49b9e412 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7A6A2DC-4510-43E7-96F1-D4A4E1E7717B}\MpKsl49b9e412.sys
10:42:29.0408 0x085c MpKsl49b9e412 - ok
10:42:29.0438 0x085c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:42:29.0452 0x085c mpsdrv - ok
10:42:29.0508 0x085c [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:42:29.0551 0x085c MpsSvc - ok
10:42:29.0605 0x085c [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:42:29.0623 0x085c MRxDAV - ok
10:42:29.0659 0x085c [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:42:29.0676 0x085c mrxsmb - ok
10:42:29.0723 0x085c [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:42:29.0741 0x085c mrxsmb10 - ok
10:42:29.0776 0x085c [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:42:29.0782 0x085c mrxsmb20 - ok
10:42:29.0814 0x085c [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
10:42:29.0818 0x085c msahci - ok
10:42:29.0853 0x085c [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:42:29.0863 0x085c msdsm - ok
10:42:29.0891 0x085c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
10:42:29.0902 0x085c MSDTC - ok
10:42:29.0937 0x085c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:42:29.0940 0x085c Msfs - ok
10:42:29.0975 0x085c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:42:29.0978 0x085c mshidkmdf - ok
10:42:29.0995 0x085c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:42:29.0998 0x085c msisadrv - ok
10:42:30.0038 0x085c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:42:30.0048 0x085c MSiSCSI - ok
10:42:30.0059 0x085c msiserver - ok
10:42:30.0094 0x085c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:42:30.0097 0x085c MSKSSRV - ok
10:42:30.0165 0x085c [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:42:30.0176 0x085c MsMpSvc - ok
10:42:30.0202 0x085c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:42:30.0205 0x085c MSPCLOCK - ok
10:42:30.0217 0x085c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:42:30.0220 0x085c MSPQM - ok
10:42:30.0248 0x085c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:42:30.0265 0x085c MsRPC - ok
10:42:30.0289 0x085c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:42:30.0292 0x085c mssmbios - ok
10:42:30.0314 0x085c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:42:30.0316 0x085c MSTEE - ok
10:42:30.0343 0x085c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:42:30.0347 0x085c MTConfig - ok
10:42:30.0372 0x085c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
10:42:30.0375 0x085c Mup - ok
10:42:30.0438 0x085c [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
10:42:30.0458 0x085c napagent - ok
10:42:30.0514 0x085c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:42:30.0540 0x085c NativeWifiP - ok
10:42:30.0633 0x085c [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:42:30.0679 0x085c NDIS - ok
10:42:30.0715 0x085c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:42:30.0732 0x085c NdisCap - ok
10:42:30.0760 0x085c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:42:30.0764 0x085c NdisTapi - ok
10:42:30.0801 0x085c [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:42:30.0805 0x085c Ndisuio - ok
10:42:30.0833 0x085c [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:42:30.0839 0x085c NdisWan - ok
10:42:30.0865 0x085c [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:42:30.0877 0x085c NDProxy - ok
10:42:30.0907 0x085c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:42:30.0912 0x085c NetBIOS - ok
10:42:30.0937 0x085c [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:42:30.0954 0x085c NetBT - ok
10:42:30.0971 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
10:42:30.0976 0x085c Netlogon - ok
10:42:31.0048 0x085c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
10:42:31.0075 0x085c Netman - ok
10:42:31.0124 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0157 0x085c NetMsmqActivator - ok
10:42:31.0175 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0183 0x085c NetPipeActivator - ok
10:42:31.0222 0x085c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
10:42:31.0248 0x085c netprofm - ok
10:42:31.0275 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0282 0x085c NetTcpActivator - ok
10:42:31.0315 0x085c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:42:31.0322 0x085c NetTcpPortSharing - ok
10:42:31.0374 0x085c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:42:31.0378 0x085c nfrd960 - ok
10:42:31.0415 0x085c [ 6A83B8AF342E61DEE353BAA81F67B7DA, F883A69DC57A203CEF4A264ADA3669EFA11149FE479A32FF38A37C86D24D7DE7 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:42:31.0420 0x085c NisDrv - ok
10:42:31.0453 0x085c [ 877C975D6FED8B12C445312D1286771E, 2FD5F2FE0414D00B8E4EF389E1AD11356C14F700A906770B0AB88B464D963948 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:42:31.0467 0x085c NisSrv - ok
10:42:31.0509 0x085c [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:42:31.0535 0x085c NlaSvc - ok
10:42:31.0556 0x085c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:42:31.0559 0x085c Npfs - ok
10:42:31.0583 0x085c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
10:42:31.0590 0x085c nsi - ok
10:42:31.0609 0x085c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:42:31.0611 0x085c nsiproxy - ok
10:42:31.0711 0x085c [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:42:31.0787 0x085c Ntfs - ok
10:42:31.0810 0x085c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
10:42:31.0813 0x085c Null - ok
10:42:31.0851 0x085c [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:42:31.0858 0x085c nvraid - ok
10:42:31.0879 0x085c [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:42:31.0896 0x085c nvstor - ok
10:42:31.0927 0x085c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:42:31.0934 0x085c nv_agp - ok
10:42:31.0957 0x085c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:42:31.0970 0x085c ohci1394 - ok
10:42:32.0041 0x085c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:42:32.0058 0x085c ose - ok
10:42:32.0375 0x085c [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:42:32.0701 0x085c osppsvc - ok
10:42:33.0105 0x085c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:42:33.0177 0x085c p2pimsvc - ok
10:42:33.0503 0x085c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
10:42:33.0601 0x085c p2psvc - ok
10:42:33.0743 0x085c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\drivers\parport.sys
10:42:33.0972 0x085c Parport - ok
10:42:34.0118 0x085c [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:42:34.0210 0x085c partmgr - ok
10:42:34.0295 0x085c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:42:34.0391 0x085c Parvdm - ok
10:42:34.0541 0x085c [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:42:34.0611 0x085c PcaSvc - ok
10:42:34.0754 0x085c [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
10:42:34.0790 0x085c pci - ok
10:42:34.0958 0x085c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
10:42:34.0969 0x085c pciide - ok
10:42:35.0002 0x085c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:42:35.0017 0x085c pcmcia - ok
10:42:35.0040 0x085c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
10:42:35.0050 0x085c pcw - ok
10:42:35.0101 0x085c [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:42:35.0126 0x085c PEAUTH - ok
10:42:35.0221 0x085c [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:42:35.0299 0x085c PeerDistSvc - ok
10:42:35.0497 0x085c [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
10:42:35.0574 0x085c pla - ok
10:42:35.0643 0x085c [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:42:35.0675 0x085c PlugPlay - ok
10:42:35.0695 0x085c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:42:35.0700 0x085c PNRPAutoReg - ok
10:42:35.0740 0x085c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:42:35.0757 0x085c PNRPsvc - ok
10:42:35.0824 0x085c [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:42:35.0866 0x085c PolicyAgent - ok
10:42:35.0919 0x085c [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
10:42:35.0932 0x085c Power - ok
10:42:35.0980 0x085c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:42:35.0985 0x085c PptpMiniport - ok
10:42:36.0009 0x085c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
10:42:36.0014 0x085c Processor - ok
10:42:36.0050 0x085c [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:42:36.0068 0x085c ProfSvc - ok
10:42:36.0105 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:42:36.0110 0x085c ProtectedStorage - ok
10:42:36.0154 0x085c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:42:36.0173 0x085c Psched - ok
10:42:36.0274 0x085c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:42:36.0359 0x085c ql2300 - ok
10:42:36.0394 0x085c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:42:36.0415 0x085c ql40xx - ok
10:42:36.0600 0x085c QMIEProtect - ok
10:42:36.0609 0x085c QMUdisk - ok
10:42:36.0689 0x085c [ 5B56F95A13F51D5FA313475A9E33592A, E381FB559E60720AD892726F58B508CA7B636C4F5B36904F79C660D3FE22E8F9 ] QQPCRTP C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
10:42:36.0770 0x085c QQPCRTP - ok
10:42:36.0791 0x085c QQSysMon - ok
10:42:36.0863 0x085c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
10:42:36.0887 0x085c QWAVE - ok
10:42:36.0918 0x085c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:42:36.0923 0x085c QWAVEdrv - ok
10:42:36.0943 0x085c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:42:36.0946 0x085c RasAcd - ok
10:42:36.0996 0x085c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:42:37.0000 0x085c RasAgileVpn - ok
10:42:37.0044 0x085c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
10:42:37.0055 0x085c RasAuto - ok
10:42:37.0096 0x085c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:42:37.0101 0x085c Rasl2tp - ok
10:42:37.0166 0x085c [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
10:42:37.0192 0x085c RasMan - ok
10:42:37.0220 0x085c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:42:37.0226 0x085c RasPppoe - ok
10:42:37.0247 0x085c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:42:37.0251 0x085c RasSstp - ok
10:42:37.0282 0x085c [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:42:37.0298 0x085c rdbss - ok
10:42:37.0329 0x085c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:42:37.0341 0x085c rdpbus - ok
10:42:37.0361 0x085c [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:42:37.0363 0x085c RDPCDD - ok
10:42:37.0399 0x085c [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:42:37.0408 0x085c RDPDR - ok
10:42:37.0440 0x085c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:42:37.0443 0x085c RDPENCDD - ok
10:42:37.0462 0x085c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:42:37.0464 0x085c RDPREFMP - ok
10:42:37.0527 0x085c [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:42:37.0543 0x085c RdpVideoMiniport - ok
10:42:37.0605 0x085c [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:42:37.0623 0x085c RDPWD - ok
10:42:37.0671 0x085c [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:42:37.0688 0x085c rdyboost - ok
10:42:37.0724 0x085c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:42:37.0733 0x085c RemoteAccess - ok
10:42:37.0782 0x085c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:42:37.0799 0x085c RemoteRegistry - ok
10:42:37.0826 0x085c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:42:37.0847 0x085c RpcEptMapper - ok
10:42:37.0880 0x085c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
10:42:37.0886 0x085c RpcLocator - ok
10:42:37.0947 0x085c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
10:42:37.0969 0x085c RpcSs - ok
10:42:38.0000 0x085c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:42:38.0003 0x085c rspndr - ok
10:42:38.0029 0x085c [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:42:38.0055 0x085c s3cap - ok
10:42:38.0077 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
10:42:38.0082 0x085c SamSs - ok
10:42:38.0219 0x085c [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:42:38.0226 0x085c sbp2port - ok
10:42:38.0256 0x085c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:42:38.0271 0x085c SCardSvr - ok
10:42:38.0282 0x085c [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:42:38.0287 0x085c scfilter - ok
10:42:38.0360 0x085c [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
10:42:38.0410 0x085c Schedule - ok
10:42:38.0431 0x085c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:42:38.0436 0x085c SCPolicySvc - ok
10:42:38.0477 0x085c [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:42:38.0490 0x085c SDRSVC - ok
10:42:38.0528 0x085c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:42:38.0532 0x085c secdrv - ok
10:42:38.0558 0x085c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
10:42:38.0566 0x085c seclogon - ok
10:42:38.0585 0x085c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
10:42:38.0594 0x085c SENS - ok
10:42:38.0616 0x085c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:42:38.0625 0x085c SensrSvc - ok
10:42:38.0648 0x085c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:42:38.0652 0x085c Serenum - ok
10:42:38.0686 0x085c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\drivers\serial.sys
10:42:38.0692 0x085c Serial - ok
10:42:38.0715 0x085c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:42:38.0719 0x085c sermouse - ok
10:42:38.0776 0x085c [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
10:42:38.0789 0x085c SessionEnv - ok
10:42:38.0804 0x085c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:42:38.0807 0x085c sffdisk - ok
10:42:38.0825 0x085c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:42:38.0833 0x085c sffp_mmc - ok
10:42:38.0856 0x085c [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:42:38.0859 0x085c sffp_sd - ok
10:42:38.0878 0x085c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:42:41.0342 0x085c sfloppy - ok
10:42:41.0401 0x085c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:42:41.0452 0x085c SharedAccess - ok
10:42:41.0502 0x085c [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:42:41.0553 0x085c ShellHWDetection - ok
10:42:41.0602 0x085c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:42:41.0607 0x085c sisagp - ok
10:42:41.0658 0x085c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:42:41.0662 0x085c SiSRaid2 - ok
10:42:41.0685 0x085c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:42:41.0691 0x085c SiSRaid4 - ok
10:42:41.0733 0x085c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:42:41.0739 0x085c Smb - ok
10:42:41.0781 0x085c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:42:41.0791 0x085c SNMPTRAP - ok
10:42:41.0807 0x085c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
10:42:41.0810 0x085c spldr - ok
10:42:41.0874 0x085c [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
10:42:41.0899 0x085c Spooler - ok
10:42:42.0177 0x085c [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
10:42:42.0383 0x085c sppsvc - ok
10:42:42.0420 0x085c [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:42:42.0431 0x085c sppuinotify - ok
10:42:42.0475 0x085c [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:42:42.0525 0x085c srv - ok
10:42:42.0564 0x085c [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:42:42.0606 0x085c srv2 - ok
10:42:42.0647 0x085c [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:42:42.0673 0x085c srvnet - ok
10:42:42.0713 0x085c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:42:42.0731 0x085c SSDPSRV - ok
10:42:42.0769 0x085c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:42:42.0783 0x085c SstpSvc - ok
10:42:42.0855 0x085c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:42:42.0860 0x085c stexstor - ok
10:42:42.0918 0x085c [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
10:42:42.0954 0x085c StiSvc - ok
10:42:42.0982 0x085c [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:42:42.0986 0x085c storflt - ok
10:42:43.0022 0x085c [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
10:42:43.0030 0x085c StorSvc - ok
10:42:43.0055 0x085c [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:42:43.0061 0x085c storvsc - ok
10:42:43.0094 0x085c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:42:43.0097 0x085c swenum - ok
10:42:43.0142 0x085c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
10:42:43.0168 0x085c swprv - ok
10:42:43.0286 0x085c [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
10:42:43.0373 0x085c SysMain - ok
10:42:43.0415 0x085c [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
10:42:43.0425 0x085c TabletInputService - ok
10:42:43.0497 0x085c [ F05047626E0390FF2792835500F70920, EF5E65602387B69735DDD7A82F03FFD551A28308E81670543633C29057566AE0 ] TAOAccelerator C:\Windows\system32\Drivers\TAOAccelerator.sys
10:42:43.0510 0x085c TAOAccelerator - ok
10:42:43.0541 0x085c [ D1AC9003E39B6239792F844557ACD5E6, C8F54971F2B1231BEC1760B99ECEA27E0AD60AAA664428B5C278A3C7C024C756 ] TAOKernelDriver C:\Windows\system32\Drivers\TAOKernel.sys
10:42:43.0557 0x085c TAOKernelDriver - ok
10:42:43.0596 0x085c [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
10:42:43.0621 0x085c TapiSrv - ok
10:42:43.0642 0x085c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
10:42:43.0665 0x085c TBS - ok
10:42:43.0782 0x085c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:42:43.0865 0x085c Tcpip - ok
10:42:43.0976 0x085c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:42:44.0028 0x085c TCPIP6 - ok
10:42:44.0087 0x085c [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:42:44.0091 0x085c tcpipreg - ok
10:42:44.0130 0x085c [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:42:44.0134 0x085c TDPIPE - ok
10:42:44.0162 0x085c [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:42:44.0166 0x085c TDTCP - ok
10:42:44.0199 0x085c [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:42:44.0205 0x085c tdx - ok
10:42:44.0240 0x085c [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:42:44.0245 0x085c TermDD - ok
10:42:44.0303 0x085c [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
10:42:44.0353 0x085c TermService - ok
10:42:44.0471 0x085c [ 4E607FA5DF30D62EAB84E2D4745745F6, 61FE896F8774DFDD772367D3FAA398E6A513F3A1931FBB120E1E2D8347EA625B ] TFsFlt C:\Windows\system32\Drivers\TFsFlt.sys
10:42:44.0480 0x085c TFsFlt - ok
10:42:44.0528 0x085c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
10:42:44.0533 0x085c Themes - ok
10:42:44.0555 0x085c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
10:42:44.0560 0x085c THREADORDER - ok
10:42:44.0605 0x085c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
10:42:44.0620 0x085c TrkWks - ok
10:42:44.0706 0x085c [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:42:44.0740 0x085c TrustedInstaller - ok
10:42:44.0750 0x085c TS888 - ok
10:42:44.0813 0x085c [ DA5F124A8D025AFA1E44E231AD222B8B, 43DBAE62CC3929B53253782BB5229F339B109E568AEFB565081CEC386B2A7B02 ] TSDefenseBt C:\Windows\system32\DRIVERS\TSDefenseBt.sys
10:42:44.0815 0x085c TSDefenseBt - ok
10:42:44.0850 0x085c [ 25C7982D4294CB464606A24A5A0B3B44, 2AAEC324BA21F87CE6FD36307DE32CC15582AE946FB9F674FC669DCCA8B794B7 ] TsFltMgr C:\Windows\system32\drivers\TsFltMgr.sys
10:42:44.0866 0x085c TsFltMgr - ok
10:42:44.0875 0x085c TSKSP - ok
10:42:44.0911 0x085c [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:42:44.0937 0x085c tssecsrv - ok
10:42:44.0981 0x085c [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:42:44.0986 0x085c TsUsbFlt - ok
10:42:45.0013 0x085c [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:42:45.0017 0x085c TsUsbGD - ok
10:42:45.0066 0x085c [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:42:45.0073 0x085c tunnel - ok
10:42:45.0095 0x085c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:42:45.0100 0x085c uagp35 - ok
10:42:45.0138 0x085c [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:42:45.0154 0x085c udfs - ok
10:42:45.0192 0x085c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:42:45.0201 0x085c UI0Detect - ok
10:42:45.0235 0x085c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:42:45.0240 0x085c uliagpkx - ok
10:42:45.0282 0x085c [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:42:45.0286 0x085c umbus - ok
10:42:45.0315 0x085c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:42:45.0318 0x085c UmPass - ok
10:42:45.0356 0x085c [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
10:42:45.0374 0x085c UmRdpService - ok
10:42:45.0415 0x085c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
10:42:45.0440 0x085c upnphost - ok
10:42:45.0492 0x085c [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:42:45.0511 0x085c usbccgp - ok
10:42:45.0561 0x085c [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:42:45.0568 0x085c usbcir - ok
10:42:45.0603 0x085c [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:42:45.0607 0x085c usbehci - ok
10:42:45.0672 0x085c [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:42:45.0696 0x085c usbhub - ok
10:42:45.0715 0x085c [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:42:45.0719 0x085c usbohci - ok
10:42:45.0751 0x085c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:42:45.0755 0x085c usbprint - ok
10:42:45.0789 0x085c [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:42:46.0236 0x085c USBSTOR - ok
10:42:46.0273 0x085c [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:42:46.0277 0x085c usbuhci - ok
10:42:46.0303 0x085c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
10:42:46.0312 0x085c UxSms - ok
10:42:46.0331 0x085c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
10:42:46.0336 0x085c VaultSvc - ok
10:42:46.0378 0x085c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:42:46.0382 0x085c vdrvroot - ok
10:42:46.0430 0x085c [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
10:42:46.0465 0x085c vds - ok
10:42:46.0498 0x085c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:42:46.0501 0x085c vga - ok
10:42:46.0540 0x085c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:42:46.0542 0x085c VgaSave - ok
10:42:46.0582 0x085c [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:42:46.0600 0x085c vhdmp - ok
10:42:46.0631 0x085c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:42:46.0637 0x085c viaagp - ok
10:42:46.0663 0x085c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:42:46.0667 0x085c ViaC7 - ok
10:42:46.0708 0x085c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
10:42:46.0711 0x085c viaide - ok
10:42:46.0733 0x085c [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:42:46.0743 0x085c vmbus - ok
10:42:46.0772 0x085c [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:42:46.0792 0x085c VMBusHID - ok
10:42:46.0818 0x085c [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:42:46.0822 0x085c volmgr - ok
10:42:46.0853 0x085c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:42:46.0879 0x085c volmgrx - ok
10:42:46.0939 0x085c [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:42:46.0956 0x085c volsnap - ok
10:42:47.0006 0x085c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:42:47.0024 0x085c vsmraid - ok
10:42:47.0151 0x085c [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
10:42:47.0226 0x085c VSS - ok
10:42:47.0251 0x085c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:42:47.0255 0x085c vwifibus - ok
10:42:47.0311 0x085c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
10:42:47.0362 0x085c W32Time - ok
10:42:47.0399 0x085c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:42:47.0403 0x085c WacomPen - ok
10:42:47.0435 0x085c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:42:47.0440 0x085c WANARP - ok
10:42:47.0452 0x085c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:42:47.0456 0x085c Wanarpv6 - ok
10:42:47.0640 0x085c [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:42:47.0728 0x085c WatAdminSvc - ok
10:42:47.0924 0x085c [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
10:42:48.0009 0x085c wbengine - ok
10:42:48.0061 0x085c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:42:48.0078 0x085c WbioSrvc - ok
10:42:48.0123 0x085c [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:42:48.0148 0x085c wcncsvc - ok
10:42:48.0177 0x085c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:42:48.0188 0x085c WcsPlugInService - ok
10:42:48.0236 0x085c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
10:42:48.0240 0x085c Wd - ok
10:42:48.0293 0x085c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:42:48.0327 0x085c Wdf01000 - ok
10:42:48.0366 0x085c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:42:48.0376 0x085c WdiServiceHost - ok
10:42:48.0390 0x085c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:42:48.0401 0x085c WdiSystemHost - ok
10:42:48.0438 0x085c [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
10:42:48.0480 0x085c WebClient - ok
10:42:48.0529 0x085c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:42:48.0555 0x085c Wecsvc - ok
10:42:48.0582 0x085c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:42:48.0592 0x085c wercplsupport - ok
10:42:48.0642 0x085c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
10:42:48.0655 0x085c WerSvc - ok
10:42:48.0685 0x085c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:42:48.0688 0x085c WfpLwf - ok
10:42:48.0709 0x085c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:42:48.0713 0x085c WIMMount - ok
10:42:48.0799 0x085c [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:42:48.0868 0x085c WinDefend - ok
10:42:48.0918 0x085c WinHttpAutoProxySvc - ok
10:42:48.0991 0x085c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:42:49.0009 0x085c Winmgmt - ok
10:42:49.0116 0x085c [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
10:42:49.0200 0x085c WinRM - ok
10:42:49.0269 0x085c [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:42:49.0273 0x085c WinUsb - ok
10:42:49.0351 0x085c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:42:49.0446 0x085c Wlansvc - ok
10:42:49.0501 0x085c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:42:49.0504 0x085c WmiAcpi - ok
10:42:49.0556 0x085c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:42:49.0565 0x085c wmiApSrv - ok
10:42:49.0664 0x085c [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:42:49.0732 0x085c WMPNetworkSvc - ok
10:42:49.0761 0x085c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:42:49.0770 0x085c WPCSvc - ok
10:42:49.0795 0x085c [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:42:49.0808 0x085c WPDBusEnum - ok
10:42:49.0825 0x085c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:42:49.0829 0x085c ws2ifsl - ok
10:42:49.0853 0x085c [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
10:42:49.0865 0x085c wscsvc - ok
10:42:49.0875 0x085c WSearch - ok
10:42:50.0071 0x085c [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
10:42:50.0199 0x085c wuauserv - ok
10:42:50.0271 0x085c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:42:50.0283 0x085c WudfPf - ok
10:42:50.0325 0x085c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:42:50.0339 0x085c WUDFRd - ok
10:42:50.0379 0x085c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:42:50.0387 0x085c wudfsvc - ok
10:42:50.0429 0x085c [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
10:42:50.0446 0x085c WwanSvc - ok
10:42:50.0484 0x085c ================ Scan global ===============================
10:42:50.0515 0x085c [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
10:42:50.0545 0x085c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:42:50.0573 0x085c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:42:50.0617 0x085c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
10:42:50.0656 0x085c [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
10:42:50.0671 0x085c [ Global ] - ok
10:42:50.0672 0x085c ================ Scan MBR ==================================
10:42:50.0684 0x085c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:42:50.0868 0x085c \Device\Harddisk0\DR0 - ok
10:42:50.0869 0x085c ================ Scan VBR ==================================
10:42:50.0876 0x085c [ 72AEE4CCDFC0E5E59BC082E15A780779 ] \Device\Harddisk0\DR0\Partition1
10:42:50.0880 0x085c \Device\Harddisk0\DR0\Partition1 - ok
10:42:50.0889 0x085c [ FB19E6AE57A79E3FBF94589C27756AA8 ] \Device\Harddisk0\DR0\Partition2
10:42:50.0891 0x085c \Device\Harddisk0\DR0\Partition2 - ok
10:42:50.0895 0x085c ================ Scan generic autorun ======================
10:42:50.0977 0x085c [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] c:\Program Files\Microsoft Security Client\msseces.exe
10:42:51.0050 0x085c MSC - ok
10:42:51.0098 0x085c [ 68239842340DDFF8993DFD9127553EDA, 9FEC34A35D5A91FEF1C4859AFD0C2538C5CD3E1792FB118487368CFDF66CBCA0 ] C:\Windows\system32\igfxtray.exe
10:42:51.0127 0x085c IgfxTray - ok
10:42:51.0155 0x085c [ 004763BDF8E48244DBB9FDFDE3065EBC, AA88911C51D73C501C67F62A907425EF91D1820D3ED581F0952619EBB6216F14 ] C:\Windows\system32\hkcmd.exe
10:42:51.0171 0x085c HotKeysCmds - ok
10:42:51.0192 0x085c [ CD1102E5D340216138C7F56FA8D26998, 805BE128B6A52E304A91AD44B6A7322BAD5F72CD400DB5E74D8EF47424894266 ] C:\Windows\system32\igfxpers.exe
10:42:51.0208 0x085c Persistence - ok
10:42:51.0268 0x085c [ CBF182B8F76D28BFA4054D38D6551247, 3BB617DE6B424CB32CF2B0473777EF73199DA384EA5EB84888C6D38E0BAD2D4B ] C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
10:42:51.0317 0x085c QQPCTray - ok
10:42:51.0321 0x085c Waiting for KSN requests completion. In queue: 44
10:42:52.0322 0x085c Waiting for KSN requests completion. In queue: 44
10:42:53.0322 0x085c Waiting for KSN requests completion. In queue: 44
10:42:54.0616 0x085c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
10:42:54.0626 0x085c AV detected via SS2: 电脑管家系统防护, C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCMgr.exe ( ), 0x51000 ( enabled : updated )
10:42:54.0735 0x085c Win FW state via NFP2: enabled ( trusted )
10:42:57.0146 0x085c ============================================================
10:42:57.0146 0x085c Scan finished
10:42:57.0146 0x085c ============================================================
10:42:57.0181 0x0ac0 Detected object count: 0
10:42:57.0181 0x0ac0 Actual detected object count: 0
10:43:05.0131 0x0d0c Deinitialize success
Re: kontrla
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: kontrla
Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by Admin (2016-01-19 10:01:20)
Running from C:\Users\Admin\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2014-01-13 08:07:28)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-1309902909-742908279-1553088342-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1309902909-742908279-1553088342-500 - Administrator - Disabled)
Guest (S-1-5-21-1309902909-742908279-1553088342-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Out of date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: 电脑管家系统防护 (Enabled - Out of date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AS: Microsoft Security Essentials (Enabled - Out of date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Out of date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Flash Drive Tester v1.14 (HKLM\...\{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console)
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LiveUSB Creator (remove only) (HKLM\...\LiveUSB Creator) (Version: - )
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
PSPad editor (HKLM\...\PSPad editor_is1) (Version: 4.5.8.2500 - Jan Fiala)
SeaTools for Windows (HKLM\...\SeaTools for Windows) (Version: - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Universal Extractor 1.6.1 (HKLM\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1309902909-742908279-1553088342-1000_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files\PSPad editor\pspshellx32.dll ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {38F4D6FF-6699-4F8C-81D9-B952D6F02024} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-14] (Google Inc.)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {D1D2A81F-07EE-4939-B584-AF8B84B38C76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-14] (Google Inc.)
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {DDAD60D6-703A-4FF5-819C-7CD005F20F96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-14] (Adobe Systems Incorporated)
Task: {F0B0AA43-B8AF-47A7-AB69-DFB2DB6C1F3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-01-19 09:18 - 2016-01-19 09:18 - 00481632 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\sqlite.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00100704 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\tinyxml.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00088416 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\zlib.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-04 09:32 - 2014-11-02 17:44 - 00027136 _____ () C:\Program Files\PSPad editor\pspshellx32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2016-01-19 09:09 - 00000967 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.67.64.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: QQPCTray => "C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe" /regrun
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1418377822
MSCONFIG\startupreg: gupdate => C:\Program Files\Company\gupdate\gupdate.exe
MSCONFIG\startupreg: lsas => C:\Program Files\t_201601190914\201601190914\lsas.exe -mini
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A3B1FC5E-EE38-413A-8C2F-CFC016B655F0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{5B79C527-7544-4B80-A611-9DC3D58B93EB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{CCAABB41-F50C-4E68-920D-AEC7444F4E5F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{EA3AFEF5-4F1A-4CFA-AE56-A01212DAAB40}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCmgrInstallGuide.exe
FirewallRules: [{18596595-332B-4B6E-8E42-23D981DA6ED7}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{4A8ECF40-1347-496B-ACE3-4CEAF81C4E78}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
FirewallRules: [{9F9387D8-9E7C-4E37-BB74-95CE16422EC2}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCMgr.exe
FirewallRules: [{E4E1D00D-0CA9-4F78-9CCB-2B26632D4D79}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
FirewallRules: [{50EE6D45-21DE-4C69-A786-79E4EAA21304}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMDL.exe
FirewallRules: [{C7173513-1BFA-4BDC-B347-55B9E753E215}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\bugreport.exe
FirewallRules: [{98CA7743-87EF-4176-A3EF-DC21A6403431}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCFileOpen.exe
FirewallRules: [{5DE74F0F-69DF-4C1E-9A8C-572F53C6945C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLeakScan.exe
FirewallRules: [{D3BD2723-70CD-4CF5-B9BC-1750BA0CEE2A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPConfig.exe
FirewallRules: [{6F625550-B7A5-408D-84FD-EA4BC286992B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftMgr.exe
FirewallRules: [{EE59776F-C31A-456F-809C-1B4654FDFB56}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{67C122E8-58E6-4729-B17F-ECA00B9F219F}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCBTU.exe
FirewallRules: [{AB632625-2A8C-4CF9-B695-AC84F84FB302}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCClinic.exe
FirewallRules: [{567A7B09-4FCD-45CB-BF20-14E73300E873}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLaunch.exe
FirewallRules: [{69C780B9-9C4F-4888-A8EE-F20F190A11AE}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{DA69ABEC-923F-4792-8BE3-76927E0EE8FB}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftGame.exe
FirewallRules: [{4867DAFC-4BDA-4E23-8F41-F76CF69B3401}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSysOptimize.exe
FirewallRules: [{46D96218-CBF0-4628-894E-4D21D043C97B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCUpdateAVLib.exe
FirewallRules: [{AA3B4C84-B956-41BB-8574-6559583A82BD}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQRepair.exe
FirewallRules: [{422B7DB1-27DF-4649-A421-C0A9C7C7318A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\Uninst.exe
FirewallRules: [{6431FEC0-604E-4C77-8D46-E9D81908087C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCPatch.exe
FirewallRules: [{11FA4B84-5716-423D-B271-C12858A68960}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TpkUpdate.exe
FirewallRules: [{E27F1234-8C99-4395-A59A-2EEAE0422AE9}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMRouterMgr.exe
FirewallRules: [{5430EA38-D82A-4AD8-AB1D-1B3D80B12459}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAccountProtection.exe
FirewallRules: [{3842E703-9F1D-4EF1-A240-11D8F03491A8}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAdBlock.exe
FirewallRules: [{D3808C82-43DE-4571-A111-A417A756173F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{DF9B8E97-7B09-4D31-B166-9C5EF19B4435}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
==================== Restore Points =========================
19-11-2015 10:02:36 Windows Update
07-12-2015 08:33:43 Windows Update
11-01-2016 12:48:43 Windows Update
18-01-2016 12:10:01 Windows Update
==================== Faulty Device Manager Devices =============
Name: tencent QMIEProtect
Description: tencent QMIEProtect
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QMIEProtect
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: tencent QMUdisk
Description: tencent QMUdisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QMUdisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: TSKsp
Description: TSKsp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: TSKSP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/19/2016 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 10:07:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_5.030.exe version 5.0.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 168
Start Time: 01d152979019e840
Termination Time: 46047
Application Path: C:\Users\Admin\Desktop\adwcleaner_5.030.exe
Report Id: df854606-be8b-11e5-aba4-001635a1ef37
Error: (01/19/2016 09:46:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:45:18 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/19/2016 09:45:18 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/19/2016 09:45:18 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (01/19/2016 09:44:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMon service failed to start due to the following error:
%%2
Error: (01/19/2016 09:44:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMon service failed to start due to the following error:
%%2
Error: (01/19/2016 09:50:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 09:44:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMon service failed to start due to the following error:
%%2
Error: (01/19/2016 10:32:05 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 10:25:46 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 10:19:15 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 10:02:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/19/2016 10:02:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/19/2016 10:02:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 67%
Total physical RAM: 1015.43 MB
Available physical RAM: 332 MB
Total Virtual: 2039.43 MB
Available Virtual: 1280.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.43 GB) (Free:49.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 9D429D42)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by Admin (2016-01-19 10:01:20)
Running from C:\Users\Admin\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2014-01-13 08:07:28)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-1309902909-742908279-1553088342-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1309902909-742908279-1553088342-500 - Administrator - Disabled)
Guest (S-1-5-21-1309902909-742908279-1553088342-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Out of date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: 电脑管家系统防护 (Enabled - Out of date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AS: Microsoft Security Essentials (Enabled - Out of date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Out of date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Flash Drive Tester v1.14 (HKLM\...\{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console)
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LiveUSB Creator (remove only) (HKLM\...\LiveUSB Creator) (Version: - )
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
PSPad editor (HKLM\...\PSPad editor_is1) (Version: 4.5.8.2500 - Jan Fiala)
SeaTools for Windows (HKLM\...\SeaTools for Windows) (Version: - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Universal Extractor 1.6.1 (HKLM\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1309902909-742908279-1553088342-1000_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files\PSPad editor\pspshellx32.dll ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {38F4D6FF-6699-4F8C-81D9-B952D6F02024} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-14] (Google Inc.)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {D1D2A81F-07EE-4939-B584-AF8B84B38C76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-14] (Google Inc.)
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {DDAD60D6-703A-4FF5-819C-7CD005F20F96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-14] (Adobe Systems Incorporated)
Task: {F0B0AA43-B8AF-47A7-AB69-DFB2DB6C1F3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-01-19 09:18 - 2016-01-19 09:18 - 00481632 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\sqlite.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00100704 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\tinyxml.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00088416 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\zlib.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-04 09:32 - 2014-11-02 17:44 - 00027136 _____ () C:\Program Files\PSPad editor\pspshellx32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2016-01-19 09:09 - 00000967 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.67.64.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: QQPCTray => "C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe" /regrun
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1418377822
MSCONFIG\startupreg: gupdate => C:\Program Files\Company\gupdate\gupdate.exe
MSCONFIG\startupreg: lsas => C:\Program Files\t_201601190914\201601190914\lsas.exe -mini
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A3B1FC5E-EE38-413A-8C2F-CFC016B655F0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{5B79C527-7544-4B80-A611-9DC3D58B93EB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{CCAABB41-F50C-4E68-920D-AEC7444F4E5F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{EA3AFEF5-4F1A-4CFA-AE56-A01212DAAB40}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCmgrInstallGuide.exe
FirewallRules: [{18596595-332B-4B6E-8E42-23D981DA6ED7}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{4A8ECF40-1347-496B-ACE3-4CEAF81C4E78}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
FirewallRules: [{9F9387D8-9E7C-4E37-BB74-95CE16422EC2}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCMgr.exe
FirewallRules: [{E4E1D00D-0CA9-4F78-9CCB-2B26632D4D79}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
FirewallRules: [{50EE6D45-21DE-4C69-A786-79E4EAA21304}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMDL.exe
FirewallRules: [{C7173513-1BFA-4BDC-B347-55B9E753E215}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\bugreport.exe
FirewallRules: [{98CA7743-87EF-4176-A3EF-DC21A6403431}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCFileOpen.exe
FirewallRules: [{5DE74F0F-69DF-4C1E-9A8C-572F53C6945C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLeakScan.exe
FirewallRules: [{D3BD2723-70CD-4CF5-B9BC-1750BA0CEE2A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPConfig.exe
FirewallRules: [{6F625550-B7A5-408D-84FD-EA4BC286992B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftMgr.exe
FirewallRules: [{EE59776F-C31A-456F-809C-1B4654FDFB56}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{67C122E8-58E6-4729-B17F-ECA00B9F219F}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCBTU.exe
FirewallRules: [{AB632625-2A8C-4CF9-B695-AC84F84FB302}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCClinic.exe
FirewallRules: [{567A7B09-4FCD-45CB-BF20-14E73300E873}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLaunch.exe
FirewallRules: [{69C780B9-9C4F-4888-A8EE-F20F190A11AE}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{DA69ABEC-923F-4792-8BE3-76927E0EE8FB}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftGame.exe
FirewallRules: [{4867DAFC-4BDA-4E23-8F41-F76CF69B3401}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSysOptimize.exe
FirewallRules: [{46D96218-CBF0-4628-894E-4D21D043C97B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCUpdateAVLib.exe
FirewallRules: [{AA3B4C84-B956-41BB-8574-6559583A82BD}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQRepair.exe
FirewallRules: [{422B7DB1-27DF-4649-A421-C0A9C7C7318A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\Uninst.exe
FirewallRules: [{6431FEC0-604E-4C77-8D46-E9D81908087C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCPatch.exe
FirewallRules: [{11FA4B84-5716-423D-B271-C12858A68960}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TpkUpdate.exe
FirewallRules: [{E27F1234-8C99-4395-A59A-2EEAE0422AE9}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMRouterMgr.exe
FirewallRules: [{5430EA38-D82A-4AD8-AB1D-1B3D80B12459}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAccountProtection.exe
FirewallRules: [{3842E703-9F1D-4EF1-A240-11D8F03491A8}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAdBlock.exe
FirewallRules: [{D3808C82-43DE-4571-A111-A417A756173F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{DF9B8E97-7B09-4D31-B166-9C5EF19B4435}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
==================== Restore Points =========================
19-11-2015 10:02:36 Windows Update
07-12-2015 08:33:43 Windows Update
11-01-2016 12:48:43 Windows Update
18-01-2016 12:10:01 Windows Update
==================== Faulty Device Manager Devices =============
Name: tencent QMIEProtect
Description: tencent QMIEProtect
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QMIEProtect
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: tencent QMUdisk
Description: tencent QMUdisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QMUdisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: TSKsp
Description: TSKsp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: TSKSP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/19/2016 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 10:07:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_5.030.exe version 5.0.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 168
Start Time: 01d152979019e840
Termination Time: 46047
Application Path: C:\Users\Admin\Desktop\adwcleaner_5.030.exe
Report Id: df854606-be8b-11e5-aba4-001635a1ef37
Error: (01/19/2016 09:46:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:45:18 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/19/2016 09:45:18 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/19/2016 09:45:18 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (01/19/2016 09:44:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMon service failed to start due to the following error:
%%2
Error: (01/19/2016 09:44:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMon service failed to start due to the following error:
%%2
Error: (01/19/2016 09:50:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 09:44:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMon service failed to start due to the following error:
%%2
Error: (01/19/2016 10:32:05 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 10:25:46 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 10:19:15 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 10:02:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/19/2016 10:02:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/19/2016 10:02:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 67%
Total physical RAM: 1015.43 MB
Available physical RAM: 332 MB
Total Virtual: 2039.43 MB
Available Virtual: 1280.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.43 GB) (Free:49.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 9D429D42)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Re: kontrla
potrebujem frst.txt 
vlozil si ten druhy log 
vlozil si ten druhy log FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: kontrla
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-01-2016
Ran by Admin (administrator) on ADMINHPC-PC (19-01-2016 09:59:39)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Tencent) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe [355296 2016-01-19] (Tencent)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.67.64.2
Tcpip\..\Interfaces\{3848C8C6-C7B8-4D89-BA09-5D7FDD654453}: [DhcpNameServer] 212.67.64.2
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-21]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe [301728 2016-01-19] (Tencent)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator.sys [82008 2016-01-19] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel.sys [138552 2016-01-19] (Tencent Technology(Shenzhen) Company Limited)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [150072 2016-01-19] (电脑管家)
R1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [14008 2016-01-19] (Tencent)
R0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [128280 2016-01-14] (电脑管家)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
S1 QMIEProtect; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMIEProtect.sys [X]
S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUdisk.sys [X]
S2 QQSysMon; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQSysMon.sys [X]
S3 TS888; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TS888.sys [X]
S1 TSKSP; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TSKsp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-19 10:41 - 2016-01-19 10:43 - 00189298 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_10.41.50_log.txt
2016-01-19 10:26 - 2016-01-19 10:41 - 00196656 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_10.26.43_log.txt
2016-01-19 10:22 - 2016-01-19 10:23 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe
2016-01-19 10:15 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-19 10:15 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-19 10:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-19 10:14 - 2016-01-19 09:47 - 00000000 ____D C:\Qoobox
2016-01-19 10:13 - 2016-01-19 10:33 - 00000000 ____D C:\Windows\erdnt
2016-01-19 10:12 - 2016-01-19 10:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2016-01-19 10:12 - 2016-01-19 10:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-19 10:12 - 2016-01-19 10:12 - 05650673 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2016-01-19 10:07 - 2016-01-19 10:07 - 00000000 ____D C:\ProgramData\TXQMPC
2016-01-19 09:59 - 2016-01-19 10:00 - 00008728 _____ C:\Users\Admin\Desktop\FRST.txt
2016-01-19 09:59 - 2016-01-19 09:59 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-19 09:58 - 2016-01-19 10:02 - 00000000 ____D C:\AdwCleaner
2016-01-19 09:58 - 2016-01-19 09:59 - 00000000 ____D C:\FRST
2016-01-19 09:58 - 2016-01-19 09:58 - 01505280 _____ C:\Users\Admin\Desktop\adwcleaner_5.030.exe
2016-01-19 09:58 - 2016-01-19 09:58 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-19 09:58 - 2016-01-19 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-19 09:58 - 2016-01-19 09:58 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-19 09:58 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-19 09:58 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-19 09:58 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-19 09:57 - 2016-01-19 09:58 - 01721856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2016-01-19 09:56 - 2016-01-19 09:56 - 01107968 _____ C:\Users\Admin\Desktop\RSIT.exe
2016-01-19 09:56 - 2016-01-19 09:56 - 00000000 ____D C:\rsit
2016-01-19 09:56 - 2016-01-19 09:56 - 00000000 ____D C:\Program Files\trend micro
2016-01-19 09:47 - 2016-01-19 09:49 - 00194326 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_09.47.56_log.txt
2016-01-19 09:47 - 2016-01-19 09:18 - 00138552 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel.sys
2016-01-19 09:46 - 2016-01-19 09:51 - 00000000 ___SD C:\ComboFix
2016-01-19 09:46 - 2016-01-19 09:45 - 00030392 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys
2016-01-19 09:45 - 2016-01-19 10:02 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-01-19 09:45 - 2016-01-19 09:18 - 00082008 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator.sys
2016-01-19 09:21 - 2016-01-19 09:18 - 00014008 ____N (Tencent) C:\Windows\system32\Drivers\TSDefenseBt.sys
2016-01-19 09:20 - 2015-12-28 16:38 - 00074040 ____N (电脑管家) C:\Windows\system32\TSSK.sys
2016-01-19 09:19 - 2016-01-19 09:18 - 00150072 ____N (电脑管家) C:\Windows\system32\Drivers\TFsFlt.sys
2016-01-19 09:19 - 2016-01-14 10:47 - 00128280 ____N (电脑管家) C:\Windows\system32\Drivers\TsFltMgr.sys
2016-01-19 09:16 - 2016-01-19 09:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Tencent
2016-01-19 09:16 - 2016-01-19 09:53 - 00000000 ____D C:\ProgramData\Tencent
2016-01-19 09:16 - 2016-01-19 09:16 - 00000000 ____D C:\Program Files\Tencent
2016-01-19 09:14 - 2016-01-19 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ
2016-01-19 09:14 - 2016-01-19 09:14 - 00000000 ____D C:\Program Files\t_201601190914
2016-01-19 09:14 - 2016-01-19 09:09 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-19 09:08 - 2016-01-19 09:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2016-01-19 09:08 - 2016-01-19 09:50 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
2016-01-19 09:06 - 2016-01-19 09:50 - 00000000 ____D C:\Program Files\Opera
2016-01-19 09:06 - 2016-01-19 09:06 - 00000000 __RSH C:\MSDOS.SYS
2016-01-19 09:06 - 2016-01-19 09:06 - 00000000 __RSH C:\IO.SYS
2016-01-19 09:05 - 2016-01-19 09:05 - 00000000 ____D C:\Program Files\Company
2016-01-19 09:01 - 2016-01-19 09:01 - 03109792 _____ C:\Users\Admin\Desktop\DVDFab-and-Crack.zip-.zip
2016-01-18 12:21 - 2016-01-18 12:21 - 00386442 _____ C:\Users\Admin\Desktop\Doklad_157607802N.pdf
2016-01-18 12:20 - 2016-01-18 12:20 - 00386283 _____ C:\Users\Admin\Desktop\Doklad_157607847N.pdf
2016-01-14 08:03 - 2016-01-14 08:04 - 52196399 _____ C:\Users\Admin\Desktop\DVDFab v9 cracked.zip
2016-01-11 13:02 - 2016-01-11 13:03 - 00000198 _____ C:\Users\Admin\Desktop\Nakup_Alza.txt
2016-01-11 12:53 - 2016-01-11 12:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\29669
2016-01-11 12:46 - 2016-01-11 12:46 - 00000000 ____D C:\e0e7bd8d32d602af25
2016-01-11 12:44 - 2016-01-11 12:53 - 00000000 ____D C:\Users\Admin\Documents\DVDFab9
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-09-15 08:44 - 2014-01-13 12:07 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2016-01-19 10:32 - 2014-08-14 07:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-19 10:32 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2016-01-19 09:58 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2016-01-19 09:52 - 2015-01-22 09:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2016-01-19 09:52 - 2009-07-14 05:34 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-19 09:52 - 2009-07-14 05:34 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-19 09:51 - 2014-01-13 12:07 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-19 09:49 - 2010-11-20 22:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-19 09:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-01-19 09:47 - 2014-01-14 08:22 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-19 09:47 - 2014-01-13 09:10 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-01-19 09:47 - 2014-01-13 09:07 - 00001389 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-19 09:47 - 2014-01-13 09:04 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-01-19 09:47 - 2014-01-13 09:04 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-01-19 09:47 - 2009-07-14 05:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-19 09:47 - 2009-07-14 05:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-01-19 09:47 - 2009-07-14 05:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-01-19 09:47 - 2009-07-14 05:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-01-19 09:46 - 2015-03-04 09:32 - 00000974 _____ C:\Users\Admin\Desktop\PSPad.lnk
2016-01-19 09:46 - 2014-11-24 08:54 - 00002625 _____ C:\Users\Public\Desktop\Flash Drive Tester v1.14.lnk
2016-01-19 09:46 - 2014-10-15 11:09 - 00001215 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2016-01-19 09:46 - 2009-07-14 05:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-01-19 09:46 - 2009-07-14 05:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-01-19 09:45 - 2015-03-27 09:29 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-19 09:45 - 2009-07-14 05:33 - 00340000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-19 09:44 - 2014-01-13 12:07 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-19 09:44 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-19 09:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system
2016-01-19 09:37 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-19 09:28 - 2014-01-13 09:10 - 00085360 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-19 09:21 - 2014-01-13 09:07 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2016-01-19 09:10 - 2014-01-13 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-14 08:32 - 2014-08-14 07:30 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-14 08:32 - 2014-08-14 07:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-14 08:19 - 2014-01-14 08:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2016-01-14 07:39 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\catchme.dll
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt_aqzn.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-07 10:02
==================== End of FRST.txt ============================
Ran by Admin (administrator) on ADMINHPC-PC (19-01-2016 09:59:39)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Tencent) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe [355296 2016-01-19] (Tencent)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.67.64.2
Tcpip\..\Interfaces\{3848C8C6-C7B8-4D89-BA09-5D7FDD654453}: [DhcpNameServer] 212.67.64.2
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-21]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe [301728 2016-01-19] (Tencent)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator.sys [82008 2016-01-19] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel.sys [138552 2016-01-19] (Tencent Technology(Shenzhen) Company Limited)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [150072 2016-01-19] (电脑管家)
R1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [14008 2016-01-19] (Tencent)
R0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [128280 2016-01-14] (电脑管家)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
S1 QMIEProtect; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMIEProtect.sys [X]
S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUdisk.sys [X]
S2 QQSysMon; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQSysMon.sys [X]
S3 TS888; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TS888.sys [X]
S1 TSKSP; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TSKsp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-19 10:41 - 2016-01-19 10:43 - 00189298 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_10.41.50_log.txt
2016-01-19 10:26 - 2016-01-19 10:41 - 00196656 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_10.26.43_log.txt
2016-01-19 10:22 - 2016-01-19 10:23 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe
2016-01-19 10:15 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-19 10:15 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-19 10:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-19 10:14 - 2016-01-19 09:47 - 00000000 ____D C:\Qoobox
2016-01-19 10:13 - 2016-01-19 10:33 - 00000000 ____D C:\Windows\erdnt
2016-01-19 10:12 - 2016-01-19 10:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2016-01-19 10:12 - 2016-01-19 10:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-19 10:12 - 2016-01-19 10:12 - 05650673 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2016-01-19 10:07 - 2016-01-19 10:07 - 00000000 ____D C:\ProgramData\TXQMPC
2016-01-19 09:59 - 2016-01-19 10:00 - 00008728 _____ C:\Users\Admin\Desktop\FRST.txt
2016-01-19 09:59 - 2016-01-19 09:59 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-19 09:58 - 2016-01-19 10:02 - 00000000 ____D C:\AdwCleaner
2016-01-19 09:58 - 2016-01-19 09:59 - 00000000 ____D C:\FRST
2016-01-19 09:58 - 2016-01-19 09:58 - 01505280 _____ C:\Users\Admin\Desktop\adwcleaner_5.030.exe
2016-01-19 09:58 - 2016-01-19 09:58 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-19 09:58 - 2016-01-19 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-19 09:58 - 2016-01-19 09:58 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-19 09:58 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-19 09:58 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-19 09:58 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-19 09:57 - 2016-01-19 09:58 - 01721856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2016-01-19 09:56 - 2016-01-19 09:56 - 01107968 _____ C:\Users\Admin\Desktop\RSIT.exe
2016-01-19 09:56 - 2016-01-19 09:56 - 00000000 ____D C:\rsit
2016-01-19 09:56 - 2016-01-19 09:56 - 00000000 ____D C:\Program Files\trend micro
2016-01-19 09:47 - 2016-01-19 09:49 - 00194326 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_09.47.56_log.txt
2016-01-19 09:47 - 2016-01-19 09:18 - 00138552 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel.sys
2016-01-19 09:46 - 2016-01-19 09:51 - 00000000 ___SD C:\ComboFix
2016-01-19 09:46 - 2016-01-19 09:45 - 00030392 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys
2016-01-19 09:45 - 2016-01-19 10:02 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-01-19 09:45 - 2016-01-19 09:18 - 00082008 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator.sys
2016-01-19 09:21 - 2016-01-19 09:18 - 00014008 ____N (Tencent) C:\Windows\system32\Drivers\TSDefenseBt.sys
2016-01-19 09:20 - 2015-12-28 16:38 - 00074040 ____N (电脑管家) C:\Windows\system32\TSSK.sys
2016-01-19 09:19 - 2016-01-19 09:18 - 00150072 ____N (电脑管家) C:\Windows\system32\Drivers\TFsFlt.sys
2016-01-19 09:19 - 2016-01-14 10:47 - 00128280 ____N (电脑管家) C:\Windows\system32\Drivers\TsFltMgr.sys
2016-01-19 09:16 - 2016-01-19 09:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Tencent
2016-01-19 09:16 - 2016-01-19 09:53 - 00000000 ____D C:\ProgramData\Tencent
2016-01-19 09:16 - 2016-01-19 09:16 - 00000000 ____D C:\Program Files\Tencent
2016-01-19 09:14 - 2016-01-19 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ
2016-01-19 09:14 - 2016-01-19 09:14 - 00000000 ____D C:\Program Files\t_201601190914
2016-01-19 09:14 - 2016-01-19 09:09 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-19 09:08 - 2016-01-19 09:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2016-01-19 09:08 - 2016-01-19 09:50 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
2016-01-19 09:06 - 2016-01-19 09:50 - 00000000 ____D C:\Program Files\Opera
2016-01-19 09:06 - 2016-01-19 09:06 - 00000000 __RSH C:\MSDOS.SYS
2016-01-19 09:06 - 2016-01-19 09:06 - 00000000 __RSH C:\IO.SYS
2016-01-19 09:05 - 2016-01-19 09:05 - 00000000 ____D C:\Program Files\Company
2016-01-19 09:01 - 2016-01-19 09:01 - 03109792 _____ C:\Users\Admin\Desktop\DVDFab-and-Crack.zip-.zip
2016-01-18 12:21 - 2016-01-18 12:21 - 00386442 _____ C:\Users\Admin\Desktop\Doklad_157607802N.pdf
2016-01-18 12:20 - 2016-01-18 12:20 - 00386283 _____ C:\Users\Admin\Desktop\Doklad_157607847N.pdf
2016-01-14 08:03 - 2016-01-14 08:04 - 52196399 _____ C:\Users\Admin\Desktop\DVDFab v9 cracked.zip
2016-01-11 13:02 - 2016-01-11 13:03 - 00000198 _____ C:\Users\Admin\Desktop\Nakup_Alza.txt
2016-01-11 12:53 - 2016-01-11 12:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\29669
2016-01-11 12:46 - 2016-01-11 12:46 - 00000000 ____D C:\e0e7bd8d32d602af25
2016-01-11 12:44 - 2016-01-11 12:53 - 00000000 ____D C:\Users\Admin\Documents\DVDFab9
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-09-15 08:44 - 2014-01-13 12:07 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2016-01-19 10:32 - 2014-08-14 07:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-19 10:32 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2016-01-19 09:58 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2016-01-19 09:52 - 2015-01-22 09:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2016-01-19 09:52 - 2009-07-14 05:34 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-19 09:52 - 2009-07-14 05:34 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-19 09:51 - 2014-01-13 12:07 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-19 09:49 - 2010-11-20 22:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-19 09:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-01-19 09:47 - 2014-01-14 08:22 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-19 09:47 - 2014-01-13 09:10 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-01-19 09:47 - 2014-01-13 09:07 - 00001389 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-19 09:47 - 2014-01-13 09:04 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-01-19 09:47 - 2014-01-13 09:04 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-01-19 09:47 - 2009-07-14 05:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-19 09:47 - 2009-07-14 05:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-01-19 09:47 - 2009-07-14 05:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-01-19 09:47 - 2009-07-14 05:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-01-19 09:46 - 2015-03-04 09:32 - 00000974 _____ C:\Users\Admin\Desktop\PSPad.lnk
2016-01-19 09:46 - 2014-11-24 08:54 - 00002625 _____ C:\Users\Public\Desktop\Flash Drive Tester v1.14.lnk
2016-01-19 09:46 - 2014-10-15 11:09 - 00001215 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2016-01-19 09:46 - 2009-07-14 05:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-01-19 09:46 - 2009-07-14 05:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-01-19 09:45 - 2015-03-27 09:29 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-19 09:45 - 2009-07-14 05:33 - 00340000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-19 09:44 - 2014-01-13 12:07 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-19 09:44 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-19 09:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system
2016-01-19 09:37 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-19 09:28 - 2014-01-13 09:10 - 00085360 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-19 09:21 - 2014-01-13 09:07 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2016-01-19 09:10 - 2014-01-13 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-14 08:32 - 2014-08-14 07:30 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-14 08:32 - 2014-08-14 07:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-14 08:19 - 2014-01-14 08:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2016-01-14 07:39 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\catchme.dll
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt_aqzn.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-07 10:02
==================== End of FRST.txt ============================
Re: kontrla
a konecne mozme likvidovat 
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>
•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>
Kód: Vybrat vše
Start
(Tencent) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe [301728 2016-01-19] (Tencent)
S3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator.sys [82008 2016-01-19] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel.sys [138552 2016-01-19] (Tencent Technology(Shenzhen) Company Limited)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [150072 2016-01-19] (电脑管家)
R1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [14008 2016-01-19] (Tencent)
R0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [128280 2016-01-14] (电脑管家)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
S1 QMIEProtect; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMIEProtect.sys [X]
S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUdisk.sys [X]
S2 QQSysMon; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQSysMon.sys [X]
S3 TS888; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TS888.sys [X]
S1 TSKSP; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TSKsp.sys [X]
2016-01-19 10:41 - 2016-01-19 10:43 - 00189298 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_10.41.50_log.txt
2016-01-19 10:26 - 2016-01-19 10:41 - 00196656 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_10.26.43_log.txt
2016-01-19 10:22 - 2016-01-19 10:23 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe
2016-01-19 09:46 - 2016-01-19 09:45 - 00030392 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys
2016-01-19 09:45 - 2016-01-19 10:02 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-01-19 09:45 - 2016-01-19 09:18 - 00082008 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator.sys
2016-01-19 09:21 - 2016-01-19 09:18 - 00014008 ____N (Tencent) C:\Windows\system32\Drivers\TSDefenseBt.sys
2016-01-19 09:20 - 2015-12-28 16:38 - 00074040 ____N (电脑管家) C:\Windows\system32\TSSK.sys
2016-01-19 09:19 - 2016-01-19 09:18 - 00150072 ____N (电脑管家) C:\Windows\system32\Drivers\TFsFlt.sys
2016-01-19 09:19 - 2016-01-14 10:47 - 00128280 ____N (电脑管家) C:\Windows\system32\Drivers\TsFltMgr.sys
2016-01-19 09:16 - 2016-01-19 09:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Tencent
2016-01-19 09:16 - 2016-01-19 09:53 - 00000000 ____D C:\ProgramData\Tencent
2016-01-19 09:16 - 2016-01-19 09:16 - 00000000 ____D C:\Program Files\Tencent
2016-01-19 09:14 - 2016-01-19 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ
FirewallRules: [{CCAABB41-F50C-4E68-920D-AEC7444F4E5F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{EA3AFEF5-4F1A-4CFA-AE56-A01212DAAB40}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCmgrInstallGuide.exe
FirewallRules: [{18596595-332B-4B6E-8E42-23D981DA6ED7}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{4A8ECF40-1347-496B-ACE3-4CEAF81C4E78}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
FirewallRules: [{9F9387D8-9E7C-4E37-BB74-95CE16422EC2}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCMgr.exe
FirewallRules: [{E4E1D00D-0CA9-4F78-9CCB-2B26632D4D79}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
FirewallRules: [{50EE6D45-21DE-4C69-A786-79E4EAA21304}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMDL.exe
FirewallRules: [{C7173513-1BFA-4BDC-B347-55B9E753E215}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\bugreport.exe
FirewallRules: [{98CA7743-87EF-4176-A3EF-DC21A6403431}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCFileOpen.exe
FirewallRules: [{5DE74F0F-69DF-4C1E-9A8C-572F53C6945C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLeakScan.exe
FirewallRules: [{D3BD2723-70CD-4CF5-B9BC-1750BA0CEE2A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPConfig.exe
FirewallRules: [{6F625550-B7A5-408D-84FD-EA4BC286992B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftMgr.exe
FirewallRules: [{EE59776F-C31A-456F-809C-1B4654FDFB56}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{67C122E8-58E6-4729-B17F-ECA00B9F219F}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCBTU.exe
FirewallRules: [{AB632625-2A8C-4CF9-B695-AC84F84FB302}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCClinic.exe
FirewallRules: [{567A7B09-4FCD-45CB-BF20-14E73300E873}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLaunch.exe
FirewallRules: [{69C780B9-9C4F-4888-A8EE-F20F190A11AE}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{DA69ABEC-923F-4792-8BE3-76927E0EE8FB}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftGame.exe
FirewallRules: [{4867DAFC-4BDA-4E23-8F41-F76CF69B3401}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSysOptimize.exe
FirewallRules: [{46D96218-CBF0-4628-894E-4D21D043C97B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCUpdateAVLib.exe
FirewallRules: [{AA3B4C84-B956-41BB-8574-6559583A82BD}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQRepair.exe
FirewallRules: [{422B7DB1-27DF-4649-A421-C0A9C7C7318A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\Uninst.exe
FirewallRules: [{6431FEC0-604E-4C77-8D46-E9D81908087C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCPatch.exe
FirewallRules: [{11FA4B84-5716-423D-B271-C12858A68960}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TpkUpdate.exe
FirewallRules: [{E27F1234-8C99-4395-A59A-2EEAE0422AE9}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMRouterMgr.exe
FirewallRules: [{5430EA38-D82A-4AD8-AB1D-1B3D80B12459}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAccountProtection.exe
FirewallRules: [{3842E703-9F1D-4EF1-A240-11D8F03491A8}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAdBlock.exe
FirewallRules: [{D3808C82-43DE-4571-A111-A417A756173F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{DF9B8E97-7B09-4D31-B166-9C5EF19B4435}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
2016-01-19 09:18 - 2016-01-19 09:18 - 00481632 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\sqlite.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00100704 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\tinyxml.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00088416 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\zlib.dll
EmptyTemp:
Reboot:
End
•Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txtFRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: kontrla
tady to je, ale nejsem si jisty jestli jsem to udelal spravne, nejsem moc zbehly...
Fix result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by Admin (2016-01-19 10:43:26) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
(Tencent) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe [301728 2016-01-19] (Tencent)
S3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator.sys [82008 2016-01-19] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel.sys [138552 2016-01-19] (Tencent Technology(Shenzhen) Company Limited)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [150072 2016-01-19] (????)
R1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [14008 2016-01-19] (Tencent)
R0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [128280 2016-01-14] (????)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
S1 QMIEProtect; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMIEProtect.sys [X]
S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUdisk.sys [X]
S2 QQSysMon; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQSysMon.sys [X]
S3 TS888; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TS888.sys [X]
S1 TSKSP; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TSKsp.sys [X]
2016-01-19 10:41 - 2016-01-19 10:43 - 00189298 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_10.41.50_log.txt
2016-01-19 10:26 - 2016-01-19 10:41 - 00196656 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_10.26.43_log.txt
2016-01-19 10:22 - 2016-01-19 10:23 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe
2016-01-19 09:46 - 2016-01-19 09:45 - 00030392 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys
2016-01-19 09:45 - 2016-01-19 10:02 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-01-19 09:45 - 2016-01-19 09:18 - 00082008 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator.sys
2016-01-19 09:21 - 2016-01-19 09:18 - 00014008 ____N (Tencent) C:\Windows\system32\Drivers\TSDefenseBt.sys
2016-01-19 09:20 - 2015-12-28 16:38 - 00074040 ____N (????) C:\Windows\system32\TSSK.sys
2016-01-19 09:19 - 2016-01-19 09:18 - 00150072 ____N (????) C:\Windows\system32\Drivers\TFsFlt.sys
2016-01-19 09:19 - 2016-01-14 10:47 - 00128280 ____N (????) C:\Windows\system32\Drivers\TsFltMgr.sys
2016-01-19 09:16 - 2016-01-19 09:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Tencent
2016-01-19 09:16 - 2016-01-19 09:53 - 00000000 ____D C:\ProgramData\Tencent
2016-01-19 09:16 - 2016-01-19 09:16 - 00000000 ____D C:\Program Files\Tencent
2016-01-19 09:14 - 2016-01-19 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ
FirewallRules: [{CCAABB41-F50C-4E68-920D-AEC7444F4E5F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{EA3AFEF5-4F1A-4CFA-AE56-A01212DAAB40}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCmgrInstallGuide.exe
FirewallRules: [{18596595-332B-4B6E-8E42-23D981DA6ED7}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{4A8ECF40-1347-496B-ACE3-4CEAF81C4E78}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
FirewallRules: [{9F9387D8-9E7C-4E37-BB74-95CE16422EC2}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCMgr.exe
FirewallRules: [{E4E1D00D-0CA9-4F78-9CCB-2B26632D4D79}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
FirewallRules: [{50EE6D45-21DE-4C69-A786-79E4EAA21304}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMDL.exe
FirewallRules: [{C7173513-1BFA-4BDC-B347-55B9E753E215}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\bugreport.exe
FirewallRules: [{98CA7743-87EF-4176-A3EF-DC21A6403431}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCFileOpen.exe
FirewallRules: [{5DE74F0F-69DF-4C1E-9A8C-572F53C6945C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLeakScan.exe
FirewallRules: [{D3BD2723-70CD-4CF5-B9BC-1750BA0CEE2A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPConfig.exe
FirewallRules: [{6F625550-B7A5-408D-84FD-EA4BC286992B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftMgr.exe
FirewallRules: [{EE59776F-C31A-456F-809C-1B4654FDFB56}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{67C122E8-58E6-4729-B17F-ECA00B9F219F}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCBTU.exe
FirewallRules: [{AB632625-2A8C-4CF9-B695-AC84F84FB302}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCClinic.exe
FirewallRules: [{567A7B09-4FCD-45CB-BF20-14E73300E873}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLaunch.exe
FirewallRules: [{69C780B9-9C4F-4888-A8EE-F20F190A11AE}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{DA69ABEC-923F-4792-8BE3-76927E0EE8FB}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftGame.exe
FirewallRules: [{4867DAFC-4BDA-4E23-8F41-F76CF69B3401}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSysOptimize.exe
FirewallRules: [{46D96218-CBF0-4628-894E-4D21D043C97B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCUpdateAVLib.exe
FirewallRules: [{AA3B4C84-B956-41BB-8574-6559583A82BD}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQRepair.exe
FirewallRules: [{422B7DB1-27DF-4649-A421-C0A9C7C7318A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\Uninst.exe
FirewallRules: [{6431FEC0-604E-4C77-8D46-E9D81908087C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCPatch.exe
FirewallRules: [{11FA4B84-5716-423D-B271-C12858A68960}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TpkUpdate.exe
FirewallRules: [{E27F1234-8C99-4395-A59A-2EEAE0422AE9}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMRouterMgr.exe
FirewallRules: [{5430EA38-D82A-4AD8-AB1D-1B3D80B12459}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAccountProtection.exe
FirewallRules: [{3842E703-9F1D-4EF1-A240-11D8F03491A8}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAdBlock.exe
FirewallRules: [{D3808C82-43DE-4571-A111-A417A756173F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{DF9B8E97-7B09-4D31-B166-9C5EF19B4435}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
2016-01-19 09:18 - 2016-01-19 09:18 - 00481632 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\sqlite.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00100704 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\tinyxml.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00088416 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\zlib.dll
EmptyTemp:
Reboot:
End
*****************
C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
[748] C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe => process closed successfully.
QQPCRTP => Service stopped successfully.
QQPCRTP => service removed successfully.
TAOAccelerator => service removed successfully.
TAOKernelDriver => Unable to stop service.
TAOKernelDriver => service removed successfully.
TFsFlt => Unable to stop service.
TFsFlt => service removed successfully.
TSDefenseBt => Service stopped successfully.
TSDefenseBt => service removed successfully.
TsFltMgr => Unable to stop service.
TsFltMgr => service removed successfully.
catchme => service removed successfully.
QMIEProtect => service removed successfully.
QMUdisk => service removed successfully.
QQSysMon => service removed successfully.
TS888 => service removed successfully.
TSKSP => service removed successfully.
C:\TDSSKiller.3.1.0.9_19.01.2016_10.41.50_log.txt => moved successfully
C:\TDSSKiller.3.1.0.9_19.01.2016_10.26.43_log.txt => moved successfully
C:\Users\Admin\Desktop\tdsskiller.exe => moved successfully
C:\Windows\system32\Drivers\TS888.sys => moved successfully
"C:\Program Files\Common Files\Tencent" folder move:
Could not move "C:\Program Files\Common Files\Tencent" => Scheduled to move on reboot.
C:\Windows\system32\Drivers\TAOAccelerator.sys => moved successfully
C:\Windows\system32\Drivers\TSDefenseBt.sys => moved successfully
C:\Windows\system32\TSSK.sys => moved successfully
C:\Windows\system32\Drivers\TFsFlt.sys => moved successfully
C:\Windows\system32\Drivers\TsFltMgr.sys => moved successfully
C:\Users\Admin\AppData\Roaming\Tencent => moved successfully
"C:\ProgramData\Tencent" folder move:
Could not move "C:\ProgramData\Tencent" => Scheduled to move on reboot.
C:\Program Files\Tencent => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCAABB41-F50C-4E68-920D-AEC7444F4E5F} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA3AFEF5-4F1A-4CFA-AE56-A01212DAAB40} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18596595-332B-4B6E-8E42-23D981DA6ED7} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A8ECF40-1347-496B-ACE3-4CEAF81C4E78} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F9387D8-9E7C-4E37-BB74-95CE16422EC2} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4E1D00D-0CA9-4F78-9CCB-2B26632D4D79} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50EE6D45-21DE-4C69-A786-79E4EAA21304} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7173513-1BFA-4BDC-B347-55B9E753E215} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98CA7743-87EF-4176-A3EF-DC21A6403431} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5DE74F0F-69DF-4C1E-9A8C-572F53C6945C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3BD2723-70CD-4CF5-B9BC-1750BA0CEE2A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F625550-B7A5-408D-84FD-EA4BC286992B} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE59776F-C31A-456F-809C-1B4654FDFB56} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67C122E8-58E6-4729-B17F-ECA00B9F219F} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB632625-2A8C-4CF9-B695-AC84F84FB302} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{567A7B09-4FCD-45CB-BF20-14E73300E873} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69C780B9-9C4F-4888-A8EE-F20F190A11AE} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA69ABEC-923F-4792-8BE3-76927E0EE8FB} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4867DAFC-4BDA-4E23-8F41-F76CF69B3401} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46D96218-CBF0-4628-894E-4D21D043C97B} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA3B4C84-B956-41BB-8574-6559583A82BD} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{422B7DB1-27DF-4649-A421-C0A9C7C7318A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6431FEC0-604E-4C77-8D46-E9D81908087C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11FA4B84-5716-423D-B271-C12858A68960} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E27F1234-8C99-4395-A59A-2EEAE0422AE9} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5430EA38-D82A-4AD8-AB1D-1B3D80B12459} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3842E703-9F1D-4EF1-A240-11D8F03491A8} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3808C82-43DE-4571-A111-A417A756173F} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF9B8E97-7B09-4D31-B166-9C5EF19B4435} => value removed successfully.
"C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\sqlite.dll" => not found.
"C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\tinyxml.dll" => not found.
"C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\zlib.dll" => not found.
EmptyTemp: => 609.7 MB temporary data Removed.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-19 09:45:33)
C:\Program Files\Common Files\Tencent => is moved successfully
C:\ProgramData\Tencent => is moved successfully
==== End of Fixlog 09:45:33 ====
Fix result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by Admin (2016-01-19 10:43:26) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
(Tencent) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe [301728 2016-01-19] (Tencent)
S3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator.sys [82008 2016-01-19] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel.sys [138552 2016-01-19] (Tencent Technology(Shenzhen) Company Limited)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [150072 2016-01-19] (????)
R1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [14008 2016-01-19] (Tencent)
R0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [128280 2016-01-14] (????)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
S1 QMIEProtect; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMIEProtect.sys [X]
S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUdisk.sys [X]
S2 QQSysMon; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQSysMon.sys [X]
S3 TS888; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TS888.sys [X]
S1 TSKSP; \??\C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TSKsp.sys [X]
2016-01-19 10:41 - 2016-01-19 10:43 - 00189298 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_10.41.50_log.txt
2016-01-19 10:26 - 2016-01-19 10:41 - 00196656 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_10.26.43_log.txt
2016-01-19 10:22 - 2016-01-19 10:23 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe
2016-01-19 09:46 - 2016-01-19 09:45 - 00030392 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys
2016-01-19 09:45 - 2016-01-19 10:02 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-01-19 09:45 - 2016-01-19 09:18 - 00082008 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator.sys
2016-01-19 09:21 - 2016-01-19 09:18 - 00014008 ____N (Tencent) C:\Windows\system32\Drivers\TSDefenseBt.sys
2016-01-19 09:20 - 2015-12-28 16:38 - 00074040 ____N (????) C:\Windows\system32\TSSK.sys
2016-01-19 09:19 - 2016-01-19 09:18 - 00150072 ____N (????) C:\Windows\system32\Drivers\TFsFlt.sys
2016-01-19 09:19 - 2016-01-14 10:47 - 00128280 ____N (????) C:\Windows\system32\Drivers\TsFltMgr.sys
2016-01-19 09:16 - 2016-01-19 09:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Tencent
2016-01-19 09:16 - 2016-01-19 09:53 - 00000000 ____D C:\ProgramData\Tencent
2016-01-19 09:16 - 2016-01-19 09:16 - 00000000 ____D C:\Program Files\Tencent
2016-01-19 09:14 - 2016-01-19 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ
FirewallRules: [{CCAABB41-F50C-4E68-920D-AEC7444F4E5F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{EA3AFEF5-4F1A-4CFA-AE56-A01212DAAB40}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCmgrInstallGuide.exe
FirewallRules: [{18596595-332B-4B6E-8E42-23D981DA6ED7}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{4A8ECF40-1347-496B-ACE3-4CEAF81C4E78}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
FirewallRules: [{9F9387D8-9E7C-4E37-BB74-95CE16422EC2}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCMgr.exe
FirewallRules: [{E4E1D00D-0CA9-4F78-9CCB-2B26632D4D79}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
FirewallRules: [{50EE6D45-21DE-4C69-A786-79E4EAA21304}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMDL.exe
FirewallRules: [{C7173513-1BFA-4BDC-B347-55B9E753E215}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\bugreport.exe
FirewallRules: [{98CA7743-87EF-4176-A3EF-DC21A6403431}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCFileOpen.exe
FirewallRules: [{5DE74F0F-69DF-4C1E-9A8C-572F53C6945C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLeakScan.exe
FirewallRules: [{D3BD2723-70CD-4CF5-B9BC-1750BA0CEE2A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPConfig.exe
FirewallRules: [{6F625550-B7A5-408D-84FD-EA4BC286992B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftMgr.exe
FirewallRules: [{EE59776F-C31A-456F-809C-1B4654FDFB56}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{67C122E8-58E6-4729-B17F-ECA00B9F219F}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCBTU.exe
FirewallRules: [{AB632625-2A8C-4CF9-B695-AC84F84FB302}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCClinic.exe
FirewallRules: [{567A7B09-4FCD-45CB-BF20-14E73300E873}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLaunch.exe
FirewallRules: [{69C780B9-9C4F-4888-A8EE-F20F190A11AE}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{DA69ABEC-923F-4792-8BE3-76927E0EE8FB}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftGame.exe
FirewallRules: [{4867DAFC-4BDA-4E23-8F41-F76CF69B3401}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSysOptimize.exe
FirewallRules: [{46D96218-CBF0-4628-894E-4D21D043C97B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCUpdateAVLib.exe
FirewallRules: [{AA3B4C84-B956-41BB-8574-6559583A82BD}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQRepair.exe
FirewallRules: [{422B7DB1-27DF-4649-A421-C0A9C7C7318A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\Uninst.exe
FirewallRules: [{6431FEC0-604E-4C77-8D46-E9D81908087C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCPatch.exe
FirewallRules: [{11FA4B84-5716-423D-B271-C12858A68960}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TpkUpdate.exe
FirewallRules: [{E27F1234-8C99-4395-A59A-2EEAE0422AE9}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMRouterMgr.exe
FirewallRules: [{5430EA38-D82A-4AD8-AB1D-1B3D80B12459}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAccountProtection.exe
FirewallRules: [{3842E703-9F1D-4EF1-A240-11D8F03491A8}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAdBlock.exe
FirewallRules: [{D3808C82-43DE-4571-A111-A417A756173F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{DF9B8E97-7B09-4D31-B166-9C5EF19B4435}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
2016-01-19 09:18 - 2016-01-19 09:18 - 00481632 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\sqlite.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00100704 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\tinyxml.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00088416 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\zlib.dll
EmptyTemp:
Reboot:
End
*****************
C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
[748] C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe => process closed successfully.
QQPCRTP => Service stopped successfully.
QQPCRTP => service removed successfully.
TAOAccelerator => service removed successfully.
TAOKernelDriver => Unable to stop service.
TAOKernelDriver => service removed successfully.
TFsFlt => Unable to stop service.
TFsFlt => service removed successfully.
TSDefenseBt => Service stopped successfully.
TSDefenseBt => service removed successfully.
TsFltMgr => Unable to stop service.
TsFltMgr => service removed successfully.
catchme => service removed successfully.
QMIEProtect => service removed successfully.
QMUdisk => service removed successfully.
QQSysMon => service removed successfully.
TS888 => service removed successfully.
TSKSP => service removed successfully.
C:\TDSSKiller.3.1.0.9_19.01.2016_10.41.50_log.txt => moved successfully
C:\TDSSKiller.3.1.0.9_19.01.2016_10.26.43_log.txt => moved successfully
C:\Users\Admin\Desktop\tdsskiller.exe => moved successfully
C:\Windows\system32\Drivers\TS888.sys => moved successfully
"C:\Program Files\Common Files\Tencent" folder move:
Could not move "C:\Program Files\Common Files\Tencent" => Scheduled to move on reboot.
C:\Windows\system32\Drivers\TAOAccelerator.sys => moved successfully
C:\Windows\system32\Drivers\TSDefenseBt.sys => moved successfully
C:\Windows\system32\TSSK.sys => moved successfully
C:\Windows\system32\Drivers\TFsFlt.sys => moved successfully
C:\Windows\system32\Drivers\TsFltMgr.sys => moved successfully
C:\Users\Admin\AppData\Roaming\Tencent => moved successfully
"C:\ProgramData\Tencent" folder move:
Could not move "C:\ProgramData\Tencent" => Scheduled to move on reboot.
C:\Program Files\Tencent => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCAABB41-F50C-4E68-920D-AEC7444F4E5F} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA3AFEF5-4F1A-4CFA-AE56-A01212DAAB40} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18596595-332B-4B6E-8E42-23D981DA6ED7} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A8ECF40-1347-496B-ACE3-4CEAF81C4E78} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F9387D8-9E7C-4E37-BB74-95CE16422EC2} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4E1D00D-0CA9-4F78-9CCB-2B26632D4D79} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50EE6D45-21DE-4C69-A786-79E4EAA21304} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7173513-1BFA-4BDC-B347-55B9E753E215} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98CA7743-87EF-4176-A3EF-DC21A6403431} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5DE74F0F-69DF-4C1E-9A8C-572F53C6945C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3BD2723-70CD-4CF5-B9BC-1750BA0CEE2A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F625550-B7A5-408D-84FD-EA4BC286992B} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE59776F-C31A-456F-809C-1B4654FDFB56} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67C122E8-58E6-4729-B17F-ECA00B9F219F} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB632625-2A8C-4CF9-B695-AC84F84FB302} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{567A7B09-4FCD-45CB-BF20-14E73300E873} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69C780B9-9C4F-4888-A8EE-F20F190A11AE} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA69ABEC-923F-4792-8BE3-76927E0EE8FB} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4867DAFC-4BDA-4E23-8F41-F76CF69B3401} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46D96218-CBF0-4628-894E-4D21D043C97B} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA3B4C84-B956-41BB-8574-6559583A82BD} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{422B7DB1-27DF-4649-A421-C0A9C7C7318A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6431FEC0-604E-4C77-8D46-E9D81908087C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11FA4B84-5716-423D-B271-C12858A68960} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E27F1234-8C99-4395-A59A-2EEAE0422AE9} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5430EA38-D82A-4AD8-AB1D-1B3D80B12459} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3842E703-9F1D-4EF1-A240-11D8F03491A8} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3808C82-43DE-4571-A111-A417A756173F} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF9B8E97-7B09-4D31-B166-9C5EF19B4435} => value removed successfully.
"C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\sqlite.dll" => not found.
"C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\tinyxml.dll" => not found.
"C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\zlib.dll" => not found.
EmptyTemp: => 609.7 MB temporary data Removed.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-19 09:45:33)
C:\Program Files\Common Files\Tencent => is moved successfully
C:\ProgramData\Tencent => is moved successfully
==== End of Fixlog 09:45:33 ====
Re: kontrla
myslim, ze dobra vec sa podarila
vycisti PC s CCleanerom - hlavne registre a restart PC
potom vloz nove logy FRST - oba logy
vycisti PC s CCleanerom - hlavne registre a restart PC
potom vloz nove logy FRST - oba logy
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: kontrla
tk tady to je:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-01-2016
Ran by Admin (administrator) on ADMINHPC-PC (19-01-2016 09:46:11)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.67.64.2
Tcpip\..\Interfaces\{3848C8C6-C7B8-4D89-BA09-5D7FDD654453}: [DhcpNameServer] 212.67.64.2
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-21]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-19 10:15 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-19 10:15 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-19 10:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-19 10:14 - 2016-01-19 09:47 - 00000000 ____D C:\Qoobox
2016-01-19 10:13 - 2016-01-19 10:33 - 00000000 ____D C:\Windows\erdnt
2016-01-19 10:12 - 2016-01-19 10:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2016-01-19 10:12 - 2016-01-19 10:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-19 10:12 - 2016-01-19 10:12 - 05650673 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2016-01-19 10:07 - 2016-01-19 10:07 - 00000000 ____D C:\ProgramData\TXQMPC
2016-01-19 10:01 - 2016-01-19 10:02 - 00022331 _____ C:\Users\Admin\Desktop\Addition.txt
2016-01-19 09:59 - 2016-01-19 09:59 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-19 09:58 - 2016-01-19 10:02 - 00000000 ____D C:\AdwCleaner
2016-01-19 09:58 - 2016-01-19 09:58 - 01505280 _____ C:\Users\Admin\Desktop\adwcleaner_5.030.exe
2016-01-19 09:58 - 2016-01-19 09:58 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-19 09:58 - 2016-01-19 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-19 09:58 - 2016-01-19 09:58 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-19 09:58 - 2016-01-19 09:46 - 00000000 ____D C:\FRST
2016-01-19 09:58 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-19 09:58 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-19 09:58 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-19 09:57 - 2016-01-19 09:58 - 01721856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2016-01-19 09:56 - 2016-01-19 09:56 - 01107968 _____ C:\Users\Admin\Desktop\RSIT.exe
2016-01-19 09:56 - 2016-01-19 09:56 - 00000000 ____D C:\rsit
2016-01-19 09:56 - 2016-01-19 09:56 - 00000000 ____D C:\Program Files\trend micro
2016-01-19 09:47 - 2016-01-19 09:49 - 00194326 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_09.47.56_log.txt
2016-01-19 09:47 - 2016-01-19 09:18 - 00138552 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel.sys
2016-01-19 09:46 - 2016-01-19 09:51 - 00000000 ___SD C:\ComboFix
2016-01-19 09:46 - 2016-01-19 09:46 - 00007837 _____ C:\Users\Admin\Desktop\FRST.txt
2016-01-19 09:14 - 2016-01-19 09:14 - 00000000 ____D C:\Program Files\t_201601190914
2016-01-19 09:14 - 2016-01-19 09:09 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-19 09:08 - 2016-01-19 09:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2016-01-19 09:08 - 2016-01-19 09:50 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
2016-01-19 09:06 - 2016-01-19 09:50 - 00000000 ____D C:\Program Files\Opera
2016-01-19 09:06 - 2016-01-19 09:06 - 00000000 __RSH C:\MSDOS.SYS
2016-01-19 09:06 - 2016-01-19 09:06 - 00000000 __RSH C:\IO.SYS
2016-01-19 09:05 - 2016-01-19 09:05 - 00000000 ____D C:\Program Files\Company
2016-01-18 12:21 - 2016-01-18 12:21 - 00386442 _____ C:\Users\Admin\Desktop\Doklad_157607802N.pdf
2016-01-18 12:20 - 2016-01-18 12:20 - 00386283 _____ C:\Users\Admin\Desktop\Doklad_157607847N.pdf
2016-01-11 12:53 - 2016-01-11 12:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\29669
2016-01-11 12:46 - 2016-01-11 12:46 - 00000000 ____D C:\e0e7bd8d32d602af25
2016-01-11 12:44 - 2016-01-11 12:53 - 00000000 ____D C:\Users\Admin\Documents\DVDFab9
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-09-15 08:44 - 2014-01-13 12:07 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2016-01-19 10:32 - 2014-08-14 07:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-19 10:32 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2016-01-19 09:52 - 2015-01-22 09:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2016-01-19 09:51 - 2014-01-13 12:07 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-19 09:51 - 2009-07-14 05:34 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-19 09:51 - 2009-07-14 05:34 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-19 09:49 - 2010-11-20 22:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-19 09:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-01-19 09:47 - 2014-01-14 08:22 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-19 09:47 - 2014-01-13 09:10 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-01-19 09:47 - 2014-01-13 09:07 - 00001389 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-19 09:47 - 2014-01-13 09:04 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-01-19 09:47 - 2014-01-13 09:04 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-01-19 09:47 - 2009-07-14 05:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-19 09:47 - 2009-07-14 05:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-01-19 09:47 - 2009-07-14 05:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-01-19 09:47 - 2009-07-14 05:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-01-19 09:46 - 2015-03-04 09:32 - 00000974 _____ C:\Users\Admin\Desktop\PSPad.lnk
2016-01-19 09:46 - 2014-11-24 08:54 - 00002625 _____ C:\Users\Public\Desktop\Flash Drive Tester v1.14.lnk
2016-01-19 09:46 - 2014-10-15 11:09 - 00001215 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2016-01-19 09:46 - 2009-07-14 05:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-01-19 09:46 - 2009-07-14 05:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-01-19 09:45 - 2015-03-27 09:29 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-19 09:45 - 2009-07-14 05:33 - 00340000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-19 09:44 - 2014-01-13 12:07 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-19 09:44 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-19 09:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system
2016-01-19 09:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2016-01-19 09:37 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-19 09:28 - 2014-01-13 09:10 - 00085360 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-19 09:21 - 2014-01-13 09:07 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2016-01-19 09:10 - 2014-01-13 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-14 08:32 - 2014-08-14 07:30 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-14 08:32 - 2014-08-14 07:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-14 08:19 - 2014-01-14 08:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2016-01-14 07:39 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-07 10:02
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by Admin (2016-01-19 10:01:20)
Running from C:\Users\Admin\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2014-01-13 08:07:28)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-1309902909-742908279-1553088342-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1309902909-742908279-1553088342-500 - Administrator - Disabled)
Guest (S-1-5-21-1309902909-742908279-1553088342-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Out of date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: 电脑管家系统防护 (Enabled - Out of date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AS: Microsoft Security Essentials (Enabled - Out of date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Out of date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Flash Drive Tester v1.14 (HKLM\...\{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console)
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LiveUSB Creator (remove only) (HKLM\...\LiveUSB Creator) (Version: - )
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
PSPad editor (HKLM\...\PSPad editor_is1) (Version: 4.5.8.2500 - Jan Fiala)
SeaTools for Windows (HKLM\...\SeaTools for Windows) (Version: - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Universal Extractor 1.6.1 (HKLM\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1309902909-742908279-1553088342-1000_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files\PSPad editor\pspshellx32.dll ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {38F4D6FF-6699-4F8C-81D9-B952D6F02024} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-14] (Google Inc.)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {D1D2A81F-07EE-4939-B584-AF8B84B38C76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-14] (Google Inc.)
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {DDAD60D6-703A-4FF5-819C-7CD005F20F96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-14] (Adobe Systems Incorporated)
Task: {F0B0AA43-B8AF-47A7-AB69-DFB2DB6C1F3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-01-19 09:18 - 2016-01-19 09:18 - 00481632 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\sqlite.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00100704 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\tinyxml.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00088416 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\zlib.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-04 09:32 - 2014-11-02 17:44 - 00027136 _____ () C:\Program Files\PSPad editor\pspshellx32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2016-01-19 09:09 - 00000967 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.67.64.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: QQPCTray => "C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe" /regrun
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1418377822
MSCONFIG\startupreg: gupdate => C:\Program Files\Company\gupdate\gupdate.exe
MSCONFIG\startupreg: lsas => C:\Program Files\t_201601190914\201601190914\lsas.exe -mini
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A3B1FC5E-EE38-413A-8C2F-CFC016B655F0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{5B79C527-7544-4B80-A611-9DC3D58B93EB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{CCAABB41-F50C-4E68-920D-AEC7444F4E5F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{EA3AFEF5-4F1A-4CFA-AE56-A01212DAAB40}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCmgrInstallGuide.exe
FirewallRules: [{18596595-332B-4B6E-8E42-23D981DA6ED7}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{4A8ECF40-1347-496B-ACE3-4CEAF81C4E78}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
FirewallRules: [{9F9387D8-9E7C-4E37-BB74-95CE16422EC2}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCMgr.exe
FirewallRules: [{E4E1D00D-0CA9-4F78-9CCB-2B26632D4D79}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
FirewallRules: [{50EE6D45-21DE-4C69-A786-79E4EAA21304}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMDL.exe
FirewallRules: [{C7173513-1BFA-4BDC-B347-55B9E753E215}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\bugreport.exe
FirewallRules: [{98CA7743-87EF-4176-A3EF-DC21A6403431}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCFileOpen.exe
FirewallRules: [{5DE74F0F-69DF-4C1E-9A8C-572F53C6945C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLeakScan.exe
FirewallRules: [{D3BD2723-70CD-4CF5-B9BC-1750BA0CEE2A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPConfig.exe
FirewallRules: [{6F625550-B7A5-408D-84FD-EA4BC286992B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftMgr.exe
FirewallRules: [{EE59776F-C31A-456F-809C-1B4654FDFB56}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{67C122E8-58E6-4729-B17F-ECA00B9F219F}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCBTU.exe
FirewallRules: [{AB632625-2A8C-4CF9-B695-AC84F84FB302}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCClinic.exe
FirewallRules: [{567A7B09-4FCD-45CB-BF20-14E73300E873}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLaunch.exe
FirewallRules: [{69C780B9-9C4F-4888-A8EE-F20F190A11AE}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{DA69ABEC-923F-4792-8BE3-76927E0EE8FB}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftGame.exe
FirewallRules: [{4867DAFC-4BDA-4E23-8F41-F76CF69B3401}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSysOptimize.exe
FirewallRules: [{46D96218-CBF0-4628-894E-4D21D043C97B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCUpdateAVLib.exe
FirewallRules: [{AA3B4C84-B956-41BB-8574-6559583A82BD}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQRepair.exe
FirewallRules: [{422B7DB1-27DF-4649-A421-C0A9C7C7318A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\Uninst.exe
FirewallRules: [{6431FEC0-604E-4C77-8D46-E9D81908087C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCPatch.exe
FirewallRules: [{11FA4B84-5716-423D-B271-C12858A68960}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TpkUpdate.exe
FirewallRules: [{E27F1234-8C99-4395-A59A-2EEAE0422AE9}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMRouterMgr.exe
FirewallRules: [{5430EA38-D82A-4AD8-AB1D-1B3D80B12459}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAccountProtection.exe
FirewallRules: [{3842E703-9F1D-4EF1-A240-11D8F03491A8}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAdBlock.exe
FirewallRules: [{D3808C82-43DE-4571-A111-A417A756173F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{DF9B8E97-7B09-4D31-B166-9C5EF19B4435}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
==================== Restore Points =========================
19-11-2015 10:02:36 Windows Update
07-12-2015 08:33:43 Windows Update
11-01-2016 12:48:43 Windows Update
18-01-2016 12:10:01 Windows Update
==================== Faulty Device Manager Devices =============
Name: tencent QMIEProtect
Description: tencent QMIEProtect
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QMIEProtect
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: tencent QMUdisk
Description: tencent QMUdisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QMUdisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: TSKsp
Description: TSKsp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: TSKSP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/19/2016 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 10:07:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_5.030.exe version 5.0.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 168
Start Time: 01d152979019e840
Termination Time: 46047
Application Path: C:\Users\Admin\Desktop\adwcleaner_5.030.exe
Report Id: df854606-be8b-11e5-aba4-001635a1ef37
Error: (01/19/2016 09:46:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:45:18 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/19/2016 09:45:18 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/19/2016 09:45:18 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (01/19/2016 09:44:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMon service failed to start due to the following error:
%%2
Error: (01/19/2016 09:44:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMon service failed to start due to the following error:
%%2
Error: (01/19/2016 09:50:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 09:44:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMon service failed to start due to the following error:
%%2
Error: (01/19/2016 10:32:05 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 10:25:46 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 10:19:15 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 10:02:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/19/2016 10:02:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/19/2016 10:02:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 67%
Total physical RAM: 1015.43 MB
Available physical RAM: 332 MB
Total Virtual: 2039.43 MB
Available Virtual: 1280.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.43 GB) (Free:49.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 9D429D42)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-01-2016
Ran by Admin (administrator) on ADMINHPC-PC (19-01-2016 09:46:11)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.67.64.2
Tcpip\..\Interfaces\{3848C8C6-C7B8-4D89-BA09-5D7FDD654453}: [DhcpNameServer] 212.67.64.2
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-21]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-19 10:15 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-19 10:15 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-19 10:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-19 10:15 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-19 10:14 - 2016-01-19 09:47 - 00000000 ____D C:\Qoobox
2016-01-19 10:13 - 2016-01-19 10:33 - 00000000 ____D C:\Windows\erdnt
2016-01-19 10:12 - 2016-01-19 10:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2016-01-19 10:12 - 2016-01-19 10:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-19 10:12 - 2016-01-19 10:12 - 05650673 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2016-01-19 10:07 - 2016-01-19 10:07 - 00000000 ____D C:\ProgramData\TXQMPC
2016-01-19 10:01 - 2016-01-19 10:02 - 00022331 _____ C:\Users\Admin\Desktop\Addition.txt
2016-01-19 09:59 - 2016-01-19 09:59 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-19 09:58 - 2016-01-19 10:02 - 00000000 ____D C:\AdwCleaner
2016-01-19 09:58 - 2016-01-19 09:58 - 01505280 _____ C:\Users\Admin\Desktop\adwcleaner_5.030.exe
2016-01-19 09:58 - 2016-01-19 09:58 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-19 09:58 - 2016-01-19 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-19 09:58 - 2016-01-19 09:58 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-19 09:58 - 2016-01-19 09:46 - 00000000 ____D C:\FRST
2016-01-19 09:58 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-19 09:58 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-19 09:58 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-19 09:57 - 2016-01-19 09:58 - 01721856 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2016-01-19 09:56 - 2016-01-19 09:56 - 01107968 _____ C:\Users\Admin\Desktop\RSIT.exe
2016-01-19 09:56 - 2016-01-19 09:56 - 00000000 ____D C:\rsit
2016-01-19 09:56 - 2016-01-19 09:56 - 00000000 ____D C:\Program Files\trend micro
2016-01-19 09:47 - 2016-01-19 09:49 - 00194326 _____ C:\TDSSKiller.3.1.0.9_19.01.2016_09.47.56_log.txt
2016-01-19 09:47 - 2016-01-19 09:18 - 00138552 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel.sys
2016-01-19 09:46 - 2016-01-19 09:51 - 00000000 ___SD C:\ComboFix
2016-01-19 09:46 - 2016-01-19 09:46 - 00007837 _____ C:\Users\Admin\Desktop\FRST.txt
2016-01-19 09:14 - 2016-01-19 09:14 - 00000000 ____D C:\Program Files\t_201601190914
2016-01-19 09:14 - 2016-01-19 09:09 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-19 09:08 - 2016-01-19 09:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2016-01-19 09:08 - 2016-01-19 09:50 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
2016-01-19 09:06 - 2016-01-19 09:50 - 00000000 ____D C:\Program Files\Opera
2016-01-19 09:06 - 2016-01-19 09:06 - 00000000 __RSH C:\MSDOS.SYS
2016-01-19 09:06 - 2016-01-19 09:06 - 00000000 __RSH C:\IO.SYS
2016-01-19 09:05 - 2016-01-19 09:05 - 00000000 ____D C:\Program Files\Company
2016-01-18 12:21 - 2016-01-18 12:21 - 00386442 _____ C:\Users\Admin\Desktop\Doklad_157607802N.pdf
2016-01-18 12:20 - 2016-01-18 12:20 - 00386283 _____ C:\Users\Admin\Desktop\Doklad_157607847N.pdf
2016-01-11 12:53 - 2016-01-11 12:53 - 00000000 ____D C:\Users\Admin\AppData\Roaming\29669
2016-01-11 12:46 - 2016-01-11 12:46 - 00000000 ____D C:\e0e7bd8d32d602af25
2016-01-11 12:44 - 2016-01-11 12:53 - 00000000 ____D C:\Users\Admin\Documents\DVDFab9
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-09-15 08:44 - 2014-01-13 12:07 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2016-01-19 10:32 - 2014-08-14 07:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-19 10:32 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2016-01-19 09:52 - 2015-01-22 09:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2016-01-19 09:51 - 2014-01-13 12:07 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-19 09:51 - 2009-07-14 05:34 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-19 09:51 - 2009-07-14 05:34 - 00022224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-19 09:49 - 2010-11-20 22:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-19 09:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-01-19 09:47 - 2014-01-14 08:22 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-19 09:47 - 2014-01-13 09:10 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-01-19 09:47 - 2014-01-13 09:07 - 00001389 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-19 09:47 - 2014-01-13 09:04 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-01-19 09:47 - 2014-01-13 09:04 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-01-19 09:47 - 2009-07-14 05:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-19 09:47 - 2009-07-14 05:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-01-19 09:47 - 2009-07-14 05:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-01-19 09:47 - 2009-07-14 05:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-01-19 09:46 - 2015-03-04 09:32 - 00000974 _____ C:\Users\Admin\Desktop\PSPad.lnk
2016-01-19 09:46 - 2014-11-24 08:54 - 00002625 _____ C:\Users\Public\Desktop\Flash Drive Tester v1.14.lnk
2016-01-19 09:46 - 2014-10-15 11:09 - 00001215 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2016-01-19 09:46 - 2009-07-14 05:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-01-19 09:46 - 2009-07-14 05:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-01-19 09:45 - 2015-03-27 09:29 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-19 09:45 - 2009-07-14 05:33 - 00340000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-19 09:44 - 2014-01-13 12:07 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-19 09:44 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-19 09:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system
2016-01-19 09:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2016-01-19 09:37 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-19 09:28 - 2014-01-13 09:10 - 00085360 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-19 09:21 - 2014-01-13 09:07 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2016-01-19 09:10 - 2014-01-13 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-14 08:32 - 2014-08-14 07:30 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-14 08:32 - 2014-08-14 07:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-14 08:19 - 2014-01-14 08:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2016-01-14 07:39 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-07 10:02
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by Admin (2016-01-19 10:01:20)
Running from C:\Users\Admin\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2014-01-13 08:07:28)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-1309902909-742908279-1553088342-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1309902909-742908279-1553088342-500 - Administrator - Disabled)
Guest (S-1-5-21-1309902909-742908279-1553088342-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Out of date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: 电脑管家系统防护 (Enabled - Out of date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AS: Microsoft Security Essentials (Enabled - Out of date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Out of date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Flash Drive Tester v1.14 (HKLM\...\{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console)
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LiveUSB Creator (remove only) (HKLM\...\LiveUSB Creator) (Version: - )
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
PSPad editor (HKLM\...\PSPad editor_is1) (Version: 4.5.8.2500 - Jan Fiala)
SeaTools for Windows (HKLM\...\SeaTools for Windows) (Version: - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Universal Extractor 1.6.1 (HKLM\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1309902909-742908279-1553088342-1000_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files\PSPad editor\pspshellx32.dll ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {38F4D6FF-6699-4F8C-81D9-B952D6F02024} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-14] (Google Inc.)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {D1D2A81F-07EE-4939-B584-AF8B84B38C76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-14] (Google Inc.)
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {DDAD60D6-703A-4FF5-819C-7CD005F20F96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-14] (Adobe Systems Incorporated)
Task: {F0B0AA43-B8AF-47A7-AB69-DFB2DB6C1F3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-01-19 09:18 - 2016-01-19 09:18 - 00481632 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\sqlite.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00100704 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\tinyxml.dll
2016-01-19 09:18 - 2016-01-19 09:18 - 00088416 ____N () C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\zlib.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-04 09:32 - 2014-11-02 17:44 - 00027136 _____ () C:\Program Files\PSPad editor\pspshellx32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2016-01-19 09:09 - 00000967 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1309902909-742908279-1553088342-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.67.64.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: QQPCTray => "C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe" /regrun
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1418377822
MSCONFIG\startupreg: gupdate => C:\Program Files\Company\gupdate\gupdate.exe
MSCONFIG\startupreg: lsas => C:\Program Files\t_201601190914\201601190914\lsas.exe -mini
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A3B1FC5E-EE38-413A-8C2F-CFC016B655F0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{5B79C527-7544-4B80-A611-9DC3D58B93EB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{CCAABB41-F50C-4E68-920D-AEC7444F4E5F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{EA3AFEF5-4F1A-4CFA-AE56-A01212DAAB40}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCmgrInstallGuide.exe
FirewallRules: [{18596595-332B-4B6E-8E42-23D981DA6ED7}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{4A8ECF40-1347-496B-ACE3-4CEAF81C4E78}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
FirewallRules: [{9F9387D8-9E7C-4E37-BB74-95CE16422EC2}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCMgr.exe
FirewallRules: [{E4E1D00D-0CA9-4F78-9CCB-2B26632D4D79}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
FirewallRules: [{50EE6D45-21DE-4C69-A786-79E4EAA21304}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMDL.exe
FirewallRules: [{C7173513-1BFA-4BDC-B347-55B9E753E215}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\bugreport.exe
FirewallRules: [{98CA7743-87EF-4176-A3EF-DC21A6403431}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCFileOpen.exe
FirewallRules: [{5DE74F0F-69DF-4C1E-9A8C-572F53C6945C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLeakScan.exe
FirewallRules: [{D3BD2723-70CD-4CF5-B9BC-1750BA0CEE2A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPConfig.exe
FirewallRules: [{6F625550-B7A5-408D-84FD-EA4BC286992B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftMgr.exe
FirewallRules: [{EE59776F-C31A-456F-809C-1B4654FDFB56}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{67C122E8-58E6-4729-B17F-ECA00B9F219F}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCBTU.exe
FirewallRules: [{AB632625-2A8C-4CF9-B695-AC84F84FB302}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCClinic.exe
FirewallRules: [{567A7B09-4FCD-45CB-BF20-14E73300E873}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCLaunch.exe
FirewallRules: [{69C780B9-9C4F-4888-A8EE-F20F190A11AE}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{DA69ABEC-923F-4792-8BE3-76927E0EE8FB}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSoftGame.exe
FirewallRules: [{4867DAFC-4BDA-4E23-8F41-F76CF69B3401}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCSysOptimize.exe
FirewallRules: [{46D96218-CBF0-4628-894E-4D21D043C97B}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCUpdateAVLib.exe
FirewallRules: [{AA3B4C84-B956-41BB-8574-6559583A82BD}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQRepair.exe
FirewallRules: [{422B7DB1-27DF-4649-A421-C0A9C7C7318A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\Uninst.exe
FirewallRules: [{6431FEC0-604E-4C77-8D46-E9D81908087C}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QQPCPatch.exe
FirewallRules: [{11FA4B84-5716-423D-B271-C12858A68960}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\TpkUpdate.exe
FirewallRules: [{E27F1234-8C99-4395-A59A-2EEAE0422AE9}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMRouterMgr.exe
FirewallRules: [{5430EA38-D82A-4AD8-AB1D-1B3D80B12459}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAccountProtection.exe
FirewallRules: [{3842E703-9F1D-4EF1-A240-11D8F03491A8}] => (Allow) C:\Program Files\Tencent\QQPCMgr\10.11.16575.227\QMAdBlock.exe
FirewallRules: [{D3808C82-43DE-4571-A111-A417A756173F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{DF9B8E97-7B09-4D31-B166-9C5EF19B4435}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
==================== Restore Points =========================
19-11-2015 10:02:36 Windows Update
07-12-2015 08:33:43 Windows Update
11-01-2016 12:48:43 Windows Update
18-01-2016 12:10:01 Windows Update
==================== Faulty Device Manager Devices =============
Name: tencent QMIEProtect
Description: tencent QMIEProtect
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QMIEProtect
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: tencent QMUdisk
Description: tencent QMUdisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QMUdisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: TSKsp
Description: TSKsp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: TSKSP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/19/2016 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:46:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 10:07:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_5.030.exe version 5.0.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 168
Start Time: 01d152979019e840
Termination Time: 46047
Application Path: C:\Users\Admin\Desktop\adwcleaner_5.030.exe
Report Id: df854606-be8b-11e5-aba4-001635a1ef37
Error: (01/19/2016 09:46:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2016 09:45:18 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/19/2016 09:45:18 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/19/2016 09:45:18 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (01/19/2016 09:44:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMon service failed to start due to the following error:
%%2
Error: (01/19/2016 09:44:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMon service failed to start due to the following error:
%%2
Error: (01/19/2016 09:50:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 09:44:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQSysMon service failed to start due to the following error:
%%2
Error: (01/19/2016 10:32:05 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 10:25:46 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 10:19:15 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/19/2016 10:02:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/19/2016 10:02:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/19/2016 10:02:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 67%
Total physical RAM: 1015.43 MB
Available physical RAM: 332 MB
Total Virtual: 2039.43 MB
Available Virtual: 1280.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.43 GB) (Free:49.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 9D429D42)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Re: kontrla
otvor v notepade subor C:\Windows\system32\Drivers\etc\hosts
a ZMAZ vsetky riadky okrem toho, kde sa nachadza localhost
127.0.0.1 localhost
a ZMAZ vsetky riadky okrem toho, kde sa nachadza localhost
127.0.0.1 localhost
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?