16:21:16.0203 7912  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:21:16.0690 7912  ============================================================
16:21:16.0690 7912  Current date / time: 2017/10/09 16:21:16.0690
16:21:16.0690 7912  SystemInfo:
16:21:16.0690 7912  
16:21:16.0696 7912  OS Version: 6.2.9200 ServicePack: 0.0
16:21:16.0696 7912  Product type: Workstation
16:21:16.0696 7912  ComputerName: DESKTOP-GC77QGH
16:21:16.0696 7912  UserName: Jakub K
16:21:16.0696 7912  Windows directory: C:\WINDOWS
16:21:16.0696 7912  System windows directory: C:\WINDOWS
16:21:16.0696 7912  Running under WOW64
16:21:16.0696 7912  Processor architecture: Intel x64
16:21:16.0696 7912  Number of processors: 4
16:21:16.0696 7912  Page size: 0x1000
16:21:16.0696 7912  Boot type: Normal boot
16:21:16.0696 7912  ============================================================
16:21:17.0095 7912  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:17.0104 7912  Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:21:17.0120 7912  Drive \Device\Harddisk2\DR2 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:17.0122 7912  ============================================================
16:21:17.0122 7912  \Device\Harddisk0\DR0:
16:21:17.0124 7912  MBR partitions:
16:21:17.0124 7912  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC651C9E
16:21:17.0124 7912  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x67F05800
16:21:17.0124 7912  \Device\Harddisk1\DR1:
16:21:17.0124 7912  MBR partitions:
16:21:17.0124 7912  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384000
16:21:17.0124 7912  \Device\Harddisk2\DR2:
16:21:17.0124 7912  MBR partitions:
16:21:17.0124 7912  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7E69800
16:21:17.0124 7912  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x7E6A000, BlocksNum 0x1535A000
16:21:17.0124 7912  ============================================================
16:21:17.0178 7912  C: <-> \Device\Harddisk0\DR0\Partition1
16:21:17.0243 7912  D: <-> \Device\Harddisk0\DR0\Partition2
16:21:17.0261 7912  E: <-> \Device\Harddisk1\DR1\Partition1
16:21:17.0294 7912  F: <-> \Device\Harddisk2\DR2\Partition2
16:21:17.0295 7912  ============================================================
16:21:17.0295 7912  Initialize success
16:21:17.0295 7912  ============================================================
16:21:27.0047 8780  ============================================================
16:21:27.0047 8780  Scan started
16:21:27.0047 8780  Mode: Manual; 
16:21:27.0047 8780  ============================================================
16:21:29.0665 8780  ================ Scan system memory ========================
16:21:29.0665 8780  System memory - ok
16:21:29.0665 8780  ================ Scan services =============================
16:21:31.0243 8780  1394ohci - ok
16:21:31.0243 8780  3ware - ok
16:21:31.0290 8780  ACPI - ok
16:21:31.0306 8780  AcpiDev - ok
16:21:31.0306 8780  acpiex - ok
16:21:31.0306 8780  acpipagr - ok
16:21:31.0321 8780  AcpiPmi - ok
16:21:31.0321 8780  acpitime - ok
16:21:31.0446 8780  [ F2CEEE9ABBCEF207ACB103215AC28BC2 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:21:31.0493 8780  AdobeARMservice - ok
16:21:31.0493 8780  ADP80XX - ok
16:21:31.0509 8780  AFD - ok
16:21:31.0540 8780  ahcache - ok
16:21:31.0571 8780  AJRouter - ok
16:21:31.0587 8780  ALG - ok
16:21:31.0618 8780  AmdK8 - ok
16:21:31.0618 8780  AmdPPM - ok
16:21:31.0618 8780  amdsata - ok
16:21:31.0634 8780  amdsbs - ok
16:21:31.0634 8780  amdxata - ok
16:21:31.0649 8780  AppID - ok
16:21:31.0681 8780  AppIDSvc - ok
16:21:31.0696 8780  Appinfo - ok
16:21:31.0743 8780  applockerfltr - ok
16:21:31.0743 8780  AppMgmt - ok
16:21:31.0759 8780  AppReadiness - ok
16:21:31.0790 8780  AppVClient - ok
16:21:31.0837 8780  AppvStrm - ok
16:21:31.0868 8780  AppvVemgr - ok
16:21:31.0884 8780  AppvVfs - ok
16:21:31.0884 8780  AppXSvc - ok
16:21:31.0884 8780  arcsas - ok
16:21:31.0899 8780  AsyncMac - ok
16:21:31.0915 8780  atapi - ok
16:21:31.0946 8780  AudioEndpointBuilder - ok
16:21:31.0977 8780  Audiosrv - ok
16:21:31.0993 8780  AxInstSV - ok
16:21:32.0009 8780  b06bdrv - ok
16:21:32.0056 8780  BasicDisplay - ok
16:21:32.0087 8780  BasicRender - ok
16:21:32.0102 8780  bcmfn2 - ok
16:21:32.0134 8780  BDESVC - ok
16:21:32.0165 8780  Beep - ok
16:21:32.0306 8780  [ 9A11E8F9C71C087FCB57B48D80D3079A ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
16:21:32.0337 8780  BEService - ok
16:21:32.0399 8780  BFE - ok
16:21:32.0415 8780  BITS - ok
16:21:32.0431 8780  bowser - ok
16:21:32.0462 8780  BrokerInfrastructure - ok
16:21:32.0477 8780  Browser - ok
16:21:32.0540 8780  BthAvrcpTg - ok
16:21:32.0571 8780  BthHFEnum - ok
16:21:32.0603 8780  bthhfhid - ok
16:21:32.0634 8780  BthHFSrv - ok
16:21:32.0649 8780  BTHMODEM - ok
16:21:32.0649 8780  bthserv - ok
16:21:32.0696 8780  buttonconverter - ok
16:21:32.0712 8780  CAD - ok
16:21:32.0712 8780  CapImg - ok
16:21:32.0712 8780  cdfs - ok
16:21:32.0743 8780  CDPSvc - ok
16:21:32.0743 8780  CDPUserSvc - ok
16:21:32.0759 8780  Suspicious service (Hidden): CDPUserSvc_6813a
16:21:32.0790 8780  cdrom - ok
16:21:32.0822 8780  CertPropSvc - ok
16:21:32.0822 8780  cht4iscsi - ok
16:21:32.0875 8780  cht4vbd - ok
16:21:32.0891 8780  circlass - ok
16:21:32.0891 8780  CldFlt - ok
16:21:32.0907 8780  CLFS - ok
16:21:33.0615 8780  [ 324621BC12359511D6B24E590E6B05EE ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
16:21:33.0708 8780  ClickToRunSvc - ok
16:21:33.0740 8780  ClipSVC - ok
16:21:33.0771 8780  clreg - ok
16:21:33.0802 8780  CmBatt - ok
16:21:33.0833 8780  CNG - ok
16:21:33.0849 8780  cnghwassist - ok
16:21:34.0288 8780  CompositeBus - ok
16:21:34.0288 8780  COMSysApp - ok
16:21:34.0288 8780  condrv - ok
16:21:34.0304 8780  CoreMessagingRegistrar - ok
16:21:34.0335 8780  CryptSvc - ok
16:21:34.0366 8780  CSC - ok
16:21:34.0397 8780  CscService - ok
16:21:34.0397 8780  dam - ok
16:21:34.0429 8780  DcomLaunch - ok
16:21:34.0444 8780  defragsvc - ok
16:21:34.0444 8780  DeviceAssociationService - ok
16:21:34.0476 8780  DeviceInstall - ok
16:21:34.0491 8780  DevicesFlowUserSvc - ok
16:21:34.0491 8780  Suspicious service (Hidden): DevicesFlowUserSvc_6813a
16:21:34.0538 8780  DevQueryBroker - ok
16:21:34.0569 8780  Dfsc - ok
16:21:34.0616 8780  [ 9593475FBC857A05D93BFF4FA7323C2B ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
16:21:34.0757 8780  dg_ssudbus - ok
16:21:34.0788 8780  Dhcp - ok
16:21:34.0897 8780  diagnosticshub.standardcollector.service - ok
16:21:34.0929 8780  DiagTrack - ok
16:21:34.0944 8780  Disk - ok
16:21:34.0960 8780  DmEnrollmentSvc - ok
16:21:34.0976 8780  dmvsc - ok
16:21:34.0991 8780  dmwappushservice - ok
16:21:35.0054 8780  Dnscache - ok
16:21:35.0085 8780  dot3svc - ok
16:21:35.0101 8780  DPS - ok
16:21:35.0132 8780  drmkaud - ok
16:21:35.0147 8780  DsmSvc - ok
16:21:35.0163 8780  DsSvc - ok
16:21:35.0179 8780  DusmSvc - ok
16:21:35.0210 8780  DXGKrnl - ok
16:21:35.0226 8780  EapHost - ok
16:21:35.0226 8780  ebdrv - ok
16:21:35.0257 8780  EFS - ok
16:21:35.0272 8780  EhStorClass - ok
16:21:35.0304 8780  EhStorTcgDrv - ok
16:21:35.0319 8780  embeddedmode - ok
16:21:35.0351 8780  EntAppSvc - ok
16:21:35.0351 8780  ErrDev - ok
16:21:35.0366 8780  EventSystem - ok
16:21:35.0382 8780  exfat - ok
16:21:35.0382 8780  fastfat - ok
16:21:35.0413 8780  Fax - ok
16:21:35.0413 8780  fdc - ok
16:21:35.0429 8780  fdPHost - ok
16:21:35.0444 8780  FDResPub - ok
16:21:35.0444 8780  fhsvc - ok
16:21:35.0491 8780  FileCrypt - ok
16:21:35.0507 8780  FileInfo - ok
16:21:35.0522 8780  Filetrace - ok
16:21:35.0522 8780  flpydisk - ok
16:21:35.0538 8780  FltMgr - ok
16:21:35.0554 8780  FontCache - ok
16:21:35.0710 8780  FontCache3.0.0.0 - ok
16:21:35.0757 8780  FrameServer - ok
16:21:35.0788 8780  FsDepends - ok
16:21:35.0804 8780  Fs_Rec - ok
16:21:35.0819 8780  fvevol - ok
16:21:35.0944 8780  [ 5577F737BD004D2B340E18BB80D25881 ] GalaxyClientService C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe
16:21:35.0976 8780  GalaxyClientService - ok
16:21:36.0741 8780  [ E5092421E1DF4D13C967519126923809 ] GalaxyCommunication C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
16:21:36.0960 8780  GalaxyCommunication - ok
16:21:36.0991 8780  gencounter - ok
16:21:37.0038 8780  genericusbfn - ok
16:21:37.0038 8780  GPIOClx0101 - ok
16:21:37.0085 8780  gpsvc - ok
16:21:37.0101 8780  GpuEnergyDrv - ok
16:21:37.0163 8780  [ 88FBBB1C601A6BC42054E57C2897FA45 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:21:37.0163 8780  gupdate - ok
16:21:37.0194 8780  [ 88FBBB1C601A6BC42054E57C2897FA45 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:21:37.0194 8780  gupdatem - ok
16:21:37.0241 8780  HdAudAddService - ok
16:21:37.0288 8780  HDAudBus - ok
16:21:37.0288 8780  HidBatt - ok
16:21:37.0319 8780  HidBth - ok
16:21:37.0319 8780  hidi2c - ok
16:21:37.0355 8780  hidinterrupt - ok
16:21:37.0404 8780  HidIr - ok
16:21:37.0436 8780  hidserv - ok
16:21:37.0451 8780  HidUsb - ok
16:21:37.0498 8780  HomeGroupListener - ok
16:21:37.0514 8780  HomeGroupProvider - ok
16:21:37.0514 8780  HpSAMD - ok
16:21:37.0514 8780  HTTP - ok
16:21:37.0561 8780  HvHost - ok
16:21:37.0623 8780  hvservice - ok
16:21:37.0623 8780  hwpolicy - ok
16:21:37.0623 8780  hyperkbd - ok
16:21:37.0623 8780  i8042prt - ok
16:21:37.0639 8780  iagpio - ok
16:21:37.0639 8780  iai2c - ok
16:21:37.0654 8780  iaLPSS2i_GPIO2 - ok
16:21:37.0670 8780  iaLPSS2i_GPIO2_BXT_P - ok
16:21:37.0670 8780  iaLPSS2i_I2C - ok
16:21:37.0686 8780  iaLPSS2i_I2C_BXT_P - ok
16:21:37.0686 8780  iaLPSSi_GPIO - ok
16:21:37.0701 8780  iaLPSSi_I2C - ok
16:21:37.0701 8780  iaStorAV - ok
16:21:37.0717 8780  iaStorV - ok
16:21:37.0717 8780  ibbus - ok
16:21:37.0733 8780  icssvc - ok
16:21:37.0748 8780  IKEEXT - ok
16:21:37.0779 8780  IndirectKmd - ok
16:21:38.0205 8780  [ 7F08B78B1516626869FB44A61EFDF566 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
16:21:38.0268 8780  IntcAzAudAddService - ok
16:21:38.0299 8780  intelide - ok
16:21:38.0299 8780  intelpep - ok
16:21:38.0299 8780  intelppm - ok
16:21:38.0299 8780  iorate - ok
16:21:38.0315 8780  IpFilterDriver - ok
16:21:38.0377 8780  iphlpsvc - ok
16:21:38.0424 8780  IPMIDRV - ok
16:21:38.0424 8780  IPNAT - ok
16:21:38.0424 8780  IpxlatCfgSvc - ok
16:21:38.0424 8780  irda - ok
16:21:38.0440 8780  IRENUM - ok
16:21:38.0455 8780  irmon - ok
16:21:38.0455 8780  isapnp - ok
16:21:38.0486 8780  iScsiPrt - ok
16:21:38.0518 8780  [ 1ECC1A421B0AEBF9A6934451FBFD7848 ] ISCT            C:\WINDOWS\System32\drivers\ISCTD64.sys
16:21:38.0533 8780  ISCT - ok
16:21:38.0549 8780  kbdclass - ok
16:21:38.0580 8780  kbdhid - ok
16:21:38.0627 8780  kdnic - ok
16:21:38.0627 8780  KeyIso - ok
16:21:38.0627 8780  KSecDD - ok
16:21:38.0690 8780  KSecPkg - ok
16:21:38.0736 8780  ksthunk - ok
16:21:38.0768 8780  KtmRm - ok
16:21:38.0783 8780  LanmanServer - ok
16:21:38.0799 8780  LanmanWorkstation - ok
16:21:38.0957 8780  [ 20EE2F2ADCF8DBD091E931593F5AC268 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:21:38.0972 8780  LBTServ - ok
16:21:38.0988 8780  lfsvc - ok
16:21:39.0019 8780  [ A6F294B38F3DFB67D6B6E1D1E60A402A ] LGBusEnum       C:\WINDOWS\system32\drivers\LGBusEnum.sys
16:21:39.0035 8780  LGBusEnum - ok
16:21:39.0144 8780  [ 2D7F1C02B94D6F0F3E10107E5EA8E141 ] LGCoreTemp      C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
16:21:39.0144 8780  LGCoreTemp - ok
16:21:39.0176 8780  [ 2A9F60E6531F42B31874618743037719 ] LGJoyXlCore     C:\WINDOWS\system32\drivers\LGJoyXlCore.sys
16:21:39.0191 8780  LGJoyXlCore - ok
16:21:39.0191 8780  [ 94AF1384A67B9FCF5651E70BC9D4C526 ] LGSHidFilt      C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys
16:21:39.0207 8780  LGSHidFilt - ok
16:21:39.0222 8780  LicenseManager - ok
16:21:39.0254 8780  lltdio - ok
16:21:39.0269 8780  lltdsvc - ok
16:21:39.0285 8780  lmhosts - ok
16:21:39.0316 8780  [ B78534B305C93D18CAED123E1F9346E5 ] LogiRegistryService C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
16:21:39.0332 8780  LogiRegistryService - ok
16:21:39.0363 8780  LSI_SAS - ok
16:21:39.0394 8780  LSI_SAS2i - ok
16:21:39.0394 8780  LSI_SAS3i - ok
16:21:39.0394 8780  LSI_SSS - ok
16:21:39.0410 8780  LSM - ok
16:21:39.0426 8780  luafv - ok
16:21:39.0457 8780  MapsBroker - ok
16:21:39.0472 8780  mausbhost - ok
16:21:39.0488 8780  mausbip - ok
16:21:39.0832 8780  [ D76E56108E6482905D3FAEA0649919E4 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
16:21:39.0863 8780  MBAMService - ok
16:21:39.0926 8780  [ C3549BE8C1FE4ECBEE21DAD3378F6CD0 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
16:21:39.0926 8780  MBAMSwissArmy - ok
16:21:39.0957 8780  megasas - ok
16:21:39.0972 8780  megasas2i - ok
16:21:39.0972 8780  megasr - ok
16:21:40.0019 8780  [ E7C9F74D8CAAB1FF7964C27C070FB16C ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
16:21:40.0035 8780  MEIx64 - ok
16:21:40.0097 8780  MessagingService - ok
16:21:40.0113 8780  Suspicious service (Hidden): MessagingService_6813a
16:21:40.0113 8780  mlx4_bus - ok
16:21:40.0129 8780  MMCSS - ok
16:21:40.0160 8780  Modem - ok
16:21:40.0176 8780  monitor - ok
16:21:40.0176 8780  mouclass - ok
16:21:40.0191 8780  mouhid - ok
16:21:40.0207 8780  mountmgr - ok
16:21:40.0332 8780  [ BF2513029E231BE96D82F7C3ABFF87F4 ] MpKsl1ae02747   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C72D0981-740B-44EF-902B-E0BF6BE3D368}\MpKsl1ae02747.sys
16:21:40.0332 8780  MpKsl1ae02747 - ok
16:21:40.0379 8780  [ BF2513029E231BE96D82F7C3ABFF87F4 ] MpKsl4a812240   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2EA962F3-6108-4E21-A0B0-F692F1F73AFC}\MpKsl4a812240.sys
16:21:40.0379 8780  MpKsl4a812240 - ok
16:21:40.0457 8780  [ BF2513029E231BE96D82F7C3ABFF87F4 ] MpKsl61caf952   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3F59F093-DECF-47C0-AA3D-6A5326443E04}\MpKsl61caf952.sys
16:21:40.0457 8780  MpKsl61caf952 - ok
16:21:40.0504 8780  [ BF2513029E231BE96D82F7C3ABFF87F4 ] MpKsl6b21bc85   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{97AC78D4-C982-4666-8D17-107CBF0CCA2A}\MpKsl6b21bc85.sys
16:21:40.0504 8780  MpKsl6b21bc85 - ok
16:21:40.0582 8780  [ BF2513029E231BE96D82F7C3ABFF87F4 ] MpKsl72b61195   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{667B2DF1-2A8E-4050-8E21-22DFE52D7FEC}\MpKsl72b61195.sys
16:21:40.0582 8780  Suspicious file (Forged): C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{667B2DF1-2A8E-4050-8E21-22DFE52D7FEC}\MpKsl72b61195.sys. Real md5: BF2513029E231BE96D82F7C3ABFF87F4, Fake md5: FD4BC5A31AE7C81B7D34BB8A78371B6D
16:21:40.0582 8780  MpKsl72b61195 ( ForgedFile.Multi.Generic ) - warning
16:21:40.0582 8780  MpKsl72b61195 - detected ForgedFile.Multi.Generic (1)
16:21:40.0644 8780  [ BF2513029E231BE96D82F7C3ABFF87F4 ] MpKsl7792bb82   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{778BD2FE-F64D-4FE7-8A14-CCA6BC71E849}\MpKsl7792bb82.sys
16:21:40.0644 8780  MpKsl7792bb82 - ok
16:21:40.0707 8780  [ BF2513029E231BE96D82F7C3ABFF87F4 ] MpKslce970d5c   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{667B2DF1-2A8E-4050-8E21-22DFE52D7FEC}\MpKslce970d5c.sys
16:21:40.0707 8780  Suspicious file (Forged): C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{667B2DF1-2A8E-4050-8E21-22DFE52D7FEC}\MpKslce970d5c.sys. Real md5: BF2513029E231BE96D82F7C3ABFF87F4, Fake md5: FD4BC5A31AE7C81B7D34BB8A78371B6D
16:21:40.0707 8780  MpKslce970d5c ( ForgedFile.Multi.Generic ) - warning
16:21:40.0707 8780  MpKslce970d5c - detected ForgedFile.Multi.Generic (1)
16:21:40.0785 8780  [ BF2513029E231BE96D82F7C3ABFF87F4 ] MpKsld9dd74da   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5557B55F-BBCB-4595-B1E0-2799AB684788}\MpKsld9dd74da.sys
16:21:40.0785 8780  MpKsld9dd74da - ok
16:21:40.0785 8780  mpsdrv - ok
16:21:40.0801 8780  MpsSvc - ok
16:21:40.0832 8780  MRxDAV - ok
16:21:40.0863 8780  mrxsmb - ok
16:21:40.0863 8780  mrxsmb10 - ok
16:21:40.0879 8780  mrxsmb20 - ok
16:21:40.0894 8780  MsBridge - ok
16:21:40.0894 8780  MSDTC - ok
16:21:40.0910 8780  Msfs - ok
16:21:40.0926 8780  msgpiowin32 - ok
16:21:40.0957 8780  mshidkmdf - ok
16:21:41.0035 8780  mshidumdf - ok
16:21:41.0051 8780  msisadrv - ok
16:21:41.0082 8780  MSiSCSI - ok
16:21:41.0082 8780  msiserver - ok
16:21:41.0082 8780  MSKSSRV - ok
16:21:41.0082 8780  MsLldp - ok
16:21:41.0113 8780  MSPCLOCK - ok
16:21:41.0113 8780  MSPQM - ok
16:21:41.0129 8780  MsRPC - ok
16:21:41.0129 8780  MsSecFlt - ok
16:21:41.0129 8780  mssmbios - ok
16:21:41.0144 8780  MSTEE - ok
16:21:41.0144 8780  MTConfig - ok
16:21:41.0144 8780  Mup - ok
16:21:41.0160 8780  mvumis - ok
16:21:41.0160 8780  NativeWifiP - ok
16:21:41.0223 8780  NaturalAuthentication - ok
16:21:41.0223 8780  NcaSvc - ok
16:21:41.0238 8780  NcbService - ok
16:21:41.0254 8780  NcdAutoSetup - ok
16:21:41.0254 8780  ndfltr - ok
16:21:41.0269 8780  NDIS - ok
16:21:41.0285 8780  NdisCap - ok
16:21:41.0285 8780  NdisImPlatform - ok
16:21:41.0301 8780  NdisTapi - ok
16:21:41.0301 8780  Ndisuio - ok
16:21:41.0363 8780  NdisVirtualBus - ok
16:21:41.0363 8780  NdisWan - ok
16:21:41.0363 8780  ndiswanlegacy - ok
16:21:41.0363 8780  ndproxy - ok
16:21:41.0379 8780  Ndu - ok
16:21:41.0410 8780  [ E686C162145E6DDCA2B3B644004351FD ] Neo_VPN         C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys
16:21:41.0457 8780  Neo_VPN - ok
16:21:41.0457 8780  NetAdapterCx - ok
16:21:41.0473 8780  NetBIOS - ok
16:21:41.0488 8780  NetBT - ok
16:21:41.0488 8780  Netlogon - ok
16:21:41.0504 8780  Netman - ok
16:21:41.0535 8780  netprofm - ok
16:21:41.0551 8780  NetSetupSvc - ok
16:21:41.0691 8780  NetTcpPortSharing - ok
16:21:41.0738 8780  netvsc - ok
16:21:41.0769 8780  NgcCtnrSvc - ok
16:21:41.0785 8780  NgcSvc - ok
16:21:41.0801 8780  NlaSvc - ok
16:21:41.0801 8780  Npfs - ok
16:21:41.0816 8780  npggsvc - ok
16:21:41.0848 8780  npsvctrig - ok
16:21:41.0879 8780  nsi - ok
16:21:41.0894 8780  nsiproxy - ok
16:21:41.0910 8780  NTFS - ok
16:21:41.0926 8780  Null - ok
16:21:42.0035 8780  [ 43F315F0F7A179C46ED3BA44CFBBC162 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
16:21:42.0051 8780  NvContainerLocalSystem - ok
16:21:42.0082 8780  [ 43F315F0F7A179C46ED3BA44CFBBC162 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
16:21:42.0082 8780  NvContainerNetworkService - ok
16:21:42.0098 8780  nvdimmn - ok
16:21:42.0191 8780  [ C27427C9D79DE00A01B9987B68485F60 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
16:21:42.0207 8780  NVHDA - ok
16:21:43.0734 8780  [ 444B969DABB3F2D2176EF0BFAB42364F ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys
16:21:43.0890 8780  nvlddmkm - ok
16:21:43.0890 8780  nvraid - ok
16:21:43.0907 8780  nvstor - ok
16:21:43.0985 8780  [ 530E825A38753DA3ED21FD689F961344 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
16:21:43.0985 8780  NvStreamKms - ok
16:21:44.0142 8780  [ A9FD0F6BD72EA00049EAD30EFB9A7602 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
16:21:44.0220 8780  NvTelemetryContainer - ok
16:21:44.0251 8780  [ 21D89A95055DEBEEAC9566536D0A8527 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
16:21:44.0267 8780  nvvad_WaveExtensible - ok
16:21:44.0282 8780  [ CFCE4D665B1169DCD2A0FB802EECE93A ] nvvhci          C:\WINDOWS\System32\drivers\nvvhci.sys
16:21:44.0298 8780  nvvhci - ok
16:21:44.0329 8780  OneSyncSvc - ok
16:21:44.0329 8780  Suspicious service (Hidden): OneSyncSvc_6813a
16:21:44.0626 8780  [ F04B71780AD57118D7535A3A526B5667 ] Origin Client Service D:\Gry\Origin\OriginClientService.exe
16:21:44.0923 8780  Origin Client Service - ok
16:21:45.0111 8780  [ C85DAB21BD5FA5D29AEC82F1CF209774 ] Origin Web Helper Service D:\Gry\Origin\OriginWebHelperService.exe
16:21:45.0376 8780  Origin Web Helper Service - ok
16:21:45.0470 8780  [ B69889EAF7B334B2AC605A2DD7C6B2E5 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:21:45.0486 8780  ose64 - ok
16:21:45.0501 8780  p2pimsvc - ok
16:21:45.0532 8780  p2psvc - ok
16:21:45.0532 8780  Parport - ok
16:21:45.0532 8780  partmgr - ok
16:21:45.0564 8780  PcaSvc - ok
16:21:45.0595 8780  pci - ok
16:21:45.0642 8780  pciide - ok
16:21:45.0642 8780  pcmcia - ok
16:21:45.0673 8780  pcw - ok
16:21:45.0673 8780  pdc - ok
16:21:45.0689 8780  PEAUTH - ok
16:21:45.0704 8780  PeerDistSvc - ok
16:21:45.0736 8780  percsas2i - ok
16:21:45.0751 8780  percsas3i - ok
16:21:46.0595 8780  PerfHost - ok
16:21:46.0626 8780  PhoneSvc - ok
16:21:46.0642 8780  PimIndexMaintenanceSvc - ok
16:21:46.0658 8780  Suspicious service (Hidden): PimIndexMaintenanceSvc_6813a
16:21:46.0689 8780  pla - ok
16:21:46.0704 8780  PlugPlay - ok
16:21:46.0704 8780  pmem - ok
16:21:46.0783 8780  [ CD421DDB5C6E5458CE52EDC36DE7DC5B ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
16:21:54.0060 8780  PnkBstrA - ok
16:21:54.0060 8780  PNRPAutoReg - ok
16:21:54.0060 8780  PNRPsvc - ok
16:21:54.0092 8780  PolicyAgent - ok
16:21:54.0107 8780  Power - ok
16:21:54.0123 8780  PptpMiniport - ok
16:21:54.0623 8780  [ 5404E7A968A26DF03793B6F68536594D ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
16:21:54.0920 8780  PrintNotify - ok
16:21:54.0935 8780  Processor - ok
16:21:54.0967 8780  ProfSvc - ok
16:21:54.0998 8780  Psched - ok
16:21:55.0029 8780  QWAVE - ok
16:21:55.0060 8780  QWAVEdrv - ok
16:21:55.0060 8780  RasAcd - ok
16:21:55.0076 8780  RasAgileVpn - ok
16:21:55.0107 8780  RasAuto - ok
16:21:55.0107 8780  Rasl2tp - ok
16:21:55.0201 8780  RasMan - ok
16:21:55.0201 8780  RasPppoe - ok
16:21:55.0217 8780  RasSstp - ok
16:21:55.0217 8780  rdbss - ok
16:21:55.0248 8780  rdpbus - ok
16:21:55.0248 8780  RDPDR - ok
16:21:55.0295 8780  RdpVideoMiniport - ok
16:21:55.0295 8780  rdyboost - ok
16:21:55.0310 8780  ReFS - ok
16:21:55.0326 8780  ReFSv1 - ok
16:21:55.0406 8780  RemoteAccess - ok
16:21:55.0422 8780  RemoteRegistry - ok
16:21:55.0469 8780  RetailDemo - ok
16:21:55.0500 8780  RmSvc - ok
16:21:55.0531 8780  RpcEptMapper - ok
16:21:55.0563 8780  RpcLocator - ok
16:21:55.0594 8780  RpcSs - ok
16:21:55.0594 8780  rspndr - ok
16:21:55.0609 8780  rt640x64 - ok
16:21:55.0625 8780  s3cap - ok
16:21:55.0688 8780  SamSs - ok
16:21:55.0688 8780  sbp2port - ok
16:21:55.0688 8780  SCardSvr - ok
16:21:55.0719 8780  ScDeviceEnum - ok
16:21:55.0734 8780  scfilter - ok
16:21:55.0750 8780  Schedule - ok
16:21:55.0766 8780  scmbus - ok
16:21:55.0797 8780  SCPolicySvc - ok
16:21:55.0813 8780  sdbus - ok
16:21:55.0844 8780  SDFRd - ok
16:21:55.0844 8780  SDRSVC - ok
16:21:55.0859 8780  sdstor - ok
16:21:55.0859 8780  seclogon - ok
16:21:55.0906 8780  SecurityHealthService - ok
16:21:55.0938 8780  [ CB40F8B4DEB52C26EF005C1F94BFDC7B ] SeLow           C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys
16:21:55.0953 8780  SeLow - ok
16:21:55.0984 8780  SEMgrSvc - ok
16:21:56.0000 8780  SENS - ok
16:21:56.0047 8780  Sense - ok
16:21:56.0063 8780  SensorDataService - ok
16:21:56.0094 8780  SensorService - ok
16:21:56.0125 8780  SensorsSimulatorDriver - ok
16:21:56.0141 8780  SensrSvc - ok
16:21:56.0156 8780  SerCx - ok
16:21:56.0156 8780  SerCx2 - ok
16:21:56.0188 8780  Serenum - ok
16:21:56.0188 8780  Serial - ok
16:21:56.0203 8780  sermouse - ok
16:21:56.0344 8780  [ CC2E0177CB3C17D67C4E2342E0BCD5E5 ] Service KMSELDI C:\Program Files\KMSpico\Service_KMS.exe
16:21:56.0578 8780  Service KMSELDI - ok
16:21:56.0594 8780  SessionEnv - ok
16:21:56.0594 8780  sfloppy - ok
16:21:56.0641 8780  SharedAccess - ok
16:21:56.0703 8780  ShellHWDetection - ok
16:21:56.0750 8780  shpamsvc - ok
16:21:56.0797 8780  SiSRaid2 - ok
16:21:56.0797 8780  SiSRaid4 - ok
16:21:56.0828 8780  smphost - ok
16:21:56.0891 8780  SmsRouter - ok
16:21:56.0953 8780  SNMPTRAP - ok
16:21:56.0985 8780  spaceport - ok
16:21:57.0016 8780  SpatialGraphFilter - ok
16:21:57.0016 8780  SpbCx - ok
16:21:57.0031 8780  spectrum - ok
16:21:57.0063 8780  Spooler - ok
16:21:57.0078 8780  sppsvc - ok
16:21:57.0094 8780  srv - ok
16:21:57.0110 8780  srv2 - ok
16:21:57.0110 8780  srvnet - ok
16:21:57.0141 8780  SSDPSRV - ok
16:21:57.0156 8780  SstpSvc - ok
16:21:57.0203 8780  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
16:21:57.0219 8780  ssudmdm - ok
16:21:57.0266 8780  StateRepository - ok
16:21:57.0469 8780  [ AC5DE2689B571942E08128D0EC771495 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:21:57.0500 8780  Steam Client Service - ok
16:21:57.0531 8780  stexstor - ok
16:21:57.0610 8780  stisvc - ok
16:21:57.0641 8780  storahci - ok
16:21:57.0641 8780  storflt - ok
16:21:57.0656 8780  stornvme - ok
16:21:57.0672 8780  storqosflt - ok
16:21:57.0735 8780  StorSvc - ok
16:21:57.0797 8780  storufs - ok
16:21:57.0813 8780  storvsc - ok
16:21:57.0828 8780  svsvc - ok
16:21:57.0828 8780  swenum - ok
16:21:58.0047 8780  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:21:58.0063 8780  SwitchBoard - ok
16:21:58.0078 8780  swprv - ok
16:21:58.0125 8780  Synth3dVsc - ok
16:21:58.0172 8780  SysMain - ok
16:21:58.0203 8780  SystemEventsBroker - ok
16:21:58.0235 8780  TabletInputService - ok
16:21:58.0319 8780  [ DABC1C08AD2CD6578A1B49C38366110A ] tap0901_openvpn_accl C:\WINDOWS\System32\drivers\tap0901_openvpn_accl.sys
16:21:58.0381 8780  tap0901_openvpn_accl - ok
16:21:58.0381 8780  TapiSrv - ok
16:21:58.0413 8780  Tcpip - ok
16:21:58.0428 8780  Tcpip6 - ok
16:21:58.0444 8780  tcpipreg - ok
16:21:58.0522 8780  tdx - ok
16:21:59.0086 8780  [ DA1B697C42888BA804DD07BA49B116B1 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
16:21:59.0102 8780  TeamViewer - ok
16:21:59.0133 8780  terminpt - ok
16:21:59.0148 8780  TermService - ok
16:21:59.0164 8780  Themes - ok
16:21:59.0211 8780  TieringEngineService - ok
16:21:59.0242 8780  tiledatamodelsvc - ok
16:21:59.0258 8780  TimeBrokerSvc - ok
16:21:59.0289 8780  TokenBroker - ok
16:21:59.0320 8780  TPM - ok
16:21:59.0352 8780  TrkWks - ok
16:21:59.0414 8780  TrustedInstaller - ok
16:21:59.0414 8780  TsUsbFlt - ok
16:21:59.0445 8780  TsUsbGD - ok
16:21:59.0461 8780  tsusbhub - ok
16:21:59.0492 8780  tzautoupdate - ok
16:21:59.0508 8780  UASPStor - ok
16:21:59.0539 8780  UcmCx0101 - ok
16:21:59.0539 8780  UcmTcpciCx0101 - ok
16:21:59.0570 8780  UcmUcsi - ok
16:21:59.0570 8780  Ucx01000 - ok
16:21:59.0570 8780  UdeCx - ok
16:21:59.0570 8780  udfs - ok
16:21:59.0586 8780  UEFI - ok
16:21:59.0586 8780  UevAgentDriver - ok
16:21:59.0602 8780  UevAgentService - ok
16:21:59.0602 8780  Ufx01000 - ok
16:21:59.0633 8780  UfxChipidea - ok
16:21:59.0633 8780  ufxsynopsys - ok
16:21:59.0664 8780  UI0Detect - ok
16:21:59.0680 8780  umbus - ok
16:21:59.0695 8780  UmPass - ok
16:21:59.0711 8780  UmRdpService - ok
16:21:59.0727 8780  UnistoreSvc - ok
16:21:59.0727 8780  Suspicious service (Hidden): UnistoreSvc_6813a
16:21:59.0742 8780  upnphost - ok
16:21:59.0773 8780  UrsChipidea - ok
16:21:59.0773 8780  UrsCx01000 - ok
16:21:59.0773 8780  UrsSynopsys - ok
16:21:59.0773 8780  usbccgp - ok
16:21:59.0789 8780  usbcir - ok
16:21:59.0805 8780  usbehci - ok
16:21:59.0805 8780  usbhub - ok
16:21:59.0805 8780  USBHUB3 - ok
16:21:59.0820 8780  usbohci - ok
16:21:59.0836 8780  usbprint - ok
16:21:59.0867 8780  usbser - ok
16:21:59.0898 8780  USBSTOR - ok
16:21:59.0898 8780  usbuhci - ok
16:21:59.0930 8780  USBXHCI - ok
16:21:59.0945 8780  UserDataSvc - ok
16:21:59.0945 8780  Suspicious service (Hidden): UserDataSvc_6813a
16:21:59.0961 8780  UserManager - ok
16:21:59.0977 8780  UsoSvc - ok
16:21:59.0992 8780  VaultSvc - ok
16:21:59.0992 8780  vdrvroot - ok
16:22:00.0008 8780  vds - ok
16:22:00.0008 8780  VerifierExt - ok
16:22:00.0024 8780  vhdmp - ok
16:22:00.0024 8780  vhf - ok
16:22:00.0039 8780  vmbus - ok
16:22:00.0039 8780  VMBusHID - ok
16:22:00.0055 8780  vmgid - ok
16:22:00.0070 8780  vmicguestinterface - ok
16:22:00.0070 8780  vmicheartbeat - ok
16:22:00.0070 8780  vmickvpexchange - ok
16:22:00.0086 8780  vmicrdv - ok
16:22:00.0086 8780  vmicshutdown - ok
16:22:00.0086 8780  vmictimesync - ok
16:22:00.0086 8780  vmicvmsession - ok
16:22:00.0086 8780  vmicvss - ok
16:22:00.0102 8780  volmgr - ok
16:22:00.0102 8780  volmgrx - ok
16:22:00.0102 8780  volsnap - ok
16:22:00.0102 8780  volume - ok
16:22:00.0117 8780  vpci - ok
16:22:00.0258 8780  [ 9B4F6978628D07FAEBF77FF6F8F2960D ] VsEtwService120 C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe
16:22:00.0289 8780  VsEtwService120 - ok
16:22:00.0305 8780  vsmraid - ok
16:22:00.0305 8780  VSS - ok
16:22:00.0305 8780  VSTXRAID - ok
16:22:00.0320 8780  vwifibus - ok
16:22:00.0320 8780  vwififlt - ok
16:22:00.0336 8780  W32Time - ok
16:22:00.0336 8780  WacomPen - ok
16:22:00.0352 8780  WalletService - ok
16:22:00.0414 8780  wanarp - ok
16:22:00.0414 8780  wanarpv6 - ok
16:22:00.0414 8780  wbengine - ok
16:22:00.0494 8780  WbioSrvc - ok
16:22:00.0509 8780  wcifs - ok
16:22:00.0509 8780  Wcmsvc - ok
16:22:00.0559 8780  wcncsvc - ok
16:22:00.0563 8780  wcnfs - ok
16:22:00.0565 8780  WdBoot - ok
16:22:00.0577 8780  Wdf01000 - ok
16:22:00.0593 8780  WdFilter - ok
16:22:00.0593 8780  WdiServiceHost - ok
16:22:00.0593 8780  WdiSystemHost - ok
16:22:00.0609 8780  wdiwifi - ok
16:22:00.0609 8780  WdNisDrv - ok
16:22:00.0640 8780  WdNisSvc - ok
16:22:00.0640 8780  WebClient - ok
16:22:00.0656 8780  Wecsvc - ok
16:22:00.0656 8780  WEPHOSTSVC - ok
16:22:00.0687 8780  wercplsupport - ok
16:22:00.0702 8780  WerSvc - ok
16:22:00.0718 8780  WFDSConMgrSvc - ok
16:22:00.0734 8780  WFPLWFS - ok
16:22:00.0734 8780  WiaRpc - ok
16:22:00.0749 8780  WIMMount - ok
16:22:00.0765 8780  [ 8DACCFD6B64A3A5F5E3F4AE4805564C0 ] Win10Pcap       C:\WINDOWS\system32\DRIVERS\Win10Pcap.sys
16:22:00.0765 8780  Win10Pcap - ok
16:22:00.0781 8780  WinDefend - ok
16:22:00.0781 8780  WindowsTrustedRT - ok
16:22:00.0796 8780  WindowsTrustedRTProxy - ok
16:22:00.0827 8780  WinHttpAutoProxySvc - ok
16:22:00.0843 8780  WinMad - ok
16:22:00.0937 8780  Winmgmt - ok
16:22:00.0937 8780  WinNat - ok
16:22:00.0952 8780  WinRM - ok
16:22:00.0984 8780  WINUSB - ok
16:22:01.0015 8780  WinVerbs - ok
16:22:01.0031 8780  wisvc - ok
16:22:01.0109 8780  WlanSvc - ok
16:22:01.0124 8780  wlidsvc - ok
16:22:01.0140 8780  wlpasvc - ok
16:22:01.0156 8780  WmiAcpi - ok
16:22:01.0171 8780  wmiApSrv - ok
16:22:01.0234 8780  WMPNetworkSvc - ok
16:22:01.0296 8780  [ 1AE1076034392218EE89D2744EC2A071 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
16:22:01.0296 8780  Wof - ok
16:22:01.0312 8780  workfolderssvc - ok
16:22:01.0312 8780  WPDBusEnum - ok
16:22:01.0343 8780  WpdUpFltr - ok
16:22:01.0359 8780  WpnService - ok
16:22:01.0359 8780  WpnUserService - ok
16:22:01.0359 8780  Suspicious service (Hidden): WpnUserService_6813a
16:22:01.0359 8780  ws2ifsl - ok
16:22:01.0374 8780  wscsvc - ok
16:22:01.0374 8780  WSearch - ok
16:22:01.0406 8780  wuauserv - ok
16:22:01.0437 8780  WudfPf - ok
16:22:01.0452 8780  WUDFRd - ok
16:22:01.0468 8780  wudfsvc - ok
16:22:01.0468 8780  WUDFWpdFs - ok
16:22:01.0468 8780  WUDFWpdMtp - ok
16:22:01.0484 8780  WwanSvc - ok
16:22:01.0484 8780  xbgm - ok
16:22:01.0546 8780  XblAuthManager - ok
16:22:01.0562 8780  XblGameSave - ok
16:22:01.0562 8780  xboxgip - ok
16:22:01.0577 8780  XboxGipSvc - ok
16:22:01.0577 8780  XboxNetApiSvc - ok
16:22:01.0577 8780  xinputhid - ok
16:22:01.0577 8780  ================ Scan global ===============================
16:22:01.0702 8780  [Global] - ok
16:22:01.0702 8780  ================ Scan MBR ==================================
16:22:01.0718 8780  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:22:01.0734 8780  \Device\Harddisk0\DR0 - ok
16:22:01.0749 8780  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:22:01.0749 8780  \Device\Harddisk1\DR1 - ok
16:22:01.0765 8780  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
16:22:01.0921 8780  \Device\Harddisk2\DR2 - ok
16:22:01.0921 8780  ================ Scan VBR ==================================
16:22:01.0937 8780  [ 21E62C3D7B88F653138C1BCBB57341F5 ] \Device\Harddisk0\DR0\Partition1
16:22:01.0937 8780  \Device\Harddisk0\DR0\Partition1 - ok
16:22:01.0952 8780  [ CF03C424B1F03AED908089ADA15EFBA4 ] \Device\Harddisk0\DR0\Partition2
16:22:01.0968 8780  \Device\Harddisk0\DR0\Partition2 - ok
16:22:01.0968 8780  [ ECCFFAC727F9E388288EB99961E650EE ] \Device\Harddisk1\DR1\Partition1
16:22:01.0968 8780  \Device\Harddisk1\DR1\Partition1 - ok
16:22:01.0984 8780  [ 5016B0461ABA413C82C64296E355C309 ] \Device\Harddisk2\DR2\Partition1
16:22:01.0984 8780  \Device\Harddisk2\DR2\Partition1 - ok
16:22:01.0984 8780  [ 25953580FC79AAFAA46061E628ED47A5 ] \Device\Harddisk2\DR2\Partition2
16:22:01.0984 8780  \Device\Harddisk2\DR2\Partition2 - ok
16:22:01.0999 8780  ============================================================
16:22:01.0999 8780  Scan finished
16:22:01.0999 8780  ============================================================
16:22:01.0999 4812  Detected object count: 2
16:22:01.0999 4812  Actual detected object count: 2
16:22:52.0177 4812  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{667B2DF1-2A8E-4050-8E21-22DFE52D7FEC}\MpKsl72b61195.sys - copied to quarantine
16:22:52.0224 4812  MpKsl72b61195 ( ForgedFile.Multi.Generic ) - User select action: Quarantine 
16:22:52.0255 4812  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{667B2DF1-2A8E-4050-8E21-22DFE52D7FEC}\MpKslce970d5c.sys - copied to quarantine
16:22:52.0271 4812  MpKslce970d5c ( ForgedFile.Multi.Generic ) - User select action: Quarantine 
16:22:57.0825 9040  Deinitialize success