| |
| |||||||
Log-Analyse und Auswertung: Beim Virenscan Malware backdoor.win32.androm.eutw gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.10.2014, 10:51
| #1 |
 |  Beim Virenscan Malware backdoor.win32.androm.eutw gefunden Hallo, nachdem ich den Rechner meines Kumpels mit eurer Hilfe gereinigt hat schein es mich nun auch getroffen zu haben. Hab mit Kaspersky einen Virenscan gemacht und promt Malware gefunden. hier die logs (musste auf mehrere Posts aufteilen. Kaspersky: Code:
ATTFilter Gefundenes Objekt (Datei) wurde nicht verarbeitet "D:\Windows Live Mail\Freenet (st f5e\Posteingang\3B4511AA-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr" "D:\Windows Live Mail\Freenet (st f5e\Posteingang\3B4511AA-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr" Backdoor.Win32.Androm.eutw Trojanisches Programm Heute, 21:07
Gefundenes Objekt (Datei) wurde nicht verarbeitet "C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Freenet.de\Posteingang\6D221AF4-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr" "C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Freenet.de\Posteingang\6D221AF4-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr" Backdoor.Win32.Androm.eutw Trojanisches Programm Heute, 20:26
Gefundenes Objekt (Datei) wurde nicht verarbeitet "C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte 3e4\Freenet (st f5e\Posteingang\0BAF5B92-00000044.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr" "C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte 3e4\Freenet (st f5e\Posteingang\0BAF5B92-00000044.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr" Backdoor.Win32.Androm.eutw Trojanisches Programm Heute, 20:26
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-21 21:28:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\00000061 Samsung_ rev.EXT0 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Familie\AppData\Local\Temp\fwdirfoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
.text ... * 2
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Pro 00000000779111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
.text C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
.text ... * 2
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Kernel IAT/EAT - GMER 2.1 ----
IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880044c3fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0993ca
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0993ca@789ed08a1c82 0xDF 0x16 0x94 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00190e0993ca (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00190e0993ca@789ed08a1c82 0xDF 0x16 0x94 0x22 ...
---- Files - GMER 2.1 ----
File C:\Program Files (x86)\Secunia\PSI\SUA\running 0 bytes
---- EOF - GMER 2.1 ----
|
|
22.10.2014, 10:54
| #2 |
| | Beim Virenscan Malware backdoor.win32.androm.eutw gefunden gmer Teil2:
__________________Code:
ATTFilter gramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
.text ... * 2
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779111f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077911fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779133c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5
|
|
22.10.2014, 10:58
| #3 |
| | Beim Virenscan Malware backdoor.win32.androm.eutw gefunden Gmer ist ja riesngroß... Muss das so sein? Das kommt mir irgendwie seltsam vor...
__________________frst Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Familie (administrator) on STEPHAN-PC on 21-10-2014 21:22:09
Running from C:\Users\Stephan\Desktop
Loaded Profiles: Stephan & Familie (Available profiles: Stephan & Familie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-1192048264-2856092765-3315345556-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Familie\AppData\Roaming\Mozilla\Firefox\Profiles\nvb8lbqy.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\Familie\AppData\Roaming\Mozilla\Firefox\Profiles\nvb8lbqy.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-08-31]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-06-07]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-08-31]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-09-18] (Perfect World Entertainment Inc)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 21:22 - 2014-10-21 21:22 - 00017338 _____ () C:\Users\Stephan\Desktop\FRST.txt
2014-10-21 21:22 - 2014-10-21 21:22 - 00000000 ____D () C:\FRST
2014-10-21 21:21 - 2014-10-21 21:21 - 02110976 _____ (Farbar) C:\Users\Stephan\Desktop\FRST64.exe
2014-10-21 21:17 - 2014-10-21 21:17 - 00380416 _____ () C:\Users\Stephan\Desktop\Gmer-19357.exe
2014-10-21 21:16 - 2014-10-21 21:16 - 00001684 _____ () C:\Users\Stephan\Desktop\kaspersky.txt
2014-10-21 20:42 - 2014-10-21 20:42 - 00001215 _____ () C:\Users\Stephan\Documents\kaspersky.txt
2014-10-21 17:36 - 2014-10-21 17:36 - 00000407 _____ () C:\Windows\SecuniaPackage.log
2014-10-21 17:34 - 2014-10-21 17:34 - 05329480 _____ (Secunia) C:\Users\Stephan\Downloads\psisetup.exe
2014-10-21 17:34 - 2014-10-21 17:34 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-10-21 17:34 - 2014-10-21 17:34 - 00000000 ____D () C:\Users\Familie\AppData\Local\Secunia PSI
2014-10-21 17:34 - 2014-10-21 17:34 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-10-21 17:05 - 2014-10-21 17:05 - 00000000 ____D () C:\Users\Stephan\Documents\My Weblog Posts
2014-10-21 17:02 - 2014-10-21 17:02 - 12757300 _____ () C:\Users\Stephan\Downloads\PanoramicForests.deskthemepack
2014-10-20 18:40 - 2014-10-21 17:06 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-20 18:40 - 2014-10-20 18:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-10-20 18:40 - 2014-10-20 18:40 - 00001083 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-10-20 18:40 - 2014-10-20 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-10-20 18:40 - 2014-10-20 18:40 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-20 18:40 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-10-20 17:59 - 2014-10-20 19:03 - 00006656 _____ () C:\Users\Stephan\Desktop\Selbsthilfegruppe Teilnehmer.xls
2014-10-20 17:55 - 2014-10-20 17:55 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-10-20 17:53 - 2014-10-20 17:53 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-10-20 17:53 - 2014-10-20 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-10-20 17:52 - 2014-10-21 19:54 - 00000504 _____ () C:\Windows\setupact.log
2014-10-20 17:52 - 2014-10-20 17:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-20 17:51 - 2014-10-20 17:48 - 220827648 _____ () C:\LibreOffice_4.2.6-secfix_Win_x86.msi
2014-10-20 17:46 - 2014-10-20 17:48 - 220827648 _____ () C:\Users\Stephan\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi
2014-10-20 17:43 - 2014-10-21 17:47 - 00101961 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 17:40 - 2014-10-20 17:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 17:40 - 2014-10-20 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 17:39 - 2014-10-20 17:39 - 00638888 _____ (Oracle Corporation) C:\Users\Familie\Downloads\jxpiinstall.exe
2014-10-20 17:39 - 2014-10-20 17:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-20 17:30 - 2014-10-20 17:30 - 00003270 _____ () C:\Windows\System32\Tasks\{21E52D00-12D3-4A5A-8A74-BE5F8183B62E}
2014-10-20 17:28 - 2014-10-20 17:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stephan\Downloads\revosetup95.exe
2014-10-20 17:28 - 2014-10-20 17:28 - 00001268 _____ () C:\Users\Familie\Desktop\Revo Uninstaller.lnk
2014-10-20 17:28 - 2014-10-20 17:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-20 16:06 - 2014-10-20 16:06 - 04095448 _____ (BrightFort LLC ) C:\Users\Stephan\Downloads\spywareblastersetup50.exe
2014-10-20 15:52 - 2014-10-20 15:52 - 02347384 _____ (ESET) C:\Users\Stephan\Downloads\esetsmartinstaller_deu(1).exe
2014-10-18 19:27 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-18 19:27 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-18 19:27 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-18 19:27 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-18 19:27 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-18 19:27 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-18 19:27 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-18 19:27 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-18 19:27 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-18 19:27 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-18 19:27 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-18 19:27 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-18 19:27 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-18 19:27 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-18 19:27 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-18 19:27 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-18 19:27 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-18 19:27 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-18 19:27 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-18 19:27 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-18 19:27 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-18 19:27 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-18 19:27 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-18 19:27 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-18 19:27 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-18 19:27 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-18 19:27 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-18 19:27 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-18 19:27 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-18 19:27 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-18 19:27 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-18 19:27 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-18 19:27 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-18 19:27 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-18 19:27 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-18 19:27 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-18 19:27 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-18 19:27 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-18 19:27 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-18 19:27 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-18 19:27 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-18 19:27 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-18 19:27 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-18 19:27 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-18 19:27 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-18 19:27 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-18 19:27 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-18 19:27 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-18 19:27 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-18 19:27 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-18 19:27 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-18 19:27 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-18 19:27 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-18 19:27 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-18 19:27 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-18 19:27 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-18 19:27 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-18 19:27 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-18 19:27 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-18 19:27 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-18 19:27 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-18 19:27 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-18 19:27 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-18 19:27 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-18 19:27 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-18 19:27 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-18 19:26 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-18 19:26 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-18 19:26 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-18 19:26 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-18 19:26 - 2014-08-29 04:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-18 19:25 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-18 19:25 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-18 19:25 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-18 19:25 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-18 19:25 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-18 19:25 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-18 19:25 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-18 19:25 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-18 19:25 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-18 19:25 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-18 19:25 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-18 19:25 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-18 19:25 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-18 19:25 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-18 19:25 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 15:54 - 2014-10-15 15:54 - 00062096 _____ () C:\Windows\SysWOW64\CCCInstall_201410151554461740.log
2014-10-15 15:54 - 2014-10-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-10-15 15:54 - 2014-10-15 15:54 - 00000000 ____D () C:\ProgramData\ATI
2014-10-15 15:54 - 2014-10-15 15:54 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-10-14 18:22 - 2014-10-14 18:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-01 16:04 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 16:04 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-25 19:44 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 19:44 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 21:18 - 2014-07-15 16:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 20:44 - 2014-06-07 19:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 20:15 - 2014-06-07 20:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-21 20:01 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 20:01 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 19:58 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-10-21 19:58 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-10-21 19:58 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 19:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 17:36 - 2014-06-07 19:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-21 17:36 - 2014-06-07 19:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-21 17:36 - 2014-06-07 19:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-21 17:06 - 2014-06-08 22:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-21 17:05 - 2014-06-08 20:52 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Windows Live Writer
2014-10-20 18:34 - 2009-07-14 06:45 - 00332448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 18:08 - 2014-09-10 18:13 - 00000000 ____D () C:\Users\Familie\AppData\Local\Adobe
2014-10-20 18:06 - 2014-06-07 21:37 - 00072104 _____ () C:\Users\Familie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-20 17:54 - 2014-06-07 19:07 - 00072104 _____ () C:\Users\Stephan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-20 17:53 - 2014-06-08 21:44 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-10-20 17:40 - 2014-06-07 19:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-18 19:37 - 2014-06-07 20:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 19:34 - 2014-06-07 19:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 19:33 - 2014-06-07 19:42 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 15:54 - 2014-06-07 20:30 - 00000000 ____D () C:\ProgramData\AMD
2014-10-15 15:54 - 2014-06-07 18:39 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-10-15 15:53 - 2014-06-07 20:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-15 15:52 - 2014-06-07 19:48 - 00000000 ____D () C:\AMD
2014-10-14 19:22 - 2014-06-07 20:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-02 15:53 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Stephan\AppData\Local\Temp\tmpFF25.exe
C:\Users\Stephan\AppData\Local\Temp\_is7A6C.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-09 18:21
==================== End Of Log ============================
--- --- --- Addition Text: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by Familie at 2014-10-21 21:22:45
Running from C:\Users\Stephan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Absolute Uninstaller 2.9.0.722 (HKLM-x32\...\Absolute Uninstaller_is1) (Version: - Glarysoft.com)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\{BC8AC77D-6A6F-491F-BEED-2958F09C6CAE}) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD Accelerated Video Transcoding (Version: 13.30.100.40915 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0915.1813.30937 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0915.1813.30937 - Ihr Firmenname) Hidden
AMD USB Filter Driver (x32 Version: 1.0.14.91 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Armageddon (HKLM-x32\...\{E163BB62-2840-4C55-9A8E-5C5B9E9FF86C}) (Version: - )
Brother MFL-Pro Suite MFC-J4410DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version: - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
COGPACK-DEMO (HKLM-x32\...\COGPACK-DEMO) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Doomsday (HKLM-x32\...\{69464949-AD9C-4C98-933F-C32FFC86F3C8}) (Version: - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.44.820 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.820 - DVDVideoSoft Ltd.)
Hearts of Iron (HKLM-x32\...\{0C7880D0-B759-43A2-BFA9-64E208B9535B}) (Version: - )
Hearts of Iron 2 (HKLM-x32\...\{98786147-80E3-41A5-A80C-1F3C028558CF}) (Version: - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nero 9 (HKLM-x32\...\{d840018d-b6fd-4936-a957-623973b4c038}) (Version: - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.23.100 - Nero AG) Hidden
Nero Disc Copy Gadget (x32 Version: 2.4.43.0 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero PhotoSnap (x32 Version: 2.4.29.0 - Nero AG) Hidden
Nero Recode (x32 Version: 4.4.40.0 - Nero AG) Hidden
Nero Rescue Agent (x32 Version: 2.4.14.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.27.100 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.40.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.19.100 - Nero AG) Hidden
Nero WaveEditor (x32 Version: 5.4.39.0 - Nero AG) Hidden
NeroBurningROM (x32 Version: 1.0.0.0 - Nero AG) Hidden
NeroExpress (x32 Version: 1.0.0.0 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Scansoft PDF Professional (x32 Version: - ) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SoundTrax (x32 Version: 4.4.39.0 - Nero AG) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1192048264-2856092765-3315345556-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Stephan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1192048264-2856092765-3315345556-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Stephan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1192048264-2856092765-3315345556-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Stephan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1192048264-2856092765-3315345556-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Stephan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1192048264-2856092765-3315345556-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Stephan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {735CCA8D-F0B9-4882-AA0B-B929131E7695} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {EFF10ACB-74E9-4154-9F0E-883472D142EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-09-15 18:13 - 2014-09-15 18:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-06-08 20:57 - 2005-04-22 06:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2008-02-12 13:55 - 2008-02-12 13:55 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-06-08 20:57 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-10-14 18:22 - 2014-10-14 18:22 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Stephan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
========================= Accounts: ==========================
Administrator (S-1-5-21-1192048264-2856092765-3315345556-500 - Administrator - Disabled)
Familie (S-1-5-21-1192048264-2856092765-3315345556-1004 - Administrator - Enabled) => C:\Users\Familie
Gast (S-1-5-21-1192048264-2856092765-3315345556-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1192048264-2856092765-3315345556-1002 - Limited - Enabled)
Stephan (S-1-5-21-1192048264-2856092765-3315345556-1000 - Limited - Enabled) => C:\Users\Stephan
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/21/2014 07:55:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/21/2014 05:23:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/21/2014 04:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x13e0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (10/21/2014 04:19:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/21/2014 10:30:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/20/2014 08:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/20/2014 07:56:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/20/2014 07:18:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/20/2014 07:14:15 PM) (Source: ESENT) (EventID: 455) (User: )
Description: wlmail (5468) D:\Windows Live Mail\Calendars\: Fehler -1022 (0xfffffc02) beim Öffnen von Protokolldatei D:\Windows Live Mail\Calendars\DBStore\LogFiles\edb.log.
Error: (10/20/2014 07:14:15 PM) (Source: ESENT) (EventID: 489) (User: )
Description: wlmail (5468) D:\Windows Live Mail\Calendars\: Versuch, Datei "D:\Windows Live Mail\Calendars\DBStore\LogFiles\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 55 (0x00000037): "Die angegebene Netzwerkressource bzw. das angegebene Gerät ist nicht mehr verfügbar. " fehlgeschlagen. Fehler -1022 (0xfffffc02) beim Öffnen von Dateien.
System errors:
=============
Error: (10/21/2014 05:23:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AVP erreicht.
Error: (10/20/2014 07:14:15 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.
Error: (10/20/2014 07:14:15 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.
Error: (10/20/2014 07:14:15 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.
Error: (10/20/2014 07:14:15 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.
Error: (10/20/2014 07:14:15 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.
Error: (10/20/2014 07:14:15 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.
Error: (10/20/2014 07:14:15 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.
Error: (10/14/2014 04:35:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Gruppenrichtlinienclient" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/03/2014 11:33:09 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Microsoft Office Sessions:
=========================
Error: (10/21/2014 07:55:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/21/2014 05:23:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/21/2014 04:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb800000030000142513e001cfed3be7d61d7bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla4f8aa7a-5932-11e4-bc88-002522ac0f69
Error: (10/21/2014 04:19:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/21/2014 10:30:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/20/2014 08:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/20/2014 07:56:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/20/2014 07:18:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/20/2014 07:14:15 PM) (Source: ESENT) (EventID: 455) (User: )
Description: wlmail5468D:\Windows Live Mail\Calendars\: D:\Windows Live Mail\Calendars\DBStore\LogFiles\edb.log-1022 (0xfffffc02)
Error: (10/20/2014 07:14:15 PM) (Source: ESENT) (EventID: 489) (User: )
Description: wlmail5468D:\Windows Live Mail\Calendars\: D:\Windows Live Mail\Calendars\DBStore\LogFiles\edb.log-1022 (0xfffffc02)55 (0x00000037)Die angegebene Netzwerkressource bzw. das angegebene Gerät ist nicht mehr verfügbar.
CodeIntegrity Errors:
===================================
Date: 2014-10-20 15:26:12.034
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-20 15:26:11.971
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 19:13:55.562
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 19:13:55.562
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 19:13:55.562
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 19:13:55.562
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 19:13:23.014
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 19:13:22.952
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-09 18:23:20.669
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-09 18:23:20.666
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 960T Processor
Percentage of memory in use: 23%
Total physical RAM: 8187.64 MB
Available physical RAM: 6267.14 MB
Total Pagefile: 16373.46 MB
Available Pagefile: 14425.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:74.12 GB) NTFS
Drive d: (Musik und Videos) (Fixed) (Total:232.88 GB) (Free:96.83 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:319.28 GB) (Free:299.57 GB) NTFS
Drive g: (Volume) (Fixed) (Total:146.38 GB) (Free:138.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: B0325106)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E88D7372)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 89E2C361)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.10.2014 Suchlauf-Zeit: 11:57:17 Logdatei: mbam.txt Administrator: Nein Version: 2.00.2.1012 Malware Datenbank: v2014.10.22.03 Rootkit Datenbank: v2014.10.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Stephan Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 248244 Verstrichene Zeit: 9 Min, 12 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Geändert von coldmorning (22.10.2014 um 11:13 Uhr) |
|
22.10.2014, 11:39
| #4 |
| /// the machine /// TB-Ausbilder    | Beim Virenscan Malware backdoor.win32.androm.eutw gefunden hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.10.2014, 17:24
| #5 |
| | Beim Virenscan Malware backdoor.win32.androm.eutw gefunden Hallo und danke erstmal. Hier das Log: Code:
ATTFilter 14:36:40.0646 0x1150 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
14:36:43.0922 0x1150 ============================================================
14:36:43.0922 0x1150 Current date / time: 2014/10/22 14:36:43.0922
14:36:43.0922 0x1150 SystemInfo:
14:36:43.0922 0x1150
14:36:43.0922 0x1150 OS Version: 6.1.7601 ServicePack: 1.0
14:36:43.0922 0x1150 Product type: Workstation
14:36:43.0922 0x1150 ComputerName: STEPHAN-PC
14:36:43.0922 0x1150 UserName: Familie
14:36:43.0922 0x1150 Windows directory: C:\Windows
14:36:43.0922 0x1150 System windows directory: C:\Windows
14:36:43.0922 0x1150 Running under WOW64
14:36:43.0922 0x1150 Processor architecture: Intel x64
14:36:43.0922 0x1150 Number of processors: 4
14:36:43.0922 0x1150 Page size: 0x1000
14:36:43.0922 0x1150 Boot type: Normal boot
14:36:43.0922 0x1150 ============================================================
14:36:44.0546 0x1150 KLMD registered as C:\Windows\system32\drivers\56681097.sys
14:36:44.0905 0x1150 System UUID: {785032FA-A08A-20E3-B858-BC7320DEEDE9}
14:36:45.0794 0x1150 Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:36:45.0810 0x1150 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x764A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
14:36:45.0825 0x1150 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:36:45.0825 0x1150 ============================================================
14:36:45.0825 0x1150 \Device\Harddisk2\DR2:
14:36:45.0825 0x1150 MBR partitions:
14:36:45.0825 0x1150 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
14:36:45.0825 0x1150 \Device\Harddisk0\DR0:
14:36:45.0825 0x1150 MBR partitions:
14:36:45.0825 0x1150 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
14:36:45.0825 0x1150 \Device\Harddisk1\DR1:
14:36:45.0841 0x1150 MBR partitions:
14:36:45.0841 0x1150 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:36:45.0841 0x1150 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C5000
14:36:45.0841 0x1150 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x124F8000, BlocksNum 0x27E8D000
14:36:45.0841 0x1150 ============================================================
14:36:45.0841 0x1150 C: <-> \Device\Harddisk2\DR2\Partition1
14:36:45.0856 0x1150 D: <-> \Device\Harddisk0\DR0\Partition1
14:36:45.0919 0x1150 E: <-> \Device\Harddisk1\DR1\Partition3
14:36:45.0950 0x1150 G: <-> \Device\Harddisk1\DR1\Partition2
14:36:45.0950 0x1150 ============================================================
14:36:45.0950 0x1150 Initialize success
14:36:45.0950 0x1150 ============================================================
14:38:04.0325 0x1618 ============================================================
14:38:04.0325 0x1618 Scan started
14:38:04.0325 0x1618 Mode: Manual; SigCheck; TDLFS;
14:38:04.0325 0x1618 ============================================================
14:38:04.0325 0x1618 KSN ping started
14:38:07.0039 0x1618 KSN ping finished: true
14:38:07.0382 0x1618 ================ Scan system memory ========================
14:38:07.0382 0x1618 System memory - ok
14:38:07.0382 0x1618 ================ Scan services =============================
14:38:07.0445 0x1618 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:38:07.0491 0x1618 1394ohci - ok
14:38:07.0507 0x1618 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:38:07.0523 0x1618 ACPI - ok
14:38:07.0523 0x1618 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:38:07.0585 0x1618 AcpiPmi - ok
14:38:07.0585 0x1618 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:38:07.0585 0x1618 AdobeARMservice - ok
14:38:07.0632 0x1618 [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:38:07.0757 0x1618 AdobeFlashPlayerUpdateSvc - ok
14:38:07.0772 0x1618 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:38:07.0819 0x1618 adp94xx - ok
14:38:07.0835 0x1618 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:38:07.0866 0x1618 adpahci - ok
14:38:07.0881 0x1618 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:38:07.0897 0x1618 adpu320 - ok
14:38:07.0913 0x1618 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:38:08.0037 0x1618 AeLookupSvc - ok
14:38:08.0069 0x1618 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
14:38:08.0084 0x1618 AFD - ok
14:38:08.0100 0x1618 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
14:38:08.0115 0x1618 agp440 - ok
14:38:08.0115 0x1618 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
14:38:08.0147 0x1618 ALG - ok
14:38:08.0147 0x1618 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
14:38:08.0162 0x1618 aliide - ok
14:38:08.0162 0x1618 [ F17B1902DFCED1C24DB57492A7896FF8, 966AB1A072A8AF98D7EDD2A388D919B50FC41A06E1C51B04B2C2F54F1BA7F0D5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:38:08.0193 0x1618 AMD External Events Utility - ok
14:38:08.0209 0x1618 AMD FUEL Service - ok
14:38:08.0209 0x1618 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
14:38:08.0225 0x1618 amdide - ok
14:38:08.0225 0x1618 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:38:08.0240 0x1618 AmdK8 - ok
14:38:08.0552 0x1618 [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:38:08.0911 0x1618 amdkmdag - ok
14:38:08.0958 0x1618 [ AF6B384E03D15471EDCEDDDEBAA363B2, 2D8CFA26D69A8FF0FAC6EBA2E5A62977B21ECBA0C65458072FEC4A886B3EDD73 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:38:08.0973 0x1618 amdkmdap - ok
14:38:08.0989 0x1618 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:38:08.0989 0x1618 AmdPPM - ok
14:38:09.0005 0x1618 [ 53D8D46D51D390ABDB54ECA623165CB7, D16A3604412D0DC3EA68320FB6980D146ED60D587AAB6B65810C038AFF1EC237 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
14:38:09.0020 0x1618 amdsata - ok
14:38:09.0036 0x1618 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:38:09.0051 0x1618 amdsbs - ok
14:38:09.0067 0x1618 [ 75C51148154E34EB3D7BB84749A758D5, 8865F223CBAE166A9BF6CBCDA66F63369F151CCB449A28E95560C36AD45D0C85 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:38:09.0067 0x1618 amdxata - ok
14:38:09.0067 0x1618 [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:38:09.0083 0x1618 AODDriver4.3 - ok
14:38:09.0083 0x1618 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
14:38:09.0207 0x1618 AppID - ok
14:38:09.0207 0x1618 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:38:09.0254 0x1618 AppIDSvc - ok
14:38:09.0254 0x1618 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
14:38:09.0270 0x1618 Appinfo - ok
14:38:09.0270 0x1618 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
14:38:09.0285 0x1618 arc - ok
14:38:09.0301 0x1618 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:38:09.0317 0x1618 arcsas - ok
14:38:09.0332 0x1618 [ B405D1740CCE9A0A293BC4D63F7F16FC, 22EA39B01A6FE28E24757EDD464378AFD8BF85669BB9C923EDFE1769436EA94B ] ArcService C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe
14:38:09.0363 0x1618 ArcService - ok
14:38:09.0379 0x1618 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:38:09.0395 0x1618 aspnet_state - ok
14:38:09.0395 0x1618 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:38:09.0426 0x1618 AsyncMac - ok
14:38:09.0426 0x1618 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
14:38:09.0441 0x1618 atapi - ok
14:38:09.0441 0x1618 [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:38:09.0457 0x1618 AtiHDAudioService - ok
14:38:09.0488 0x1618 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:38:09.0535 0x1618 AudioEndpointBuilder - ok
14:38:09.0566 0x1618 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:38:09.0597 0x1618 AudioSrv - ok
14:38:09.0613 0x1618 [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
14:38:09.0629 0x1618 AVP - ok
14:38:09.0644 0x1618 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:38:09.0660 0x1618 AxInstSV - ok
14:38:09.0691 0x1618 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:38:09.0738 0x1618 b06bdrv - ok
14:38:09.0753 0x1618 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:38:09.0785 0x1618 b57nd60a - ok
14:38:09.0785 0x1618 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
14:38:09.0816 0x1618 BDESVC - ok
14:38:09.0816 0x1618 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
14:38:09.0847 0x1618 Beep - ok
14:38:09.0878 0x1618 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
14:38:09.0894 0x1618 BFE - ok
14:38:09.0941 0x1618 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
14:38:10.0003 0x1618 BITS - ok
14:38:10.0019 0x1618 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:38:10.0019 0x1618 blbdrive - ok
14:38:10.0034 0x1618 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:38:10.0050 0x1618 bowser - ok
14:38:10.0050 0x1618 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:38:10.0065 0x1618 BrFiltLo - ok
14:38:10.0065 0x1618 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:38:10.0081 0x1618 BrFiltUp - ok
14:38:10.0097 0x1618 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
14:38:10.0112 0x1618 Browser - ok
14:38:10.0128 0x1618 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:38:10.0159 0x1618 Brserid - ok
14:38:10.0159 0x1618 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:38:10.0190 0x1618 BrSerWdm - ok
14:38:10.0190 0x1618 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:38:10.0206 0x1618 BrUsbMdm - ok
14:38:10.0206 0x1618 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:38:10.0221 0x1618 BrUsbSer - ok
14:38:10.0237 0x1618 [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
14:38:10.0253 0x1618 BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
14:38:12.0967 0x1618 Detect skipped due to KSN trusted
14:38:12.0967 0x1618 BrYNSvc - ok
14:38:12.0967 0x1618 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
14:38:12.0983 0x1618 BthEnum - ok
14:38:12.0998 0x1618 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:38:13.0014 0x1618 BTHMODEM - ok
14:38:13.0029 0x1618 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:38:13.0045 0x1618 BthPan - ok
14:38:13.0076 0x1618 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
14:38:13.0123 0x1618 BTHPORT - ok
14:38:13.0139 0x1618 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
14:38:13.0170 0x1618 bthserv - ok
14:38:13.0170 0x1618 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
14:38:13.0201 0x1618 BTHUSB - ok
14:38:13.0201 0x1618 [ 05ACFD6CFB58D6AC174AD50D33C24EFC, 60C86C37BCB167A37D3A17A0D2865A97487DBB98828C1ED8180F55608F7B5C87 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
14:38:13.0217 0x1618 btwaudio - ok
14:38:13.0232 0x1618 [ 73B4341807E3398DAC73102E4709ECB0, 37F2F1DCE4A945D5C3C321AE327F6E5B5194F9D39BEAC42BB235EAA2919D8A1D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
14:38:13.0248 0x1618 btwavdt - ok
14:38:13.0248 0x1618 [ DA0386AED062087147A4A9E09A23F6F1, CCA2DC854D2F612AF6FCF7D86516FC6560AC83D5B717566005ECFC89AB4AA016 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
14:38:13.0263 0x1618 btwrchid - ok
14:38:13.0279 0x1618 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:38:13.0310 0x1618 cdfs - ok
14:38:13.0326 0x1618 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:38:13.0341 0x1618 cdrom - ok
14:38:13.0341 0x1618 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
14:38:13.0388 0x1618 CertPropSvc - ok
14:38:13.0388 0x1618 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
14:38:13.0404 0x1618 circlass - ok
14:38:13.0419 0x1618 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
14:38:13.0435 0x1618 CLFS - ok
14:38:13.0451 0x1618 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:38:13.0497 0x1618 clr_optimization_v2.0.50727_32 - ok
14:38:13.0513 0x1618 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:38:13.0529 0x1618 clr_optimization_v2.0.50727_64 - ok
14:38:13.0544 0x1618 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:38:13.0560 0x1618 clr_optimization_v4.0.30319_32 - ok
14:38:13.0560 0x1618 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:38:13.0575 0x1618 clr_optimization_v4.0.30319_64 - ok
14:38:13.0575 0x1618 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:38:13.0591 0x1618 CmBatt - ok
14:38:13.0591 0x1618 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:38:13.0607 0x1618 cmdide - ok
14:38:13.0638 0x1618 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
14:38:13.0653 0x1618 CNG - ok
14:38:13.0653 0x1618 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:38:13.0669 0x1618 Compbatt - ok
14:38:13.0685 0x1618 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:38:13.0700 0x1618 CompositeBus - ok
14:38:13.0700 0x1618 COMSysApp - ok
14:38:13.0700 0x1618 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:38:13.0716 0x1618 crcdisk - ok
14:38:13.0731 0x1618 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:38:13.0747 0x1618 CryptSvc - ok
14:38:13.0763 0x1618 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:38:13.0809 0x1618 DcomLaunch - ok
14:38:13.0825 0x1618 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
14:38:13.0887 0x1618 defragsvc - ok
14:38:13.0887 0x1618 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:38:13.0919 0x1618 DfsC - ok
14:38:13.0934 0x1618 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:38:13.0950 0x1618 Dhcp - ok
14:38:13.0965 0x1618 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
14:38:13.0981 0x1618 discache - ok
14:38:13.0997 0x1618 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
14:38:13.0997 0x1618 Disk - ok
14:38:14.0012 0x1618 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:38:14.0028 0x1618 Dnscache - ok
14:38:14.0028 0x1618 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
14:38:14.0075 0x1618 dot3svc - ok
14:38:14.0090 0x1618 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
14:38:14.0121 0x1618 DPS - ok
14:38:14.0121 0x1618 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:38:14.0137 0x1618 drmkaud - ok
14:38:14.0168 0x1618 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:38:14.0184 0x1618 DXGKrnl - ok
14:38:14.0199 0x1618 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
14:38:14.0231 0x1618 EapHost - ok
14:38:14.0371 0x1618 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:38:14.0558 0x1618 ebdrv - ok
14:38:14.0574 0x1618 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
14:38:14.0574 0x1618 EFS - ok
14:38:14.0621 0x1618 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:38:14.0683 0x1618 ehRecvr - ok
14:38:14.0683 0x1618 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
14:38:14.0714 0x1618 ehSched - ok
14:38:14.0730 0x1618 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:38:14.0777 0x1618 elxstor - ok
14:38:14.0792 0x1618 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:38:14.0808 0x1618 ErrDev - ok
14:38:14.0823 0x1618 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
14:38:14.0870 0x1618 EventSystem - ok
14:38:14.0870 0x1618 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
14:38:14.0917 0x1618 exfat - ok
14:38:14.0917 0x1618 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:38:14.0948 0x1618 fastfat - ok
14:38:14.0979 0x1618 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
14:38:15.0011 0x1618 Fax - ok
14:38:15.0011 0x1618 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:38:15.0026 0x1618 fdc - ok
14:38:15.0026 0x1618 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
14:38:15.0057 0x1618 fdPHost - ok
14:38:15.0057 0x1618 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
14:38:15.0089 0x1618 FDResPub - ok
14:38:15.0089 0x1618 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:38:15.0104 0x1618 FileInfo - ok
14:38:15.0104 0x1618 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:38:15.0135 0x1618 Filetrace - ok
14:38:15.0135 0x1618 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:38:15.0167 0x1618 flpydisk - ok
14:38:15.0167 0x1618 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:38:15.0182 0x1618 FltMgr - ok
14:38:15.0229 0x1618 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
14:38:15.0260 0x1618 FontCache - ok
14:38:15.0276 0x1618 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:38:15.0291 0x1618 FontCache3.0.0.0 - ok
14:38:15.0291 0x1618 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:38:15.0323 0x1618 FsDepends - ok
14:38:15.0323 0x1618 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:38:15.0323 0x1618 Fs_Rec - ok
14:38:15.0338 0x1618 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:38:15.0354 0x1618 fvevol - ok
14:38:15.0354 0x1618 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:38:15.0385 0x1618 gagp30kx - ok
14:38:15.0416 0x1618 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
14:38:15.0463 0x1618 gpsvc - ok
14:38:15.0479 0x1618 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:38:15.0494 0x1618 hcw85cir - ok
14:38:15.0510 0x1618 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:38:15.0557 0x1618 HdAudAddService - ok
14:38:15.0557 0x1618 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:38:15.0572 0x1618 HDAudBus - ok
14:38:15.0572 0x1618 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:38:15.0588 0x1618 HidBatt - ok
14:38:15.0603 0x1618 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:38:15.0635 0x1618 HidBth - ok
14:38:15.0635 0x1618 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
14:38:15.0650 0x1618 HidIr - ok
14:38:15.0650 0x1618 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
14:38:15.0681 0x1618 hidserv - ok
14:38:15.0697 0x1618 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:38:15.0744 0x1618 HidUsb - ok
14:38:15.0759 0x1618 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:38:15.0791 0x1618 hkmsvc - ok
14:38:15.0806 0x1618 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:38:15.0822 0x1618 HomeGroupListener - ok
14:38:15.0822 0x1618 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:38:15.0837 0x1618 HomeGroupProvider - ok
14:38:15.0853 0x1618 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:38:15.0869 0x1618 HpSAMD - ok
14:38:15.0900 0x1618 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:38:15.0931 0x1618 HTTP - ok
14:38:15.0947 0x1618 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:38:15.0947 0x1618 hwpolicy - ok
14:38:15.0962 0x1618 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:38:15.0962 0x1618 i8042prt - ok
14:38:15.0993 0x1618 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:38:16.0025 0x1618 iaStorV - ok
14:38:16.0040 0x1618 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:38:16.0071 0x1618 idsvc - ok
14:38:16.0071 0x1618 IEEtwCollectorService - ok
14:38:16.0071 0x1618 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:38:16.0087 0x1618 iirsp - ok
14:38:16.0134 0x1618 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
14:38:16.0149 0x1618 IKEEXT - ok
14:38:16.0243 0x1618 [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:38:16.0290 0x1618 IntcAzAudAddService - ok
14:38:16.0305 0x1618 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
14:38:16.0321 0x1618 intelide - ok
14:38:16.0321 0x1618 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:38:16.0337 0x1618 intelppm - ok
14:38:16.0352 0x1618 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:38:16.0383 0x1618 IPBusEnum - ok
14:38:16.0383 0x1618 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:38:16.0430 0x1618 IpFilterDriver - ok
14:38:16.0446 0x1618 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:38:16.0477 0x1618 iphlpsvc - ok
14:38:16.0477 0x1618 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:38:16.0508 0x1618 IPMIDRV - ok
14:38:16.0508 0x1618 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:38:16.0555 0x1618 IPNAT - ok
14:38:16.0555 0x1618 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:38:16.0571 0x1618 IRENUM - ok
14:38:16.0586 0x1618 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:38:16.0602 0x1618 isapnp - ok
14:38:16.0617 0x1618 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:38:16.0649 0x1618 iScsiPrt - ok
14:38:16.0649 0x1618 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:38:16.0649 0x1618 kbdclass - ok
14:38:16.0664 0x1618 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:38:16.0664 0x1618 kbdhid - ok
14:38:16.0680 0x1618 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
14:38:16.0680 0x1618 KeyIso - ok
14:38:16.0695 0x1618 [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
14:38:16.0711 0x1618 kl1 - ok
14:38:16.0727 0x1618 [ D0C3AEF67932D2A80736FBCB956C017D, 166C2FD5F1B6FFE7A71CD821DFDD02B68D25CBF0D44BD6F2522C65CF1DEB363C ] klflt C:\Windows\system32\DRIVERS\klflt.sys
14:38:16.0727 0x1618 klflt - ok
14:38:16.0742 0x1618 [ 41DF293A7F0418F5DDED9F0297DC68F3, 25DE4BB7F2D915FCF576ABD46EEDC5574B694A2D1E5CB7AB565792C7BB57C76B ] KLIF C:\Windows\system32\DRIVERS\klif.sys
14:38:16.0758 0x1618 KLIF - ok
14:38:16.0773 0x1618 [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
14:38:16.0773 0x1618 KLIM6 - ok
14:38:16.0789 0x1618 [ 8DA5BC75C3E8A995335642F26CAEA54B, 3995AAB499A37077AA4FB372E75CD9259BA3EA7020B961CF482AC948D2D47AB4 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
14:38:16.0789 0x1618 klkbdflt - ok
14:38:16.0789 0x1618 [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
14:38:16.0805 0x1618 klmouflt - ok
14:38:16.0805 0x1618 [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd C:\Windows\system32\DRIVERS\klpd.sys
14:38:16.0805 0x1618 klpd - ok
14:38:16.0820 0x1618 [ 4828B3D2BC89B05E07101C6E60CE0A6A, C2D40EA03A526286AEDF27DE80CB0576EB59EB7581C9E9ECFCB867349593D7CE ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
14:38:16.0820 0x1618 kltdi - ok
14:38:16.0836 0x1618 [ 91BC1C5B00275A4D7FD669EFF0DDEB2A, B745518E1916441A49565478EA77C8DBC784E7B4D9DAD1EA1F648ED1727F413D ] kneps C:\Windows\system32\DRIVERS\kneps.sys
14:38:16.0836 0x1618 kneps - ok
14:38:16.0851 0x1618 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:38:16.0851 0x1618 KSecDD - ok
14:38:16.0867 0x1618 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:38:16.0883 0x1618 KSecPkg - ok
14:38:16.0883 0x1618 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:38:16.0898 0x1618 ksthunk - ok
14:38:16.0929 0x1618 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
14:38:16.0976 0x1618 KtmRm - ok
14:38:16.0992 0x1618 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:38:17.0023 0x1618 LanmanServer - ok
14:38:17.0023 0x1618 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:38:17.0054 0x1618 LanmanWorkstation - ok
14:38:17.0054 0x1618 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:38:17.0085 0x1618 lltdio - ok
14:38:17.0101 0x1618 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:38:17.0148 0x1618 lltdsvc - ok
14:38:17.0148 0x1618 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:38:17.0179 0x1618 lmhosts - ok
14:38:17.0179 0x1618 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:38:17.0210 0x1618 LSI_FC - ok
14:38:17.0210 0x1618 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:38:17.0241 0x1618 LSI_SAS - ok
14:38:17.0241 0x1618 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:38:17.0257 0x1618 LSI_SAS2 - ok
14:38:17.0273 0x1618 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:38:17.0288 0x1618 LSI_SCSI - ok
14:38:17.0288 0x1618 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
14:38:17.0319 0x1618 luafv - ok
14:38:17.0335 0x1618 [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:38:17.0335 0x1618 MBAMProtector - ok
14:38:17.0397 0x1618 [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
14:38:17.0444 0x1618 MBAMScheduler - ok
14:38:17.0475 0x1618 [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
14:38:17.0507 0x1618 MBAMService - ok
14:38:17.0507 0x1618 [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
14:38:17.0522 0x1618 MBAMWebAccessControl - ok
14:38:17.0538 0x1618 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:38:17.0553 0x1618 Mcx2Svc - ok
14:38:17.0553 0x1618 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
14:38:17.0585 0x1618 megasas - ok
14:38:17.0600 0x1618 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:38:17.0631 0x1618 MegaSR - ok
14:38:17.0631 0x1618 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
14:38:17.0663 0x1618 MMCSS - ok
14:38:17.0663 0x1618 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
14:38:17.0694 0x1618 Modem - ok
14:38:17.0694 0x1618 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:38:17.0709 0x1618 monitor - ok
14:38:17.0709 0x1618 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:38:17.0725 0x1618 mouclass - ok
14:38:17.0725 0x1618 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:38:17.0725 0x1618 mouhid - ok
14:38:17.0741 0x1618 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:38:17.0741 0x1618 mountmgr - ok
14:38:17.0756 0x1618 [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:38:17.0756 0x1618 MozillaMaintenance - ok
14:38:17.0772 0x1618 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
14:38:17.0803 0x1618 mpio - ok
14:38:17.0803 0x1618 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:38:17.0834 0x1618 mpsdrv - ok
14:38:17.0865 0x1618 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:38:17.0912 0x1618 MpsSvc - ok
14:38:17.0928 0x1618 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:38:17.0943 0x1618 MRxDAV - ok
14:38:17.0959 0x1618 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:38:17.0975 0x1618 mrxsmb - ok
14:38:17.0990 0x1618 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:38:18.0006 0x1618 mrxsmb10 - ok
14:38:18.0006 0x1618 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:38:18.0021 0x1618 mrxsmb20 - ok
14:38:18.0021 0x1618 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
14:38:18.0037 0x1618 msahci - ok
14:38:18.0037 0x1618 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:38:18.0053 0x1618 msdsm - ok
14:38:18.0068 0x1618 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
14:38:18.0084 0x1618 MSDTC - ok
14:38:18.0099 0x1618 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:38:18.0131 0x1618 Msfs - ok
14:38:18.0131 0x1618 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:38:18.0162 0x1618 mshidkmdf - ok
14:38:18.0162 0x1618 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:38:18.0177 0x1618 msisadrv - ok
14:38:18.0177 0x1618 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:38:18.0224 0x1618 MSiSCSI - ok
14:38:18.0224 0x1618 msiserver - ok
14:38:18.0224 0x1618 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:38:18.0255 0x1618 MSKSSRV - ok
14:38:18.0255 0x1618 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:38:18.0287 0x1618 MSPCLOCK - ok
14:38:18.0302 0x1618 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:38:18.0333 0x1618 MSPQM - ok
14:38:18.0349 0x1618 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:38:18.0365 0x1618 MsRPC - ok
14:38:18.0365 0x1618 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:38:18.0380 0x1618 mssmbios - ok
14:38:18.0380 0x1618 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:38:18.0411 0x1618 MSTEE - ok
14:38:18.0411 0x1618 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:38:18.0427 0x1618 MTConfig - ok
14:38:18.0443 0x1618 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
14:38:18.0443 0x1618 Mup - ok
14:38:18.0474 0x1618 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
14:38:18.0505 0x1618 napagent - ok
14:38:18.0521 0x1618 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:38:18.0567 0x1618 NativeWifiP - ok
14:38:18.0599 0x1618 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
14:38:18.0630 0x1618 NDIS - ok
14:38:18.0630 0x1618 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:38:18.0661 0x1618 NdisCap - ok
14:38:18.0677 0x1618 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:38:18.0692 0x1618 NdisTapi - ok
14:38:18.0708 0x1618 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:38:18.0739 0x1618 Ndisuio - ok
14:38:18.0739 0x1618 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:38:18.0770 0x1618 NdisWan - ok
14:38:18.0770 0x1618 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:38:18.0801 0x1618 NDProxy - ok
14:38:18.0833 0x1618 [ 0FF3C6AA3E0FE0EB316DF5449B569463, 7EDB0349F5E4714368EB27667385FF7B935D6C050E7E45C25E792D9825082C52 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:38:18.0864 0x1618 Nero BackItUp Scheduler 4.0 - ok
14:38:18.0864 0x1618 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:38:18.0895 0x1618 NetBIOS - ok
14:38:18.0911 0x1618 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:38:18.0926 0x1618 NetBT - ok
14:38:18.0942 0x1618 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
14:38:18.0942 0x1618 Netlogon - ok
14:38:18.0973 0x1618 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
14:38:18.0989 0x1618 Netman - ok
14:38:19.0004 0x1618 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:38:19.0020 0x1618 NetMsmqActivator - ok
14:38:19.0020 0x1618 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:38:19.0035 0x1618 NetPipeActivator - ok
14:38:19.0067 0x1618 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
14:38:19.0098 0x1618 netprofm - ok
14:38:19.0098 0x1618 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:38:19.0113 0x1618 NetTcpActivator - ok
14:38:19.0113 0x1618 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:38:19.0129 0x1618 NetTcpPortSharing - ok
14:38:19.0145 0x1618 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:38:19.0160 0x1618 nfrd960 - ok
14:38:19.0176 0x1618 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:38:19.0191 0x1618 NlaSvc - ok
14:38:19.0191 0x1618 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:38:19.0223 0x1618 Npfs - ok
14:38:19.0223 0x1618 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
14:38:19.0254 0x1618 nsi - ok
14:38:19.0254 0x1618 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:38:19.0285 0x1618 nsiproxy - ok
14:38:19.0347 0x1618 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:38:19.0410 0x1618 Ntfs - ok
14:38:19.0425 0x1618 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
14:38:19.0441 0x1618 Null - ok
14:38:19.0457 0x1618 [ 8EBCB9165EE7F1571842F4D9D624A74C, 115F46B8391866762AD41B299F0670D8735D124BD518A53EC73DCDBFCA9C28F9 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
14:38:19.0472 0x1618 nusb3hub - ok
14:38:19.0472 0x1618 [ 5D54DBB12BBFE07CC283FD39F2CD6D63, 3DC3F9121F8892EDABD07ACDE45DB025BA2FC4245A8D3EE343F1FDF7189B391F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:38:19.0488 0x1618 nusb3xhc - ok
14:38:19.0488 0x1618 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:38:19.0519 0x1618 nvraid - ok
14:38:19.0519 0x1618 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:38:19.0550 0x1618 nvstor - ok
14:38:19.0550 0x1618 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:38:19.0581 0x1618 nv_agp - ok
14:38:19.0581 0x1618 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:38:19.0597 0x1618 ohci1394 - ok
14:38:19.0613 0x1618 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:38:19.0628 0x1618 p2pimsvc - ok
14:38:19.0659 0x1618 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
14:38:19.0675 0x1618 p2psvc - ok
14:38:19.0691 0x1618 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
14:38:19.0706 0x1618 Parport - ok
14:38:19.0722 0x1618 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:38:19.0722 0x1618 partmgr - ok
14:38:19.0737 0x1618 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
14:38:19.0753 0x1618 PcaSvc - ok
14:38:19.0769 0x1618 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
14:38:19.0769 0x1618 pci - ok
14:38:19.0784 0x1618 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
14:38:19.0784 0x1618 pciide - ok
14:38:19.0800 0x1618 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:38:19.0831 0x1618 pcmcia - ok
14:38:19.0831 0x1618 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
14:38:19.0847 0x1618 pcw - ok
14:38:19.0862 0x1618 [ 7CADB4ABAE72390951886CF259791F5F, 9A0F4113F4E09911A44843F31E8C7047EEA39611AB490A4CF16FAE9D95310076 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
14:38:19.0878 0x1618 PDFProFiltSrvPP - ok
14:38:19.0893 0x1618 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:38:19.0940 0x1618 PEAUTH - ok
14:38:19.0971 0x1618 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:38:20.0003 0x1618 PerfHost - ok
14:38:20.0049 0x1618 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
14:38:20.0143 0x1618 pla - ok
14:38:20.0174 0x1618 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:38:20.0205 0x1618 PlugPlay - ok
14:38:20.0205 0x1618 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:38:20.0221 0x1618 PNRPAutoReg - ok
14:38:20.0237 0x1618 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:38:20.0252 0x1618 PNRPsvc - ok
14:38:20.0283 0x1618 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:38:20.0315 0x1618 PolicyAgent - ok
14:38:20.0330 0x1618 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
14:38:20.0361 0x1618 Power - ok
14:38:20.0361 0x1618 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:38:20.0393 0x1618 PptpMiniport - ok
14:38:20.0393 0x1618 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
14:38:20.0408 0x1618 Processor - ok
14:38:20.0424 0x1618 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
14:38:20.0439 0x1618 ProfSvc - ok
14:38:20.0455 0x1618 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:38:20.0455 0x1618 ProtectedStorage - ok
14:38:20.0471 0x1618 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:38:20.0486 0x1618 Psched - ok
14:38:20.0502 0x1618 [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
14:38:20.0502 0x1618 PSI - ok
14:38:20.0564 0x1618 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:38:20.0689 0x1618 ql2300 - ok
14:38:20.0705 0x1618 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:38:20.0720 0x1618 ql40xx - ok
14:38:20.0736 0x1618 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
14:38:20.0767 0x1618 QWAVE - ok
14:38:20.0767 0x1618 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:38:20.0798 0x1618 QWAVEdrv - ok
14:38:20.0798 0x1618 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:38:20.0829 0x1618 RasAcd - ok
14:38:20.0829 0x1618 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:38:20.0861 0x1618 RasAgileVpn - ok
14:38:20.0861 0x1618 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
14:38:20.0907 0x1618 RasAuto - ok
14:38:20.0907 0x1618 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:38:20.0939 0x1618 Rasl2tp - ok
14:38:20.0954 0x1618 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
14:38:21.0017 0x1618 RasMan - ok
14:38:21.0017 0x1618 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:38:21.0048 0x1618 RasPppoe - ok
14:38:21.0048 0x1618 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:38:21.0079 0x1618 RasSstp - ok
14:38:21.0095 0x1618 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:38:21.0126 0x1618 rdbss - ok
14:38:21.0126 0x1618 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:38:21.0141 0x1618 rdpbus - ok
14:38:21.0141 0x1618 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:38:21.0173 0x1618 RDPCDD - ok
14:38:21.0173 0x1618 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:38:21.0204 0x1618 RDPENCDD - ok
14:38:21.0204 0x1618 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:38:21.0235 0x1618 RDPREFMP - ok
14:38:21.0235 0x1618 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:38:21.0251 0x1618 RdpVideoMiniport - ok
14:38:21.0266 0x1618 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:38:21.0282 0x1618 RDPWD - ok
14:38:21.0282 0x1618 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:38:21.0297 0x1618 rdyboost - ok
14:38:21.0313 0x1618 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:38:21.0344 0x1618 RemoteAccess - ok
14:38:21.0344 0x1618 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:38:21.0391 0x1618 RemoteRegistry - ok
14:38:21.0407 0x1618 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:38:21.0422 0x1618 RFCOMM - ok
14:38:21.0438 0x1618 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:38:21.0453 0x1618 RpcEptMapper - ok
14:38:21.0453 0x1618 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
14:38:21.0485 0x1618 RpcLocator - ok
14:38:21.0563 0x1618 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
14:38:21.0594 0x1618 RpcSs - ok
14:38:21.0609 0x1618 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:38:21.0625 0x1618 rspndr - ok
14:38:21.0641 0x1618 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A, 9F6CFBE7E64A63E0AFEF546C4B8D889657B2055CE80279EA1B63EB5650E730F8 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:38:21.0656 0x1618 RTL8167 - ok
14:38:21.0672 0x1618 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
14:38:21.0672 0x1618 SamSs - ok
14:38:21.0687 0x1618 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:38:21.0703 0x1618 sbp2port - ok
14:38:21.0703 0x1618 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:38:21.0750 0x1618 SCardSvr - ok
14:38:21.0750 0x1618 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:38:21.0781 0x1618 scfilter - ok
14:38:21.0828 0x1618 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
14:38:21.0875 0x1618 Schedule - ok
14:38:21.0875 0x1618 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:38:21.0906 0x1618 SCPolicySvc - ok
14:38:21.0921 0x1618 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:38:21.0937 0x1618 SDRSVC - ok
14:38:21.0953 0x1618 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:38:21.0968 0x1618 secdrv - ok
14:38:21.0984 0x1618 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
14:38:21.0999 0x1618 seclogon - ok
14:38:22.0031 0x1618 [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
14:38:22.0062 0x1618 Secunia PSI Agent - ok
14:38:22.0093 0x1618 [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
14:38:22.0109 0x1618 Secunia Update Agent - ok
14:38:22.0109 0x1618 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
14:38:22.0140 0x1618 SENS - ok
14:38:22.0140 0x1618 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:38:22.0155 0x1618 SensrSvc - ok
14:38:22.0171 0x1618 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:38:22.0171 0x1618 Serenum - ok
14:38:22.0187 0x1618 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:38:22.0187 0x1618 Serial - ok
14:38:22.0202 0x1618 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:38:22.0218 0x1618 sermouse - ok
14:38:22.0218 0x1618 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
14:38:22.0265 0x1618 SessionEnv - ok
14:38:22.0265 0x1618 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:38:22.0280 0x1618 sffdisk - ok
14:38:22.0296 0x1618 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:38:22.0311 0x1618 sffp_mmc - ok
14:38:22.0311 0x1618 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:38:22.0327 0x1618 sffp_sd - ok
14:38:22.0327 0x1618 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:38:22.0343 0x1618 sfloppy - ok
14:38:22.0374 0x1618 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:38:22.0421 0x1618 SharedAccess - ok
14:38:22.0436 0x1618 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:38:22.0467 0x1618 ShellHWDetection - ok
14:38:22.0467 0x1618 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:38:22.0483 0x1618 SiSRaid2 - ok
14:38:22.0499 0x1618 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:38:22.0514 0x1618 SiSRaid4 - ok
14:38:22.0530 0x1618 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:38:22.0561 0x1618 Smb - ok
14:38:22.0561 0x1618 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:38:22.0577 0x1618 SNMPTRAP - ok
14:38:22.0577 0x1618 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
14:38:22.0592 0x1618 spldr - ok
14:38:22.0608 0x1618 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
14:38:22.0623 0x1618 Spooler - ok
14:38:22.0764 0x1618 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
14:38:22.0857 0x1618 sppsvc - ok
14:38:22.0873 0x1618 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:38:22.0904 0x1618 sppuinotify - ok
14:38:22.0935 0x1618 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:38:22.0951 0x1618 srv - ok
14:38:22.0982 0x1618 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:38:22.0998 0x1618 srv2 - ok
14:38:22.0998 0x1618 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:38:23.0013 0x1618 srvnet - ok
14:38:23.0029 0x1618 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:38:23.0045 0x1618 SSDPSRV - ok
14:38:23.0060 0x1618 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:38:23.0076 0x1618 SstpSvc - ok
14:38:23.0107 0x1618 [ AFE32AFD30464FC59CB8E88DC72F66FA, 24644F8AA47E61B98EF867BE18A9BE383822D64F3AADF2ED35E42FBFBA7B340F ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:38:23.0279 0x1618 Steam Client Service - ok
14:38:23.0279 0x1618 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:38:23.0294 0x1618 stexstor - ok
14:38:23.0294 0x1618 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
14:38:23.0310 0x1618 StillCam - ok
14:38:23.0325 0x1618 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
14:38:23.0357 0x1618 stisvc - ok
14:38:23.0357 0x1618 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:38:23.0372 0x1618 swenum - ok
14:38:23.0388 0x1618 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
14:38:23.0450 0x1618 swprv - ok
14:38:23.0528 0x1618 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
14:38:23.0653 0x1618 SysMain - ok
14:38:23.0653 0x1618 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:38:23.0684 0x1618 TabletInputService - ok
14:38:23.0700 0x1618 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
14:38:23.0747 0x1618 TapiSrv - ok
14:38:23.0762 0x1618 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
14:38:23.0793 0x1618 TBS - ok
14:38:23.0856 0x1618 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:38:23.0903 0x1618 Tcpip - ok
14:38:23.0965 0x1618 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:38:24.0012 0x1618 TCPIP6 - ok
14:38:24.0027 0x1618 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:38:24.0027 0x1618 tcpipreg - ok
14:38:24.0043 0x1618 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:38:24.0059 0x1618 TDPIPE - ok
14:38:24.0059 0x1618 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:38:24.0074 0x1618 TDTCP - ok
14:38:24.0090 0x1618 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:38:24.0105 0x1618 tdx - ok
14:38:24.0121 0x1618 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:38:24.0121 0x1618 TermDD - ok
14:38:24.0137 0x1618 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\Windows\System32\termsrv.dll
14:38:24.0168 0x1618 TermService - ok
14:38:24.0168 0x1618 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
14:38:24.0183 0x1618 Themes - ok
14:38:24.0199 0x1618 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
14:38:24.0215 0x1618 THREADORDER - ok
14:38:24.0230 0x1618 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
14:38:24.0246 0x1618 TrkWks - ok
14:38:24.0261 0x1618 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:38:24.0293 0x1618 TrustedInstaller - ok
14:38:24.0293 0x1618 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:38:24.0324 0x1618 tssecsrv - ok
14:38:24.0324 0x1618 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:38:24.0339 0x1618 TsUsbFlt - ok
14:38:24.0339 0x1618 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:38:24.0355 0x1618 TsUsbGD - ok
14:38:24.0371 0x1618 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:38:24.0386 0x1618 tunnel - ok
14:38:24.0402 0x1618 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:38:24.0417 0x1618 uagp35 - ok
14:38:24.0433 0x1618 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:38:24.0480 0x1618 udfs - ok
14:38:24.0495 0x1618 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:38:24.0511 0x1618 UI0Detect - ok
14:38:24.0511 0x1618 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:38:24.0527 0x1618 uliagpkx - ok
14:38:24.0542 0x1618 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:38:24.0542 0x1618 umbus - ok
14:38:24.0558 0x1618 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
14:38:24.0573 0x1618 UmPass - ok
14:38:24.0589 0x1618 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
14:38:24.0620 0x1618 upnphost - ok
14:38:24.0620 0x1618 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
14:38:24.0651 0x1618 usbccgp - ok
14:38:24.0651 0x1618 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:38:24.0667 0x1618 usbcir - ok
14:38:24.0683 0x1618 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:38:24.0683 0x1618 usbehci - ok
14:38:24.0698 0x1618 [ 858BE9C0E498C8E505E198E17EECE0D9, 6720DEE3620325742FA5D3481534C703A7D7DEAFABEE08652843357E8FC97FA1 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:38:24.0698 0x1618 usbfilter - ok
14:38:24.0714 0x1618 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:38:24.0729 0x1618 usbhub - ok
14:38:24.0745 0x1618 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:38:24.0745 0x1618 usbohci - ok
14:38:24.0745 0x1618 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:38:24.0776 0x1618 usbprint - ok
14:38:24.0776 0x1618 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:38:24.0792 0x1618 USBSTOR - ok
14:38:24.0807 0x1618 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:38:24.0823 0x1618 usbuhci - ok
14:38:24.0823 0x1618 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
14:38:24.0854 0x1618 UxSms - ok
14:38:24.0854 0x1618 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
14:38:24.0870 0x1618 VaultSvc - ok
14:38:24.0870 0x1618 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:38:24.0870 0x1618 vdrvroot - ok
14:38:24.0901 0x1618 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
14:38:24.0963 0x1618 vds - ok
14:38:24.0963 0x1618 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:38:24.0979 0x1618 vga - ok
14:38:24.0995 0x1618 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:38:25.0010 0x1618 VgaSave - ok
14:38:25.0026 0x1618 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:38:25.0057 0x1618 vhdmp - ok
14:38:25.0057 0x1618 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
14:38:25.0073 0x1618 viaide - ok
14:38:25.0088 0x1618 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:38:25.0088 0x1618 volmgr - ok
14:38:25.0104 0x1618 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:38:25.0119 0x1618 volmgrx - ok
14:38:25.0135 0x1618 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:38:25.0151 0x1618 volsnap - ok
14:38:25.0166 0x1618 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:38:25.0182 0x1618 vsmraid - ok
14:38:25.0260 0x1618 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
14:38:25.0385 0x1618 VSS - ok
14:38:25.0385 0x1618 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:38:25.0400 0x1618 vwifibus - ok
14:38:25.0431 0x1618 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
14:38:25.0478 0x1618 W32Time - ok
14:38:25.0494 0x1618 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:38:25.0509 0x1618 WacomPen - ok
14:38:25.0509 0x1618 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:38:25.0541 0x1618 WANARP - ok
14:38:25.0541 0x1618 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:38:25.0572 0x1618 Wanarpv6 - ok
14:38:25.0634 0x1618 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
14:38:25.0728 0x1618 wbengine - ok
14:38:25.0743 0x1618 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:38:25.0775 0x1618 WbioSrvc - ok
14:38:25.0790 0x1618 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:38:25.0821 0x1618 wcncsvc - ok
14:38:25.0837 0x1618 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:38:25.0853 0x1618 WcsPlugInService - ok
14:38:25.0853 0x1618 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
14:38:25.0868 0x1618 Wd - ok
14:38:25.0915 0x1618 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:38:25.0931 0x1618 Wdf01000 - ok
14:38:25.0946 0x1618 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:38:25.0946 0x1618 WdiServiceHost - ok
14:38:25.0962 0x1618 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:38:25.0977 0x1618 WdiSystemHost - ok
14:38:25.0993 0x1618 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
14:38:26.0024 0x1618 WebClient - ok
14:38:26.0024 0x1618 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:38:26.0071 0x1618 Wecsvc - ok
14:38:26.0087 0x1618 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:38:26.0102 0x1618 wercplsupport - ok
14:38:26.0118 0x1618 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
14:38:26.0133 0x1618 WerSvc - ok
14:38:26.0149 0x1618 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:38:26.0165 0x1618 WfpLwf - ok
14:38:26.0165 0x1618 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:38:26.0196 0x1618 WIMMount - ok
14:38:26.0196 0x1618 WinDefend - ok
14:38:26.0196 0x1618 WinHttpAutoProxySvc - ok
14:38:26.0211 0x1618 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:38:26.0243 0x1618 Winmgmt - ok
14:38:26.0321 0x1618 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
14:38:26.0445 0x1618 WinRM - ok
14:38:26.0445 0x1618 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:38:26.0477 0x1618 WinUsb - ok
14:38:26.0508 0x1618 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:38:26.0586 0x1618 Wlansvc - ok
14:38:26.0664 0x1618 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:38:26.0711 0x1618 wlidsvc - ok
14:38:26.0711 0x1618 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:38:26.0742 0x1618 WmiAcpi - ok
14:38:26.0757 0x1618 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:38:26.0789 0x1618 wmiApSrv - ok
14:38:26.0789 0x1618 WMPNetworkSvc - ok
14:38:26.0789 0x1618 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:38:26.0804 0x1618 WPCSvc - ok
14:38:26.0820 0x1618 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:38:26.0820 0x1618 WPDBusEnum - ok
14:38:26.0835 0x1618 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:38:26.0867 0x1618 ws2ifsl - ok
14:38:26.0882 0x1618 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
14:38:26.0898 0x1618 wscsvc - ok
14:38:26.0898 0x1618 WSearch - ok
14:38:26.0960 0x1618 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
14:38:27.0023 0x1618 wuauserv - ok
14:38:27.0023 0x1618 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:38:27.0038 0x1618 WudfPf - ok
14:38:27.0054 0x1618 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:38:27.0069 0x1618 WUDFRd - ok
14:38:27.0085 0x1618 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:38:27.0101 0x1618 wudfsvc - ok
14:38:27.0116 0x1618 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
14:38:27.0147 0x1618 WwanSvc - ok
14:38:27.0147 0x1618 ================ Scan global ===============================
14:38:27.0147 0x1618 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:38:27.0163 0x1618 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:38:27.0179 0x1618 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:38:27.0179 0x1618 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:38:27.0194 0x1618 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:38:27.0210 0x1618 [ Global ] - ok
14:38:27.0210 0x1618 ================ Scan MBR ==================================
14:38:27.0210 0x1618 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
14:38:27.0225 0x1618 \Device\Harddisk2\DR2 - ok
14:38:27.0225 0x1618 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
14:38:27.0272 0x1618 \Device\Harddisk0\DR0 - ok
14:38:27.0272 0x1618 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:38:27.0444 0x1618 \Device\Harddisk1\DR1 - ok
14:38:27.0444 0x1618 ================ Scan VBR ==================================
14:38:27.0444 0x1618 [ B52DB29D3EBE4FC73A9CCDC147EFB3C2 ] \Device\Harddisk2\DR2\Partition1
14:38:27.0444 0x1618 \Device\Harddisk2\DR2\Partition1 - ok
14:38:27.0475 0x1618 [ 8A7481C6D6514E4B806D8191C699FB2B ] \Device\Harddisk0\DR0\Partition1
14:38:27.0475 0x1618 \Device\Harddisk0\DR0\Partition1 - ok
14:38:27.0475 0x1618 [ C37B87D7C50EEE27CFB56B6971DBC4EB ] \Device\Harddisk1\DR1\Partition1
14:38:27.0475 0x1618 \Device\Harddisk1\DR1\Partition1 - ok
14:38:27.0475 0x1618 [ 7190A6602AB8F42EFE5EC26953A88354 ] \Device\Harddisk1\DR1\Partition2
14:38:27.0475 0x1618 \Device\Harddisk1\DR1\Partition2 - ok
14:38:27.0475 0x1618 [ E81F9B961B3726B2A6EC73737A4196A9 ] \Device\Harddisk1\DR1\Partition3
14:38:27.0475 0x1618 \Device\Harddisk1\DR1\Partition3 - ok
14:38:27.0491 0x1618 ================ Scan generic autorun ======================
14:38:27.0865 0x1618 [ 8CB8E0C93C5459B45BE1FA628FB0D761, F06830359F11515BA1CA5EC061F5B254E5A4676FBEC8AFAC23B56BB413B7E63F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:38:28.0052 0x1618 RtHDVCpl - ok
14:38:28.0083 0x1618 [ 358C81ADA09E0B6906DB82EA75B836D5, B0F0FAB3D6A3541010D3CF810D6C0005E9C5556F226A71AFA2AEB22C981EC0F3 ] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
14:38:28.0083 0x1618 NUSB3MON - detected UnsignedFile.Multi.Generic ( 1 )
14:38:30.0954 0x1618 Detect skipped due to KSN trusted
14:38:30.0954 0x1618 NUSB3MON - ok
14:38:30.0969 0x1618 [ 32AC3889C598A7314954CF515E716BDE, DE843C6B523C60776401F799C01948DDC383442B2CEAC2002A867DC860949AFE ] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe
14:38:30.0985 0x1618 IndexSearch - ok
14:38:30.0985 0x1618 [ 7D46CE32283158EB7F1D0C8E02D8DDD1, DF68039E55E90EFAB90E5FC8DE79E66CEDECB99EB353C4F349375732AAEF1BE1 ] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
14:38:30.0985 0x1618 PaperPort PTD - ok
14:38:31.0016 0x1618 [ 9F0ACAA725CF5A391AF7E2067AE45746, CA7F3C2C9D4DCB135ECBFFEB3448D272552B5DB720E0A526B4AC07B1F5E8BC9E ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
14:38:31.0032 0x1618 PDFHook - ok
14:38:31.0047 0x1618 [ 154420A93E4F676AA33A055A116255D9, DF76577C22EBB439DF2B72D1B6B7A465F067CCEC886FC7A7FB337865DA1DB914 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
14:38:31.0047 0x1618 PDF5 Registry Controller - ok
14:38:31.0063 0x1618 [ 1DF3DCE54EDF5E85D15BA381ED98FAC3, 91CDEC8ADD48A40AB4D4E49B5AF0CEB01AA7A063B6C2103E16038D46C417868F ] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
14:38:31.0063 0x1618 ControlCenter4 - detected UnsignedFile.Multi.Generic ( 1 )
14:38:33.0762 0x1618 Detect skipped due to KSN trusted
14:38:33.0762 0x1618 ControlCenter4 - ok
14:38:33.0871 0x1618 [ 63E9C23A386FFFA84B5E03BFF9B628F0, A370962791EFC4B10548AAD31F89A2B288FBD5BDBF5749323C2D98C14DFB8B49 ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
14:38:33.0965 0x1618 BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
14:38:36.0679 0x1618 Detect skipped due to KSN trusted
14:38:36.0679 0x1618 BrStsMon00 - ok
14:38:36.0695 0x1618 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:38:36.0710 0x1618 Adobe ARM - ok
14:38:36.0741 0x1618 [ 3CD5FD3FED5388DC01A072DB5D06C9CD, BED3D0CE4EF7A8D0FAB8B1E2E519D2B7F9BB81E62F5CBC6C968179FC20956165 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
14:38:36.0757 0x1618 StartCCC - ok
14:38:36.0773 0x1618 [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:38:36.0788 0x1618 SunJavaUpdateSched - ok
14:38:36.0835 0x1618 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:38:36.0866 0x1618 Sidebar - ok
14:38:36.0882 0x1618 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:38:36.0897 0x1618 mctadmin - ok
14:38:36.0944 0x1618 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:38:36.0975 0x1618 Sidebar - ok
14:38:36.0991 0x1618 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:38:37.0007 0x1618 mctadmin - ok
14:38:37.0007 0x1618 [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
14:38:37.0022 0x1618 ISUSPM - ok
14:38:37.0022 0x1618 Waiting for KSN requests completion. In queue: 8
14:38:38.0036 0x1618 Waiting for KSN requests completion. In queue: 8
14:38:39.0050 0x1618 Waiting for KSN requests completion. In queue: 8
14:38:40.0080 0x1618 AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x41000 ( enabled : updated )
14:38:40.0095 0x1618 FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmifw.exe ( 14.0.0.4651 ), 0x41010 ( enabled )
14:38:42.0825 0x1618 ============================================================
14:38:42.0825 0x1618 Scan finished
14:38:42.0825 0x1618 ============================================================
14:38:42.0825 0x14fc Detected object count: 0
14:38:42.0825 0x14fc Actual detected object count: 0
14:39:50.0137 0x1120 Deinitialize success
noch was zu dem Malwarefund: Ich rufe mit Windows Live Mail meine Emails ab. Gestern hat es mir mein Adressbuch von Live Mail zerstört als ich aufgefordert wurde meine Emails zu komprimieren. Daraufhin waren aus einem ominösen Grund alle meine Emails weg. Dazu muss ich sagen ich habe die Ordner die Windows Live Mail erstellt auf einer anderen Partition gespeichert. um falls ich meinen Rechner neu aufsetzen muss Zugriff auf meine Emails zu behalten. Ich habe also über die Optionen von Windows Live Mail den Ordner wieder zugeordnet. Anschließend habe ich Kaspersky laufen lassen und dann wurde die Malware gefunden. Ich habe Kaspersky mit der "höchsten Sicherheit" laufen lassen. |
|
23.10.2014, 11:10
| #6 |
| /// the machine /// TB-Ausbilder | Beim Virenscan Malware backdoor.win32.androm.eutw gefunden Die Funde sind nur in deinem Posteingang. Du hast da irgend eine mail drin mit anhang, und dieser Anhang ist die malware.
__________________ --> Beim Virenscan Malware backdoor.win32.androm.eutw gefunden |
|
23.10.2014, 13:55
| #7 |
| | Beim Virenscan Malware backdoor.win32.androm.eutw gefunden Hallo, hab ich mir schon gedacht. Laut Log von kaspersky sind die Mails von meinem Emailaccount von Freenet. Also lösche ich die Mails mit Kaspersky und das dürfte es dann gewesen sein oder? Mfg Kaspersky hat die Dateien jetzt anscheinend gelöscht, die Meldung das sich Malware auf meinem Rechner befindet ist weg. Ich habe nochmal einen Suchlauf gemacht und nichts mehr gefunden. Muss dazu sagen das vorhin meine Mum am Rechner war vielleicht hat sie irgendwas gedrückt oder eingestellt. Und was jetzt? Normalerweise dürfte das ja auch nicht so schlimm sein weil ich die Email und den Anhang nicht geöffnet und nix ausgeführt habe... Edit: Meine Mum meint sie hat nichts gedrückt. Glaub ich aber nicht so ganz. Naja ändern kann man es jetzt eh nicht mehr. Geändert von coldmorning (23.10.2014 um 14:46 Uhr) |
|
24.10.2014, 08:04
| #8 |
| /// the machine /// TB-Ausbilder | Beim Virenscan Malware backdoor.win32.androm.eutw gefunden Solange Du den Anhang nicht öffnest und ausführst passiert da nix 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.10.2014, 14:28
| #9 |
| | Beim Virenscan Malware backdoor.win32.androm.eutw gefunden Hi, Sorry ich muss dich nochmal stören, vielleicht kannst du mir ja weiterhelfen. Mein Rechner bootet nicht mehr. Das hat nix mit dem Virus zu tun glaube ich weil ich meinen Rechner nachdem ich den Virus gelöscht habe ne Zeit lang ganz normal hochfahren konnte... Wenn ich boote dauert es ca. 1. Minute bis der Bootbildschirm (der Bildschirm wo ich auf das Bios und andere Funktonen zugreifen kann) dann kommt ein schwarzer Bildschirm und anschließend die Nachricht: "Reboot and select proper Boot device or insert boot media in selected boot device and press any key". Ich war daraufhin im Bios weil ich vermutete das was mit der Bootreihenfolge nicht stimmt, das hat sich aber nicht bestätigt da hat alles gepasst. Was mir aufgefallen ist ist, das eine Festplatte nicht mehr erkannt wird, da liegt der Hase im Pfeffer. Es ist so das ich Windows auf einer SSD installiert habe. Ich habe die Auslagerungsdatei von Windows auf die Festplatte verschoben die jetzt nicht mehr erkannt wird. Ich denke weil Windows nicht mehr auf die Auslagerungsdatei zugreifen kann startet es nicht mehr. Kann das sein? Ich wollte FRST laufen lassen das geht aber nicht weil ich nicht mehr ins Windows Boot Menu rein komme. ich war auch mit der Rescue Disk von Kaspersky drauf, die hat die Festplatte auch nicht mehr erkannt. Ist meine Platte jetzt futsch? Das wäre sehr schlecht weil da alle meine Daten drauf sind :-/. Hallo, ich habe mal Testweise einen anderen SATA Port benutzt, jetzt geht's wieder. Muss also an meinem Mainboard liegen. Ich behalte das mal im Auge, wenn ja muss ich mir halt mal ein anderes Board besorgen. |
|
25.10.2014, 08:10
| #10 |
| /// the machine /// TB-Ausbilder | Beim Virenscan Malware backdoor.win32.androm.eutw gefunden ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Beim Virenscan Malware backdoor.win32.androm.eutw gefunden |
| appdata, bytes, c:\windows, cache, code, datei, driver, files, foto, free, ics, kaspersky, live, mail, malware, microsoft, pdf, rechner, scan, system, system32, usb, windows, windows live, windows live mail |
Linear-Darstellung
