| |
| |||||||
Log-Analyse und Auswertung: PC langsam und CPU oft bei 100%Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.03.2015, 22:35
| #1 |
 |  PC langsam und CPU oft bei 100% Liebes Trojaner-Board-Team, mein PC ist zur Zeit sehr langsam, teilweise ist die CPU lange bei 100% (Nur ein Browser offen). Zusätzlich verschinden teilweise, wenn ich einen Browser öffne, kurz alle Symbole auf meinem Desktop und Programmleiste und werden durch ein weißes Symbol ersetzt. Das alles kommt mir irgendwie sehr komisch vor. Wenn ich in den Task-Manager starte, sehe ich Prozesse zu denen kein User und kein Pfad angezeigt wird, zb. csrss.exe. Ich hoffe ihr könnt mir helfen, den ich fürchte ich habe mir irgendwie einen Virus eingefangen. Danke schon mal im Voraus. Technische Daten: Betriebssystem: Windows 7 Home Premium Prozessor: Intel(R) Core(TM) i5-3317U Arbeitsspeicher: 8GB Systemtyp: 64-Bit Schutzprogramme: Kaspersky Internet Security 2015 Logs: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:41 on 08/03/2015 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by User (ATTENTION: The logged in user is not administrator) on MS-STUDY-LAPTOP on 08-03-2015 21:46:54
Running from C:\Users\User\Desktop
Loaded Profiles: UpdatusUser & User & Admin (Available profiles: UpdatusUser & User & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> nvxdsync.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> AdminService.exe
Failed to access process -> CxAudMsg64.exe
Failed to access process -> HeciServer.exe
Failed to access process -> irstrtsv.exe
Failed to access process -> Jhi_service.exe
Failed to access process -> LenovoSmartConnectService.exe
Failed to access process -> svchost.exe
Failed to access process -> Ath_CoexAgent.exe
Failed to access process -> svchost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Failed to access process -> armsvc.exe
Failed to access process -> igfxCUIService.exe
Failed to access process -> dirmngr.exe
Failed to access process -> avp.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(LENOVO) C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
Failed to access process -> svchost.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> svchost.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> IntelMeFWService.exe
Failed to access process -> LMS.exe
Failed to access process -> UNS.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> dllhost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> VSSVC.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [792224 2011-12-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-12-13] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [378968 2012-01-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-04-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2014-04-29] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe [3244080 2012-04-06] (Lenovo)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-17] (LENOVO)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\RunOnce: [DeleteVeriFace] => C:\Windows\DeleteVF.exe [320864 2014-04-29] (TODO: <公司名>)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\...\Run: [SkyDrive] => C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\...\MountPoints2: {8e1cabb4-3b1c-11e4-9143-446d57a390f2} - E:\Startme.exe
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Internet Security.lnk
ShortcutTarget: Kaspersky Internet Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3577023336-649988219-1192559642-1001\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3577023336-649988219-1192559642-1000] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-3577023336-649988219-1192559642-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
URLSearchHook: [S-1-5-21-3577023336-649988219-1192559642-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {16B26D30-2FA7-49A8-9AAD-93A94B928D29} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {16B26D30-2FA7-49A8-9AAD-93A94B928D29} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3577023336-649988219-1192559642-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-3577023336-649988219-1192559642-1001 -> {16B26D30-2FA7-49A8-9AAD-93A94B928D29} URL =
SearchScopes: HKU\S-1-5-21-3577023336-649988219-1192559642-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-08] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-08] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-08] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-08] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2014-12-11] (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-12-13] (Atheros Commnucations)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-08] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-12-11] (Sun Microsystems, Inc.)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-08] (Kaspersky Lab ZAO)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwtc4h0k.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll [2014-12-11] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2014-12-11] (Sun Microsystems, Inc.)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-08] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-08] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwtc4h0k.default\user.js [2015-02-13]
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwtc4h0k.default\Extensions\firefox@ghostery.com.xpi [2015-02-13]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwtc4h0k.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-13]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwtc4h0k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-13]
FF Extension: BetterPrivacy - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwtc4h0k.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-02-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-08]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-08]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-08]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (WOT) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-09-15]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-15]
CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-08]
CHR Extension: (HTTPS Everywhere) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-06-12]
CHR Extension: (Ghostery) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-06-12]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-13] (Atheros Commnucations) [File not signed]
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-11-25] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-16] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164184 2012-04-16] (Intel Corporation)
R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
S2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-13] (Atheros) [File not signed]
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-13] (Sony Mobile Communications)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2014-10-16] (Intel Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-08] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-08] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-12] (TODO: <Company name>)
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-11-05] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-11-05] (Microsoft Corporation) [File not signed]
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 wlidsvc; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 21:43 - 2015-03-08 21:47 - 00025756 _____ () C:\Users\User\Desktop\FRST.txt
2015-03-08 21:42 - 2015-03-08 21:46 - 00000000 ____D () C:\FRST
2015-03-08 21:41 - 2015-03-08 21:41 - 00000472 _____ () C:\Users\User\Desktop\defogger_disable.log
2015-03-08 21:41 - 2015-03-08 21:41 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-03-08 20:53 - 2015-03-08 20:53 - 00380416 _____ () C:\Users\User\Desktop\Gmer-19357.exe
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Users\User\Desktop\Scan
2015-03-08 20:51 - 2015-03-08 20:51 - 02095104 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-03-08 20:50 - 2015-03-08 20:50 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
2015-03-08 20:40 - 2015-03-08 20:40 - 00000022 _____ () C:\Windows\S.dirmngr
2015-03-06 11:32 - 2015-03-06 11:32 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-03-01 23:04 - 2015-03-02 15:17 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-25 15:07 - 2015-02-27 14:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 12:14 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 12:14 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 11:12 - 2015-02-25 11:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\Atheros
2015-02-25 11:12 - 2015-02-25 11:12 - 00000000 ____D () C:\Users\User\AppData\Local\BMExplorer
2015-02-24 11:31 - 2015-02-24 11:31 - 00000000 ____D () C:\Users\User\AppData\Local\Steam
2015-02-24 11:04 - 2015-02-24 11:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\Macromedia
2015-02-24 10:52 - 2015-02-24 10:52 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-02-23 12:55 - 2015-02-24 18:09 - 00000683 _____ () C:\Users\User\Desktop\AWS-20150223.txt
2015-02-20 19:51 - 2015-02-20 19:51 - 00000000 ____D () C:\ProgramData\Energy Management
2015-02-15 10:24 - 2015-02-15 10:24 - 00003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 20:14 - 2015-02-13 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-02-13 20:12 - 2015-02-13 20:14 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2015-02-13 20:11 - 2015-02-13 20:11 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-12 20:01 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 20:01 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:01 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 20:01 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 12:25 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 12:25 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 12:25 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 12:25 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 12:24 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 12:24 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 12:24 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 12:24 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 12:24 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 12:24 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 12:24 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 12:24 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 12:24 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 12:24 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 12:24 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:24 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 12:24 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 12:24 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 12:24 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:24 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:24 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 12:24 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 12:24 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 12:24 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 12:24 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 12:24 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 12:24 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 12:24 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 12:24 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 12:24 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 12:24 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:24 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 12:24 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 12:24 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 12:24 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:24 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 12:24 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 12:24 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 12:24 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 12:24 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 12:24 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 12:24 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 12:24 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 12:24 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 12:24 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:24 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 12:24 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:24 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 12:24 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 12:24 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:24 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 12:24 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 12:24 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 12:24 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 12:24 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:24 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 12:24 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 12:24 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 12:24 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 12:24 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:24 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 12:24 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 12:24 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 12:24 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 12:23 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 12:23 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 12:23 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 12:23 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 12:23 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 12:23 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 12:23 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 12:23 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 12:23 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 12:23 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 12:23 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 12:23 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 12:23 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 12:23 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 12:23 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 12:23 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 12:23 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 12:23 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 12:23 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 12:23 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 12:23 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 12:23 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 12:23 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:23 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 12:23 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 12:23 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 12:23 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 12:23 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 12:23 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 12:23 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 12:22 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 12:22 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 12:22 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 12:22 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 12:22 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 12:22 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 12:22 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 12:22 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 21:41 - 2014-09-13 09:08 - 00000000 ____D () C:\Users\Admin
2015-03-08 21:39 - 2014-10-08 18:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 21:32 - 2014-07-10 09:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 21:29 - 2014-04-29 11:44 - 01284386 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 21:28 - 2014-09-06 12:20 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-08 21:05 - 2009-07-14 05:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 21:05 - 2009-07-14 05:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 20:47 - 2014-06-11 19:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\KeePass
2015-03-08 20:46 - 2014-04-29 21:37 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-03-08 20:46 - 2014-04-29 21:37 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-03-08 20:46 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 20:42 - 2014-06-11 18:23 - 00000000 ___RD () C:\Users\User\Dropbox
2015-03-08 20:42 - 2014-06-11 18:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-03-08 20:41 - 2014-06-11 18:17 - 00000000 ___RD () C:\Users\User\OneDrive
2015-03-08 20:39 - 2014-07-10 09:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 20:39 - 2014-06-06 08:36 - 00043364 _____ () C:\Users\Public\CAFADEBUG.log
2015-03-08 20:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 20:39 - 2009-07-14 05:51 - 00099225 _____ () C:\Windows\setupact.log
2015-03-08 11:17 - 2014-06-11 18:17 - 00002192 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-06 09:53 - 2014-11-12 10:33 - 00000000 ____D () C:\Users\User\AppData\Local\Eclipse
2015-03-06 09:19 - 2014-06-12 09:23 - 00000000 ____D () C:\Users\User\Documents\bloodbowlchaos
2015-03-06 08:22 - 2014-06-11 19:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-01 22:00 - 2014-06-16 23:12 - 00000000 ____D () C:\Users\User\Desktop\Private
2015-03-01 10:09 - 2014-06-11 18:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-27 15:06 - 2014-06-24 15:01 - 00000000 ____D () C:\Users\User\UMLet
2015-02-15 10:22 - 2014-12-14 12:34 - 00000000 ____D () C:\Users\User\Documents\Reisen
2015-02-14 14:34 - 2010-11-21 04:47 - 00155788 _____ () C:\Windows\PFRO.log
2015-02-13 20:11 - 2015-01-28 08:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-13 19:07 - 2014-06-11 18:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 14:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 20:03 - 2014-04-29 12:10 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-11 12:40 - 2009-07-14 05:45 - 00308592 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 12:38 - 2014-12-11 14:32 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 12:38 - 2014-06-11 21:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 12:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 12:36 - 2014-06-11 21:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 12:30 - 2014-06-11 21:37 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-06 16:39 - 2014-06-12 07:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 16:39 - 2014-06-12 07:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-02-15 10:24 - 2015-02-15 10:24 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-06 06:37 - 2014-06-06 06:37 - 0003072 _____ () C:\Users\User\AppData\Local\file__0.localstorage
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4atagz.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Nochmal vielen Dank im voraus und beste Grüße, ArmeSocke |
|
09.03.2015, 02:33
| #2 |
| /// the machine /// TB-Ausbilder    | PC langsam und CPU oft bei 100% Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
09.03.2015, 07:47
| #3 |
| | PC langsam und CPU oft bei 100% Ok. Danke für die schnelle Antwort.
__________________Defogger und FRST hatte ich ja schon gepostet. Jetzt noch die fehlenden. Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by User at 2015-03-08 21:47:18
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.3042.60281 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.3042.60281 - Alcor Micro Corp.) Hidden
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Blood Bowl: Chaos Edition (HKLM-x32\...\Steam App 216890) (Version: - Cyanide Studios)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.145 - Atheros Communications)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.50 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3577023336-649988219-1192559642-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.9 - Lenovo)
Energy Management (x32 Version: 7.0.3.9 - Lenovo) Hidden
Gephi 0.8.2 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version: - Gephi)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gpg4win (2.2.3) (HKLM-x32\...\GPG4Win) (Version: 2.2.3 - The Gpg4win Project)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)
Java SE Development Kit 7 Update 76 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170760}) (Version: 1.7.0.760 - Oracle)
Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Java(TM) SE Development Kit 6 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160450}) (Version: 1.6.0.450 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.7 - Lenovo)
Lenovo CAPOSD (x32 Version: 1.0.0.7 - Lenovo) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.1214.1 - Lenovo EasyCamera)
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.0.29 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3577023336-649988219-1192559642-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Nsd (HKLM-x32\...\{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}) (Version: 1.0.1.5 - Lenovo)
NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1083 - RStudio)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.33.0 - Synaptics Incorporated)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)
Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino USB Driver (01/04/2013 1.0.0.0) (HKLM\...\1E3EA5624DD04BEFECF3FFF6D3A21CCE9CD70A91) (Version: 01/04/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
Windows Driver Package - Lenovo Corporation (LAD) System (01/13/2012 1.0.0.2) (HKLM\...\5E61CDC4058A17FE9BE3046B1846F3118CD618B1) (Version: 01/13/2012 1.0.0.2 - Lenovo Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>
==================== Loaded Modules (whitelisted) ==============
2013-12-26 18:42 - 2013-12-26 18:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2008-12-20 02:20 - 2014-04-29 12:19 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-28 13:34 - 2014-04-29 12:19 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 15:31 - 2014-04-29 12:19 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2008-12-20 02:20 - 2014-04-29 12:19 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-04-29 12:10 - 2011-12-08 10:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
2014-04-29 12:02 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\Conexant\ForteConfig\fmapp.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
==================== Accounts: =============================
Admin (S-1-5-21-3577023336-649988219-1192559642-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3577023336-649988219-1192559642-500 - Administrator - Disabled)
Gast (S-1-5-21-3577023336-649988219-1192559642-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3577023336-649988219-1192559642-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-3577023336-649988219-1192559642-1000 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-3577023336-649988219-1192559642-1001 - Limited - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/08/2015 08:41:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).
System errors:
=============
Error: (03/08/2015 08:40:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (03/08/2015 08:39:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/08/2015 03:25:32 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (03/08/2015 03:25:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/08/2015 11:15:55 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (03/08/2015 11:15:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/08/2015 00:44:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.
Error: (03/07/2015 07:41:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (03/07/2015 07:41:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/07/2015 11:15:19 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Microsoft Office Sessions:
=========================
Error: (03/08/2015 08:41:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.
Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.
CodeIntegrity Errors:
===================================
Date: 2015-02-14 14:39:21.971
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-14 14:39:21.961
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-13 18:49:42.513
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-13 18:49:42.461
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-13 14:35:54.502
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-13 14:35:54.502
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-13 14:35:36.001
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-13 14:35:36.001
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-12 20:03:17.496
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-12 20:03:17.493
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 32%
Total physical RAM: 8052.9 MB
Available physical RAM: 5411.83 MB
Total Pagefile: 16103.99 MB
Available Pagefile: 13296.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:300.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.56 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-08 22:00:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwtiquog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b0a400 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b13f20 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b2ffb0 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b3f2e0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b69a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b794c0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b79630 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076b987e0 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcb62db0 5 bytes JMP 000007fffcb50180
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcb637d0 7 bytes JMP 000007fffcb500d8
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcb68ef0 6 bytes JMP 000007fffcb50148
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcb7af60 5 bytes JMP 000007fffcb50110
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9f89f0 8 bytes JMP 000007fffcb501f0
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9fbe50 8 bytes JMP 000007fffcb501b8
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 0000000076c26c80 5 bytes JMP 000000016fff0308
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076c2a5b4 5 bytes JMP 000000016fff02d0
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076c30810 7 bytes JMP 000000016fff0340
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c3ccec 9 bytes JMP 000000016fff0298
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec97490 11 bytes JMP 000007fffcb50228
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefecabf00 7 bytes JMP 000007fffcb50260
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef85cdc88 5 bytes JMP 000007fff85a00d8
.text C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef85cde10 5 bytes JMP 000007fff85a0110
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000076f1faa8 5 bytes JMP 0000000171d82e30
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f20038 5 bytes JMP 0000000171d82df0
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074a61401 2 bytes JMP 7493b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074a61419 2 bytes JMP 7493b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074a61431 2 bytes JMP 749b8ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074a6144a 2 bytes CALL 749148ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074a614dd 2 bytes JMP 749b87a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074a614f5 2 bytes JMP 749b8978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074a6150d 2 bytes JMP 749b8698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074a61525 2 bytes JMP 749b8a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074a6153d 2 bytes JMP 7492fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074a61555 2 bytes JMP 749368ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074a6156d 2 bytes JMP 749b8f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074a61585 2 bytes JMP 749b8ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074a6159d 2 bytes JMP 749b865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074a615b5 2 bytes JMP 7492fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074a615cd 2 bytes JMP 7493b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074a616b2 2 bytes JMP 749b8e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074a616bd 2 bytes JMP 749b85f1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d227d2 8 bytes {JMP 0x10}
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074a61401 2 bytes JMP 7493b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074a61419 2 bytes JMP 7493b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074a61431 2 bytes JMP 749b8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074a6144a 2 bytes CALL 749148ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074a614dd 2 bytes JMP 749b87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074a614f5 2 bytes JMP 749b8978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074a6150d 2 bytes JMP 749b8698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074a61525 2 bytes JMP 749b8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074a6153d 2 bytes JMP 7492fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074a61555 2 bytes JMP 749368ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074a6156d 2 bytes JMP 749b8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074a61585 2 bytes JMP 749b8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074a6159d 2 bytes JMP 749b865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074a615b5 2 bytes JMP 7492fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074a615cd 2 bytes JMP 7493b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074a616b2 2 bytes JMP 749b8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074a616bd 2 bytes JMP 749b85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d227d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d227d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d227d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
|
|
09.03.2015, 07:48
| #4 |
| | PC langsam und CPU oft bei 100% GMER.log (2/2) Code:
ATTFilter .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d227d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d227d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000076d227d2 8 bytes {JMP 0x10}
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d57a390f2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d57a390f2@2c54cf731a05 0xFF 0xB9 0x24 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d57a390f2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d57a390f2@2c54cf731a05 0xFF 0xB9 0x24 0x88 ...
---- EOF - GMER 2.1 ----
|
|
09.03.2015, 16:16
| #5 |
| /// the machine /// TB-Ausbilder | PC langsam und CPU oft bei 100% unsere Tools brauchen immer Adminrechte! Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.03.2015, 18:34
| #6 |
| | PC langsam und CPU oft bei 100% Hi Schrauber, hab die Scans gemacht. Laut Scan der TDSSKiller hat eine Bedrohung (UnsignedFile.Multi.Generic) gefunden. MalwareBytes: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.03.09.04
rootkit: v2015.02.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Admin :: MS-STUDY-LAPTOP [administrator]
09.03.2015 16:34:33
mbar-log-2015-03-09 (16-34-33).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 433463
Time elapsed: 10 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 16:45:17.0129 0x0408 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
16:45:21.0156 0x0408 ============================================================
16:45:21.0156 0x0408 Current date / time: 2015/03/09 16:45:21.0156
16:45:21.0156 0x0408 SystemInfo:
16:45:21.0156 0x0408
16:45:21.0156 0x0408 OS Version: 6.1.7601 ServicePack: 1.0
16:45:21.0156 0x0408 Product type: Workstation
16:45:21.0156 0x0408 ComputerName: MS-STUDY-LAPTOP
16:45:21.0156 0x0408 UserName: Admin
16:45:21.0156 0x0408 Windows directory: C:\Windows
16:45:21.0156 0x0408 System windows directory: C:\Windows
16:45:21.0156 0x0408 Running under WOW64
16:45:21.0156 0x0408 Processor architecture: Intel x64
16:45:21.0156 0x0408 Number of processors: 4
16:45:21.0156 0x0408 Page size: 0x1000
16:45:21.0156 0x0408 Boot type: Normal boot
16:45:21.0156 0x0408 ============================================================
16:45:21.0312 0x0408 KLMD registered as C:\Windows\system32\drivers\89277919.sys
16:45:21.0717 0x0408 System UUID: {D97AB4EC-DD3B-F190-56DB-10B078B703F6}
16:45:22.0653 0x0408 Drive \Device\Harddisk0\DR0 - Size: 0x200000000 ( 8.00 Gb ), SectorSize: 0x200, Cylinders: 0x414, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:45:22.0653 0x0408 Drive \Device\Harddisk1\DR1 - Size: 0x74709D0E00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:45:22.0669 0x0408 ============================================================
16:45:22.0669 0x0408 \Device\Harddisk0\DR0:
16:45:22.0669 0x0408 MBR partitions:
16:45:22.0669 0x0408 \Device\Harddisk1\DR1:
16:45:22.0669 0x0408 MBR partitions:
16:45:22.0669 0x0408 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
16:45:22.0669 0x0408 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34921000
16:45:22.0669 0x0408 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x34985800, BlocksNum 0x32F0000
16:45:22.0669 0x0408 ============================================================
16:45:22.0669 0x0408 C: <-> \Device\Harddisk1\DR1\Partition2
16:45:22.0669 0x0408 D: <-> \Device\Harddisk1\DR1\Partition3
16:45:22.0669 0x0408 ============================================================
16:45:22.0669 0x0408 Initialize success
16:45:22.0669 0x0408 ============================================================
16:46:15.0985 0x0b94 ============================================================
16:46:15.0985 0x0b94 Scan started
16:46:15.0985 0x0b94 Mode: Manual; SigCheck; TDLFS;
16:46:15.0985 0x0b94 ============================================================
16:46:15.0985 0x0b94 KSN ping started
16:46:40.0177 0x0b94 KSN ping finished: true
16:46:40.0657 0x0b94 ================ Scan system memory ========================
16:46:40.0657 0x0b94 System memory - ok
16:46:40.0657 0x0b94 ================ Scan services =============================
16:46:40.0735 0x0b94 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:46:40.0781 0x0b94 1394ohci - ok
16:46:40.0797 0x0b94 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:46:40.0813 0x0b94 ACPI - ok
16:46:40.0828 0x0b94 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:46:40.0828 0x0b94 AcpiPmi - ok
16:46:40.0844 0x0b94 [ 5E813B11629007309E4FC0F0FD2B7C30, A8FDC3994D236248B7FAEA572E987C8D5903AF5305E06D624909DE786FA811BA ] ACPIVPC C:\Windows\system32\DRIVERS\AcpiVpc.sys
16:46:40.0844 0x0b94 ACPIVPC - ok
16:46:40.0859 0x0b94 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:46:40.0859 0x0b94 AdobeARMservice - ok
16:46:40.0906 0x0b94 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:46:40.0922 0x0b94 AdobeFlashPlayerUpdateSvc - ok
16:46:40.0969 0x0b94 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:46:41.0015 0x0b94 adp94xx - ok
16:46:41.0078 0x0b94 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:46:41.0109 0x0b94 adpahci - ok
16:46:41.0125 0x0b94 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:46:41.0156 0x0b94 adpu320 - ok
16:46:41.0156 0x0b94 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:46:41.0187 0x0b94 AeLookupSvc - ok
16:46:41.0203 0x0b94 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
16:46:41.0234 0x0b94 AFD - ok
16:46:41.0234 0x0b94 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
16:46:41.0249 0x0b94 agp440 - ok
16:46:41.0265 0x0b94 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
16:46:41.0282 0x0b94 ALG - ok
16:46:41.0282 0x0b94 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
16:46:41.0297 0x0b94 aliide - ok
16:46:41.0297 0x0b94 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
16:46:41.0313 0x0b94 amdide - ok
16:46:41.0328 0x0b94 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:46:41.0344 0x0b94 AmdK8 - ok
16:46:41.0344 0x0b94 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:46:41.0360 0x0b94 AmdPPM - ok
16:46:41.0375 0x0b94 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:46:41.0391 0x0b94 amdsata - ok
16:46:41.0406 0x0b94 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:46:41.0422 0x0b94 amdsbs - ok
16:46:41.0438 0x0b94 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:46:41.0453 0x0b94 amdxata - ok
16:46:41.0453 0x0b94 [ C5D5B9BAF5A940953FE8393BF937AD60, 089985EB94755EBDC0D839173F2E7B29B104746DEF6CC503039E31D2791E2FDC ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
16:46:41.0469 0x0b94 AmUStor - ok
16:46:41.0484 0x0b94 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
16:46:41.0516 0x0b94 AppID - ok
16:46:41.0531 0x0b94 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:46:41.0562 0x0b94 AppIDSvc - ok
16:46:41.0562 0x0b94 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
16:46:41.0578 0x0b94 Appinfo - ok
16:46:41.0594 0x0b94 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
16:46:41.0609 0x0b94 arc - ok
16:46:41.0625 0x0b94 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:46:41.0640 0x0b94 arcsas - ok
16:46:41.0656 0x0b94 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:46:41.0672 0x0b94 aspnet_state - ok
16:46:41.0687 0x0b94 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:41.0718 0x0b94 AsyncMac - ok
16:46:41.0718 0x0b94 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
16:46:41.0734 0x0b94 atapi - ok
16:46:41.0734 0x0b94 [ EF3B9AD9D03047EBA1369732B2F55AFE, 19D5CE66C492666EB2C94E6ED2347F923B1815196955F1BC4B9E397625FE1FFD ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
16:46:41.0750 0x0b94 AthBTPort - ok
16:46:41.0765 0x0b94 [ 8BE63D6CE5C6994888C231CB5F8464FF, E87EB73D4E0D578FC87BC656EEDC1ABD9BCB22248DA6F42CD9AEA14F04DFDAA7 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
16:46:41.0765 0x0b94 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
16:46:46.0133 0x0b94 Detect skipped due to KSN trusted
16:46:46.0133 0x0b94 AtherosSvc - ok
16:46:46.0196 0x0b94 [ 3660381F5EA18E14A06C98591B533AD6, F94E7D73989480CF37EDE0710A0111E9A5E51A527EAE6B8D4C84810958107EBE ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:46:46.0352 0x0b94 athr - ok
16:46:46.0367 0x0b94 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:46:46.0430 0x0b94 AudioEndpointBuilder - ok
16:46:46.0445 0x0b94 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:46:46.0476 0x0b94 AudioSrv - ok
16:46:46.0492 0x0b94 [ AB1AF0BA03DCB6A879BC22F472EACEEA, A75B73D0B1FE885F6DC2C7A0B755A6E12F9DC54CE702A1FFC3F283196793627A ] AVP15.0.1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
16:46:46.0523 0x0b94 AVP15.0.1 - ok
16:46:46.0539 0x0b94 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:46:46.0554 0x0b94 AxInstSV - ok
16:46:46.0586 0x0b94 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:46:46.0617 0x0b94 b06bdrv - ok
16:46:46.0632 0x0b94 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:46:46.0664 0x0b94 b57nd60a - ok
16:46:46.0679 0x0b94 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
16:46:46.0695 0x0b94 BDESVC - ok
16:46:46.0695 0x0b94 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
16:46:46.0742 0x0b94 Beep - ok
16:46:46.0757 0x0b94 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
16:46:46.0820 0x0b94 BFE - ok
16:46:46.0851 0x0b94 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
16:46:46.0929 0x0b94 BITS - ok
16:46:46.0929 0x0b94 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:46:46.0944 0x0b94 blbdrive - ok
16:46:46.0960 0x0b94 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:46:46.0976 0x0b94 bowser - ok
16:46:46.0991 0x0b94 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:46:47.0007 0x0b94 BrFiltLo - ok
16:46:47.0007 0x0b94 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:46:47.0038 0x0b94 BrFiltUp - ok
16:46:47.0038 0x0b94 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
16:46:47.0069 0x0b94 Browser - ok
16:46:47.0085 0x0b94 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:46:47.0116 0x0b94 Brserid - ok
16:46:47.0116 0x0b94 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:46:47.0132 0x0b94 BrSerWdm - ok
16:46:47.0147 0x0b94 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:46:47.0163 0x0b94 BrUsbMdm - ok
16:46:47.0163 0x0b94 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:46:47.0194 0x0b94 BrUsbSer - ok
16:46:47.0194 0x0b94 [ 72EA2FCD6456BFC6936EDA474EA08E48, 1026D73B9420B77E971F55E9959F239D688830AF4BB42BDBF3200D8D3AB5A6EA ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
16:46:47.0225 0x0b94 BTATH_A2DP - ok
16:46:47.0241 0x0b94 [ FFA0D38141FB7B93AFF465B82596D1EC, E893D7F6B24A9E2D4D427AB7CE1393DA281AA3A95F92F70B98BAD8F10C816110 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
16:46:47.0256 0x0b94 btath_avdt - ok
16:46:47.0256 0x0b94 [ A65A9B2C3A9985D8122B2B6D3D2F4C1B, 8C3E95D2153040C8AF5434301CAC3ECE2600C829EE83ABBE136797A17EE04216 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
16:46:47.0288 0x0b94 BTATH_BUS - ok
16:46:47.0288 0x0b94 [ E95F7E9F4C8A88610F4142E60CF196BE, EE2ECCDE1C6EE1E365D4DD966F6F4BA9646A21E8BE594884B39BCA87A25DB3B6 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
16:46:47.0319 0x0b94 BTATH_HCRP - ok
16:46:47.0319 0x0b94 [ 1A5C05524C0C503C87F930F154B7145D, 8A71E9E2524E63E9871734A0625A680A1A7C04A775F5F8B2A4AEEAE9379EE174 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
16:46:47.0350 0x0b94 BTATH_LWFLT - ok
16:46:47.0366 0x0b94 [ C2FD5B24F648DAC8143C51514307B0EC, D3A7BC3C96385685A725A21C2EBCC0B7387EAC6FC43B94C12B01CC582F020451 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
16:46:47.0397 0x0b94 BTATH_RCP - ok
16:46:47.0412 0x0b94 [ 01155B6604D05F844D0655C69587FC2B, 8BFB345DCB1A5FD8600F20C1C0B6C0A562EBF68B31F187E5226BD5B21B8C17F1 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
16:46:47.0459 0x0b94 BtFilter - ok
16:46:47.0459 0x0b94 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
16:46:47.0475 0x0b94 BthEnum - ok
16:46:47.0490 0x0b94 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:46:47.0506 0x0b94 BTHMODEM - ok
16:46:47.0522 0x0b94 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:46:47.0537 0x0b94 BthPan - ok
16:46:47.0553 0x0b94 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
16:46:47.0600 0x0b94 BTHPORT - ok
16:46:47.0600 0x0b94 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
16:46:47.0646 0x0b94 bthserv - ok
16:46:47.0646 0x0b94 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
16:46:47.0662 0x0b94 BTHUSB - ok
16:46:47.0678 0x0b94 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:46:47.0709 0x0b94 cdfs - ok
16:46:47.0724 0x0b94 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:46:47.0740 0x0b94 cdrom - ok
16:46:47.0756 0x0b94 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
16:46:47.0787 0x0b94 CertPropSvc - ok
16:46:47.0787 0x0b94 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
16:46:47.0818 0x0b94 circlass - ok
16:46:47.0834 0x0b94 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
16:46:47.0865 0x0b94 CLFS - ok
16:46:47.0880 0x0b94 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:46:47.0943 0x0b94 clr_optimization_v2.0.50727_32 - ok
16:46:47.0974 0x0b94 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:46:47.0990 0x0b94 clr_optimization_v2.0.50727_64 - ok
16:46:48.0005 0x0b94 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:46:48.0036 0x0b94 clr_optimization_v4.0.30319_32 - ok
16:46:48.0036 0x0b94 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:46:48.0068 0x0b94 clr_optimization_v4.0.30319_64 - ok
16:46:48.0068 0x0b94 [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
16:46:48.0083 0x0b94 clwvd - ok
16:46:48.0099 0x0b94 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:48.0130 0x0b94 CmBatt - ok
16:46:48.0130 0x0b94 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:46:48.0146 0x0b94 cmdide - ok
16:46:48.0161 0x0b94 [ AFA1BFF926592FD0C3AB97D838652EF9, C38BC4BBD4EDF779993B2FECF96C1FD55B085F3FBEB3E1AE3C892DFD369D611D ] cm_km_w C:\Windows\system32\DRIVERS\cm_km_w.sys
16:46:48.0192 0x0b94 cm_km_w - ok
16:46:48.0208 0x0b94 [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG C:\Windows\system32\Drivers\cng.sys
16:46:48.0255 0x0b94 CNG - ok
16:46:48.0302 0x0b94 [ BFF966AD3941BAF23F9563EDD0D7575D, 230C0A00D4690BE065EC7877277E61684814F8C32C990F83F123FDE8184F119B ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
16:46:48.0395 0x0b94 CnxtHdAudService - ok
16:46:48.0411 0x0b94 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:46:48.0426 0x0b94 Compbatt - ok
16:46:48.0426 0x0b94 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:46:48.0458 0x0b94 CompositeBus - ok
16:46:48.0458 0x0b94 COMSysApp - ok
16:46:48.0520 0x0b94 [ D8724B606616B2B75AF54096119580F5, 53E1DEF9F966FDE5898759A33FB62B5062A941E97B235D6F6EF79A5AD1283BDE ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:46:48.0645 0x0b94 cphs - ok
16:46:48.0660 0x0b94 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:46:48.0676 0x0b94 crcdisk - ok
16:46:48.0692 0x0b94 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:46:48.0723 0x0b94 CryptSvc - ok
16:46:48.0738 0x0b94 [ F160B26B26BA4AFE8CECC12ED5AC231E, 8DA8921A40B67ACFC7E47A54870181CDA1866901A3E8B3A2393D7C006C6B3A42 ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
16:46:48.0754 0x0b94 CxAudMsg - ok
16:46:48.0770 0x0b94 [ 7AF9DAC504FBD047CBC3E64AE52C92BF, CA8F9564733DED4C3895CF7150BB254995D66889E6BE08D6654E4F897E4FF7A4 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
16:46:48.0801 0x0b94 dc3d - ok
16:46:48.0816 0x0b94 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:46:48.0863 0x0b94 DcomLaunch - ok
16:46:48.0910 0x0b94 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
16:46:48.0972 0x0b94 defragsvc - ok
16:46:48.0972 0x0b94 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:46:49.0019 0x0b94 DfsC - ok
16:46:49.0035 0x0b94 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:46:49.0066 0x0b94 Dhcp - ok
16:46:49.0082 0x0b94 [ B54792D15F331EE083777E83EFE92573, BE3728CA2901487F093F08109CBBC7D83A5416B9D7FA69C1A3EE0C2B401A228F ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
16:46:49.0206 0x0b94 DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
16:46:53.0543 0x0b94 Detect skipped due to KSN trusted
16:46:53.0543 0x0b94 DirMngr - ok
16:46:53.0543 0x0b94 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
16:46:53.0590 0x0b94 discache - ok
16:46:53.0590 0x0b94 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
16:46:53.0606 0x0b94 Disk - ok
16:46:53.0621 0x0b94 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:46:53.0637 0x0b94 Dnscache - ok
16:46:53.0699 0x0b94 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
16:46:53.0730 0x0b94 dot3svc - ok
16:46:53.0746 0x0b94 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
16:46:53.0777 0x0b94 DPS - ok
16:46:53.0793 0x0b94 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:46:53.0808 0x0b94 drmkaud - ok
16:46:53.0824 0x0b94 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:46:53.0886 0x0b94 DXGKrnl - ok
16:46:53.0886 0x0b94 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
16:46:53.0933 0x0b94 EapHost - ok
16:46:54.0011 0x0b94 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:46:54.0167 0x0b94 ebdrv - ok
16:46:54.0183 0x0b94 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS C:\Windows\System32\lsass.exe
16:46:54.0198 0x0b94 EFS - ok
16:46:54.0276 0x0b94 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:46:54.0354 0x0b94 ehRecvr - ok
16:46:54.0370 0x0b94 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
16:46:54.0386 0x0b94 ehSched - ok
16:46:54.0401 0x0b94 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:46:54.0432 0x0b94 elxstor - ok
16:46:54.0432 0x0b94 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:46:54.0464 0x0b94 ErrDev - ok
16:46:54.0479 0x0b94 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
16:46:54.0528 0x0b94 EventSystem - ok
16:46:54.0544 0x0b94 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
16:46:54.0590 0x0b94 exfat - ok
16:46:54.0590 0x0b94 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:46:54.0653 0x0b94 fastfat - ok
16:46:54.0684 0x0b94 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
16:46:54.0731 0x0b94 Fax - ok
16:46:54.0746 0x0b94 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
16:46:54.0762 0x0b94 fdc - ok
16:46:54.0762 0x0b94 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
16:46:54.0793 0x0b94 fdPHost - ok
16:46:54.0809 0x0b94 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
16:46:54.0840 0x0b94 FDResPub - ok
16:46:54.0840 0x0b94 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:46:54.0856 0x0b94 FileInfo - ok
16:46:54.0871 0x0b94 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:46:54.0902 0x0b94 Filetrace - ok
16:46:54.0918 0x0b94 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:46:54.0934 0x0b94 flpydisk - ok
16:46:54.0934 0x0b94 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:46:54.0965 0x0b94 FltMgr - ok
16:46:54.0996 0x0b94 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
16:46:55.0090 0x0b94 FontCache - ok
16:46:55.0105 0x0b94 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:46:55.0121 0x0b94 FontCache3.0.0.0 - ok
16:46:55.0136 0x0b94 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:46:55.0152 0x0b94 FsDepends - ok
16:46:55.0152 0x0b94 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:46:55.0168 0x0b94 Fs_Rec - ok
16:46:55.0183 0x0b94 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:46:55.0199 0x0b94 fvevol - ok
16:46:55.0214 0x0b94 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:46:55.0230 0x0b94 gagp30kx - ok
16:46:55.0230 0x0b94 [ A1F556318931B9EA276F4E2DA2C1791C, 1E5564A9B213689C56BFBBEC1A7BBFAD78DF1FB55422171C0680935338C5DE57 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
16:46:55.0246 0x0b94 ggflt - ok
16:46:55.0246 0x0b94 [ 7F56A3E09A6AD40B07E4EFAD34A40A18, E0EC4293035162E9EFA89A45FFF26B5BC829F7BB7F4D2D5A2CAA5E88AC6DC0C9 ] ggsomc C:\Windows\system32\DRIVERS\ggsomc.sys
16:46:55.0261 0x0b94 ggsomc - ok
16:46:55.0277 0x0b94 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
16:46:55.0355 0x0b94 gpsvc - ok
16:46:55.0355 0x0b94 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:46:55.0417 0x0b94 gupdate - ok
16:46:55.0417 0x0b94 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:46:55.0433 0x0b94 gupdatem - ok
16:46:55.0433 0x0b94 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:46:55.0448 0x0b94 hcw85cir - ok
16:46:55.0464 0x0b94 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:46:55.0495 0x0b94 HdAudAddService - ok
16:46:55.0495 0x0b94 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:46:55.0526 0x0b94 HDAudBus - ok
16:46:55.0526 0x0b94 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:46:55.0542 0x0b94 HidBatt - ok
16:46:55.0558 0x0b94 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:46:55.0573 0x0b94 HidBth - ok
16:46:55.0573 0x0b94 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
16:46:55.0604 0x0b94 HidIr - ok
16:46:55.0604 0x0b94 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
16:46:55.0651 0x0b94 hidserv - ok
16:46:55.0651 0x0b94 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:46:55.0667 0x0b94 HidUsb - ok
16:46:55.0682 0x0b94 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:46:55.0714 0x0b94 hkmsvc - ok
16:46:55.0714 0x0b94 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:46:55.0745 0x0b94 HomeGroupListener - ok
16:46:55.0760 0x0b94 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:46:55.0776 0x0b94 HomeGroupProvider - ok
16:46:55.0792 0x0b94 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:46:55.0807 0x0b94 HpSAMD - ok
16:46:55.0823 0x0b94 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:46:55.0885 0x0b94 HTTP - ok
16:46:55.0901 0x0b94 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:46:55.0916 0x0b94 hwpolicy - ok
16:46:55.0916 0x0b94 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:46:55.0932 0x0b94 i8042prt - ok
16:46:55.0963 0x0b94 [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor C:\Windows\system32\drivers\iaStor.sys
16:46:55.0994 0x0b94 iaStor - ok
16:46:55.0994 0x0b94 [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:46:56.0010 0x0b94 IAStorDataMgrSvc - ok
16:46:56.0026 0x0b94 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:46:56.0057 0x0b94 iaStorV - ok
16:46:56.0104 0x0b94 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:46:56.0166 0x0b94 idsvc - ok
16:46:56.0166 0x0b94 IEEtwCollectorService - ok
16:46:56.0260 0x0b94 [ 076023219E918D34585B231029A44571, C2AB0DE0D80D0BC6595C9F9655A890531E7952599714DC03B4ECB46947D833A8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:46:56.0478 0x0b94 igfx - ok
16:46:56.0494 0x0b94 [ C814D4A0B7B91E936B2DC0828C69ACAB, A19B503CB3C598474C61DA6F1AC087CCF287F7523D2F932B21EF21E7CA1809B1 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
16:46:56.0525 0x0b94 igfxCUIService1.0.0.0 - ok
16:46:56.0525 0x0b94 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:46:56.0540 0x0b94 iirsp - ok
16:46:56.0572 0x0b94 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
16:46:56.0618 0x0b94 IKEEXT - ok
16:46:56.0634 0x0b94 [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:46:56.0681 0x0b94 IntcDAud - ok
16:46:56.0712 0x0b94 [ 0043EC20C06FD9FE339B5D37474B731E, E84A078BDBEC7EA29257D758030271B62F3ED2C954DC1EEECC5B24B39EDB2A59 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:46:56.0743 0x0b94 Intel(R) Capability Licensing Service Interface - ok
16:46:56.0743 0x0b94 [ 50CA8F1A4B0AEC4EE583594F0A8EB719, D5CCADAA5510DDE82910C4782D2A4FF9419A832D5493BCD2DF5194D239763850 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
16:46:56.0821 0x0b94 Intel(R) ME Service - ok
16:46:56.0821 0x0b94 [ 91467F8BA0C941011FA23C4AF99918C2, 220456D1C56B4E80786FD88F8839CEFA75A5DD54E11F25A1946E2AAF6C88C6A8 ] IntelHaxm C:\Windows\system32\DRIVERS\IntelHaxm.sys
16:46:56.0852 0x0b94 IntelHaxm - ok
16:46:56.0868 0x0b94 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
16:46:56.0884 0x0b94 intelide - ok
16:46:56.0884 0x0b94 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:46:56.0899 0x0b94 intelppm - ok
16:46:56.0915 0x0b94 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:46:56.0946 0x0b94 IPBusEnum - ok
16:46:56.0946 0x0b94 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:46:56.0993 0x0b94 IpFilterDriver - ok
16:46:57.0008 0x0b94 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:46:57.0040 0x0b94 iphlpsvc - ok
16:46:57.0055 0x0b94 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:46:57.0071 0x0b94 IPMIDRV - ok
16:46:57.0086 0x0b94 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:46:57.0133 0x0b94 IPNAT - ok
16:46:57.0149 0x0b94 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:46:57.0164 0x0b94 IRENUM - ok
16:46:57.0164 0x0b94 [ 6DC22BDAA595BE00F19696E72F2F3312, B46B50395100D3A23663C56CC395A874130B72E314997AAD6C52F0C5C23364C4 ] irstrtdv C:\Windows\system32\DRIVERS\irstrtdv.sys
16:46:57.0180 0x0b94 irstrtdv - ok
16:46:57.0196 0x0b94 [ 205FD80EF4B9832F9763B9A187957260, 560410A01B4C2395F7129413C2460F6A0776DF52D08758E3AE68EC41FC79A2D3 ] irstrtsv C:\Windows\SysWOW64\irstrtsv.exe
16:46:57.0320 0x0b94 irstrtsv - ok
16:46:57.0320 0x0b94 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:46:57.0336 0x0b94 isapnp - ok
16:46:57.0367 0x0b94 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:46:57.0445 0x0b94 iScsiPrt - ok
16:46:57.0445 0x0b94 [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:46:57.0461 0x0b94 iusb3hcs - ok
16:46:57.0476 0x0b94 [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
16:46:57.0508 0x0b94 iusb3hub - ok
16:46:57.0523 0x0b94 [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:46:57.0570 0x0b94 iusb3xhc - ok
16:46:57.0586 0x0b94 [ EF27B3B58E393E9F10FB6A6643BD8185, 8671AB0159CCACA39F6D072EFFDE984BAFE56137965AA0ADEC880D00893B8E8A ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:46:57.0664 0x0b94 jhi_service - ok
16:46:57.0664 0x0b94 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:46:57.0695 0x0b94 kbdclass - ok
16:46:57.0695 0x0b94 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:46:57.0710 0x0b94 kbdhid - ok
16:46:57.0726 0x0b94 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso C:\Windows\system32\lsass.exe
16:46:57.0726 0x0b94 KeyIso - ok
16:46:57.0742 0x0b94 [ D93E72DCC2A99E67931BB79485563146, 7EF496A82E69A53465ED7D45E890275E44C979AD5E9C5E482E0DBE5DC9AD9AD3 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
16:46:57.0773 0x0b94 kl1 - ok
16:46:57.0788 0x0b94 [ CEF0410B784E8CEB0175103CDE52E7FA, 729A45D76D1886E5ECDF23F96925CEBB90A31EFA5A798D69D9C5A684380B6E36 ] kldisk C:\Windows\system32\DRIVERS\kldisk.sys
16:46:57.0804 0x0b94 kldisk - ok
16:46:57.0820 0x0b94 [ 09F851161CB4B3D92CDE85B3845DCECC, C86EE26F13DB904CD0CB92BEE282188D5E56ECE071F4D6E53F9AAB6D911C5DE0 ] klflt C:\Windows\system32\DRIVERS\klflt.sys
16:46:57.0835 0x0b94 klflt - ok
16:46:57.0835 0x0b94 [ 7A64190934B66C17F41D3921353BAEDD, D212A6ECB1CBCC665336DF982B5061A72CD88CB5BF6B2EB14B11B8BE756A670E ] klhk C:\Windows\system32\DRIVERS\klhk.sys
16:46:57.0866 0x0b94 klhk - ok
16:46:57.0882 0x0b94 [ 150DEC2F6A081D2513B7428DC060B557, 7E5996530FD821D1FAF1879F1167CBDE0B562E17388FDC46939ABEFB8869D2CE ] KLIF C:\Windows\system32\DRIVERS\klif.sys
16:46:57.0929 0x0b94 KLIF - ok
16:46:57.0944 0x0b94 [ FEAD1F401CBE9383A642877A6EA1398F, 0529A96D406DAB1C0715692441BDBC1C05123EB62005B806A8EFF5B0B6DCD5DB ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
16:46:57.0960 0x0b94 KLIM6 - ok
16:46:57.0960 0x0b94 [ 3FAE739F2AFEA18BCBB9C5E7DC6E889D, 5990C074BCB8E2172AE0A2AC0A31E6636B3C3EF0A5BB1F593E62D22D53FC5BF0 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
16:46:57.0976 0x0b94 klkbdflt - ok
16:46:57.0976 0x0b94 klkbdflt2 - ok
16:46:57.0976 0x0b94 [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
16:46:57.0991 0x0b94 klmouflt - ok
16:46:58.0007 0x0b94 [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd C:\Windows\system32\DRIVERS\klpd.sys
16:46:58.0022 0x0b94 klpd - ok
16:46:58.0022 0x0b94 [ 43957361D346A4263873932D572613F2, 719E61CADF6FB49C24370899329BDE198E55DEB175F5701382EE16311D8576D9 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
16:46:58.0038 0x0b94 kltdi - ok
16:46:58.0038 0x0b94 [ 926BA68DA79545EB6D99BB009B781E5E, EB1DB801044EB4228D38D85A8B6853EFE887B7D4E1EA1F0B8F75DD4886C96467 ] Klwtp C:\Windows\system32\DRIVERS\klwtp.sys
16:46:58.0054 0x0b94 Klwtp - ok
16:46:58.0069 0x0b94 [ D4CEEAC11C65F49D0F42E74440E829BF, 7E289BB5E400326BADDD61CBB99CB268A3E99103CF16968E1D9141C205EE309C ] kneps C:\Windows\system32\DRIVERS\kneps.sys
16:46:58.0085 0x0b94 kneps - ok
16:46:58.0100 0x0b94 [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:46:58.0116 0x0b94 KSecDD - ok
16:46:58.0116 0x0b94 [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:46:58.0147 0x0b94 KSecPkg - ok
16:46:58.0147 0x0b94 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:46:58.0194 0x0b94 ksthunk - ok
16:46:58.0241 0x0b94 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
16:46:58.0288 0x0b94 KtmRm - ok
16:46:58.0288 0x0b94 [ 7C621B3EE93130A96D7D19A02755CF3D, A18745C7C10581A2A6F7D703B6B94D672B58059274A647741F02929FBAA264B5 ] LAD C:\Windows\system32\DRIVERS\LAD.sys
16:46:58.0319 0x0b94 LAD - ok
16:46:58.0319 0x0b94 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:46:58.0366 0x0b94 LanmanServer - ok
16:46:58.0366 0x0b94 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:46:58.0412 0x0b94 LanmanWorkstation - ok
16:46:58.0412 0x0b94 [ 5F10F9351627D7E63B3E55828096E4F6, 02714A64B0156F102EAEAF6162FA56AD1BAB582F1361166B16274CE2E3E8BEA5 ] LenovoSmartConnectService C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
16:46:58.0475 0x0b94 LenovoSmartConnectService - ok
16:46:58.0475 0x0b94 [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr C:\Windows\system32\DRIVERS\LhdX64.sys
16:46:58.0490 0x0b94 LHDmgr - ok
16:46:58.0490 0x0b94 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:46:58.0522 0x0b94 lltdio - ok
16:46:58.0553 0x0b94 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:46:58.0600 0x0b94 lltdsvc - ok
16:46:58.0600 0x0b94 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:46:58.0646 0x0b94 lmhosts - ok
16:46:58.0646 0x0b94 [ 2526FECED1625752EF4F8ABB367CAA7E, EB90022051D5A6AE5FC2C7B0AD05AEF15730160FD611F652E5E7AD00C774881A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:46:58.0787 0x0b94 LMS - ok
16:46:58.0802 0x0b94 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:46:58.0818 0x0b94 LSI_FC - ok
16:46:58.0849 0x0b94 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:46:58.0865 0x0b94 LSI_SAS - ok
16:46:58.0896 0x0b94 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:46:58.0912 0x0b94 LSI_SAS2 - ok
16:46:58.0912 0x0b94 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:46:58.0927 0x0b94 LSI_SCSI - ok
16:46:58.0943 0x0b94 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
16:46:58.0974 0x0b94 luafv - ok
16:46:58.0974 0x0b94 McAWFwk - ok
16:46:58.0990 0x0b94 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:46:59.0005 0x0b94 Mcx2Svc - ok
16:46:59.0021 0x0b94 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
16:46:59.0036 0x0b94 megasas - ok
16:46:59.0052 0x0b94 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:46:59.0083 0x0b94 MegaSR - ok
16:46:59.0083 0x0b94 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:46:59.0099 0x0b94 MEIx64 - ok
16:46:59.0099 0x0b94 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
16:46:59.0146 0x0b94 MMCSS - ok
16:46:59.0146 0x0b94 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
16:46:59.0192 0x0b94 Modem - ok
16:46:59.0192 0x0b94 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:46:59.0208 0x0b94 monitor - ok
16:46:59.0224 0x0b94 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:46:59.0239 0x0b94 mouclass - ok
16:46:59.0239 0x0b94 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:46:59.0255 0x0b94 mouhid - ok
16:46:59.0270 0x0b94 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:46:59.0286 0x0b94 mountmgr - ok
16:46:59.0302 0x0b94 [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:46:59.0364 0x0b94 MozillaMaintenance - ok
16:46:59.0380 0x0b94 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
16:46:59.0411 0x0b94 mpio - ok
16:46:59.0411 0x0b94 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:46:59.0442 0x0b94 mpsdrv - ok
16:46:59.0473 0x0b94 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:46:59.0536 0x0b94 MpsSvc - ok
16:46:59.0567 0x0b94 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:46:59.0598 0x0b94 MRxDAV - ok
16:46:59.0598 0x0b94 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:46:59.0629 0x0b94 mrxsmb - ok
16:46:59.0645 0x0b94 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:46:59.0676 0x0b94 mrxsmb10 - ok
16:46:59.0676 0x0b94 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:46:59.0707 0x0b94 mrxsmb20 - ok
16:46:59.0723 0x0b94 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
16:46:59.0738 0x0b94 msahci - ok
16:46:59.0754 0x0b94 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:46:59.0785 0x0b94 msdsm - ok
16:46:59.0785 0x0b94 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
16:46:59.0816 0x0b94 MSDTC - ok
16:46:59.0816 0x0b94 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:46:59.0863 0x0b94 Msfs - ok
16:46:59.0879 0x0b94 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:46:59.0910 0x0b94 mshidkmdf - ok
16:46:59.0926 0x0b94 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:46:59.0941 0x0b94 msisadrv - ok
16:46:59.0941 0x0b94 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:46:59.0988 0x0b94 MSiSCSI - ok
16:46:59.0988 0x0b94 msiserver - ok
16:46:59.0988 0x0b94 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:47:00.0019 0x0b94 MSKSSRV - ok
16:47:00.0019 0x0b94 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:00.0066 0x0b94 MSPCLOCK - ok
16:47:00.0066 0x0b94 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:47:00.0097 0x0b94 MSPQM - ok
16:47:00.0113 0x0b94 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:47:00.0144 0x0b94 MsRPC - ok
16:47:00.0144 0x0b94 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:00.0160 0x0b94 mssmbios - ok
16:47:00.0160 0x0b94 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:47:00.0206 0x0b94 MSTEE - ok
16:47:00.0206 0x0b94 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:47:00.0222 0x0b94 MTConfig - ok
16:47:00.0222 0x0b94 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
16:47:00.0253 0x0b94 Mup - ok
16:47:00.0269 0x0b94 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
16:47:00.0316 0x0b94 napagent - ok
16:47:00.0331 0x0b94 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:47:00.0362 0x0b94 NativeWifiP - ok
16:47:00.0394 0x0b94 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
16:47:00.0440 0x0b94 NDIS - ok
16:47:00.0472 0x0b94 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:47:00.0503 0x0b94 NdisCap - ok
16:47:00.0503 0x0b94 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:00.0534 0x0b94 NdisTapi - ok
16:47:00.0550 0x0b94 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:00.0581 0x0b94 Ndisuio - ok
16:47:00.0596 0x0b94 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:00.0628 0x0b94 NdisWan - ok
16:47:00.0643 0x0b94 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:47:00.0690 0x0b94 NDProxy - ok
16:47:00.0690 0x0b94 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:47:00.0721 0x0b94 NetBIOS - ok
16:47:00.0737 0x0b94 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:47:00.0784 0x0b94 NetBT - ok
16:47:00.0799 0x0b94 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon C:\Windows\system32\lsass.exe
16:47:00.0799 0x0b94 Netlogon - ok
16:47:00.0815 0x0b94 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
16:47:00.0877 0x0b94 Netman - ok
16:47:00.0924 0x0b94 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:47:00.0955 0x0b94 NetMsmqActivator - ok
16:47:00.0986 0x0b94 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:47:01.0002 0x0b94 NetPipeActivator - ok
16:47:01.0033 0x0b94 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
16:47:01.0080 0x0b94 netprofm - ok
16:47:01.0080 0x0b94 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:47:01.0096 0x0b94 NetTcpActivator - ok
16:47:01.0096 0x0b94 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:47:01.0111 0x0b94 NetTcpPortSharing - ok
16:47:01.0127 0x0b94 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:47:01.0142 0x0b94 nfrd960 - ok
16:47:01.0142 0x0b94 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:47:01.0174 0x0b94 NlaSvc - ok
16:47:01.0174 0x0b94 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:47:01.0220 0x0b94 Npfs - ok
16:47:01.0220 0x0b94 [ 686398C3A52EE6588948EAC0C01B126C, 81712D5154535F54E492BA14F3B9140AF3A179D4BED5A1E084F3961275A6B39D ] NSD C:\Windows\system32\drivers\nsd.sys
16:47:01.0236 0x0b94 NSD - ok
16:47:01.0236 0x0b94 [ 2152DC8E58391562C9F07998C6FCCF8C, BE89243A90FC3A3D5A628E6C1DF9CB2B51839C907AD4CE1A30C38D4260FC0DCC ] Nsdfltr C:\Windows\system32\drivers\Nsdfltr.sys
16:47:01.0267 0x0b94 Nsdfltr - ok
16:47:01.0267 0x0b94 [ 486EC2BDC09FBAC5814032D38215010A, 70B1588AAF8897F36D09922BEECD8DBC6B922904B2B0E3EE3F0561624C0DE634 ] NSDSvc C:\Windows\System32\NSDSvc.exe
16:47:01.0283 0x0b94 NSDSvc - ok
16:47:01.0298 0x0b94 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
16:47:01.0330 0x0b94 nsi - ok
16:47:01.0345 0x0b94 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:47:01.0376 0x0b94 nsiproxy - ok
16:47:01.0423 0x0b94 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:47:01.0501 0x0b94 Ntfs - ok
16:47:01.0501 0x0b94 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
16:47:01.0548 0x0b94 Null - ok
16:47:01.0829 0x0b94 [ 86B50CE257C74E378FC2686B8A1F8B30, 944093E5182FD076A93D8D9C06979E2B031A310217DFF0B2723CB136EE517772 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:47:02.0312 0x0b94 nvlddmkm - ok
16:47:02.0328 0x0b94 [ 3C4C982A745D50EEF29A59927E4E37CD, DB1C833FDA7873D00578C281EC808A6A303D0B569141E5F08FC6369F84AF8318 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
16:47:02.0344 0x0b94 nvpciflt - ok
16:47:02.0359 0x0b94 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:47:02.0390 0x0b94 nvraid - ok
16:47:02.0390 0x0b94 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:47:02.0422 0x0b94 nvstor - ok
16:47:02.0437 0x0b94 [ F44DF61D9B1C1269862CF4E135B64590, 7E6579A63A6E2E75C9CA752A5D16896C1677F6B7461C9ED9E1962B97946E716B ] nvsvc C:\Windows\system32\nvvsvc.exe
16:47:02.0484 0x0b94 nvsvc - ok
16:47:02.0562 0x0b94 [ 845AF450F71A11B7358C6EFE9A76A894, 8042DF2402D00E210536552AC8202F6112F75C2F1506B0BED8DD3F04AF7BEF3F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:47:02.0749 0x0b94 nvUpdatusService - ok
16:47:02.0796 0x0b94 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:47:02.0812 0x0b94 nv_agp - ok
16:47:02.0858 0x0b94 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:47:02.0874 0x0b94 ohci1394 - ok
16:47:02.0890 0x0b94 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:47:02.0936 0x0b94 p2pimsvc - ok
16:47:02.0952 0x0b94 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
16:47:02.0983 0x0b94 p2psvc - ok
16:47:02.0999 0x0b94 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
16:47:03.0014 0x0b94 Parport - ok
16:47:03.0030 0x0b94 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:47:03.0046 0x0b94 partmgr - ok
16:47:03.0046 0x0b94 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
16:47:03.0077 0x0b94 PcaSvc - ok
16:47:03.0092 0x0b94 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
16:47:03.0108 0x0b94 pci - ok
16:47:03.0108 0x0b94 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
16:47:03.0124 0x0b94 pciide - ok
16:47:03.0155 0x0b94 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:47:03.0170 0x0b94 pcmcia - ok
16:47:03.0186 0x0b94 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
16:47:03.0202 0x0b94 pcw - ok
16:47:03.0217 0x0b94 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:47:03.0280 0x0b94 PEAUTH - ok
16:47:03.0311 0x0b94 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:47:03.0326 0x0b94 PerfHost - ok
16:47:03.0389 0x0b94 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
16:47:03.0482 0x0b94 pla - ok
16:47:03.0482 0x0b94 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:47:03.0545 0x0b94 PlugPlay - ok
16:47:03.0560 0x0b94 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:47:03.0576 0x0b94 PNRPAutoReg - ok
16:47:03.0576 0x0b94 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:47:03.0592 0x0b94 PNRPsvc - ok
16:47:03.0607 0x0b94 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:47:03.0670 0x0b94 PolicyAgent - ok
16:47:03.0670 0x0b94 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
16:47:03.0716 0x0b94 Power - ok
16:47:03.0716 0x0b94 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:47:03.0763 0x0b94 PptpMiniport - ok
16:47:03.0763 0x0b94 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
16:47:03.0779 0x0b94 Processor - ok
16:47:03.0794 0x0b94 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
16:47:03.0810 0x0b94 ProfSvc - ok
16:47:03.0826 0x0b94 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:47:03.0826 0x0b94 ProtectedStorage - ok
16:47:03.0841 0x0b94 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:47:03.0872 0x0b94 Psched - ok
16:47:03.0919 0x0b94 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:47:03.0997 0x0b94 ql2300 - ok
16:47:04.0013 0x0b94 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:47:04.0028 0x0b94 ql40xx - ok
16:47:04.0044 0x0b94 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
16:47:04.0075 0x0b94 QWAVE - ok
16:47:04.0091 0x0b94 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:47:04.0106 0x0b94 QWAVEdrv - ok
16:47:04.0106 0x0b94 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:47:04.0138 0x0b94 RasAcd - ok
16:47:04.0153 0x0b94 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:47:04.0200 0x0b94 RasAgileVpn - ok
16:47:04.0200 0x0b94 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
16:47:04.0231 0x0b94 RasAuto - ok
16:47:04.0247 0x0b94 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:47:04.0278 0x0b94 Rasl2tp - ok
16:47:04.0294 0x0b94 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
16:47:04.0340 0x0b94 RasMan - ok
16:47:04.0340 0x0b94 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:47:04.0387 0x0b94 RasPppoe - ok
16:47:04.0387 0x0b94 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:47:04.0418 0x0b94 RasSstp - ok
16:47:04.0434 0x0b94 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:47:04.0481 0x0b94 rdbss - ok
16:47:04.0481 0x0b94 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:47:04.0496 0x0b94 rdpbus - ok
16:47:04.0512 0x0b94 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:47:04.0543 0x0b94 RDPCDD - ok
16:47:04.0543 0x0b94 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:47:04.0574 0x0b94 RDPENCDD - ok
16:47:04.0590 0x0b94 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:47:04.0621 0x0b94 RDPREFMP - ok
16:47:04.0652 0x0b94 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:47:04.0668 0x0b94 RdpVideoMiniport - ok
16:47:04.0684 0x0b94 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:47:04.0699 0x0b94 RDPWD - ok
16:47:04.0715 0x0b94 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:47:04.0730 0x0b94 rdyboost - ok
16:47:04.0762 0x0b94 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:47:04.0793 0x0b94 RemoteAccess - ok
16:47:04.0808 0x0b94 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:47:04.0855 0x0b94 RemoteRegistry - ok
16:47:04.0855 0x0b94 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:47:04.0886 0x0b94 RFCOMM - ok
16:47:04.0886 0x0b94 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:47:04.0933 0x0b94 RpcEptMapper - ok
16:47:04.0933 0x0b94 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
16:47:04.0949 0x0b94 RpcLocator - ok
16:47:04.0964 0x0b94 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
16:47:05.0011 0x0b94 RpcSs - ok
16:47:05.0011 0x0b94 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:47:05.0042 0x0b94 rspndr - ok
16:47:05.0058 0x0b94 [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:47:05.0105 0x0b94 RTL8167 - ok
16:47:05.0105 0x0b94 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs C:\Windows\system32\lsass.exe
16:47:05.0120 0x0b94 SamSs - ok
16:47:05.0136 0x0b94 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:47:05.0152 0x0b94 sbp2port - ok
16:47:05.0183 0x0b94 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:47:05.0230 0x0b94 SCardSvr - ok
16:47:05.0245 0x0b94 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:47:05.0276 0x0b94 scfilter - ok
16:47:05.0323 0x0b94 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
16:47:05.0448 0x0b94 Schedule - ok
16:47:05.0448 0x0b94 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:47:05.0479 0x0b94 SCPolicySvc - ok
16:47:05.0495 0x0b94 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:47:05.0526 0x0b94 SDRSVC - ok
16:47:05.0526 0x0b94 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:47:05.0573 0x0b94 secdrv - ok
16:47:05.0604 0x0b94 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
16:47:05.0635 0x0b94 seclogon - ok
16:47:05.0651 0x0b94 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
16:47:05.0698 0x0b94 SENS - ok
16:47:05.0713 0x0b94 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:47:05.0744 0x0b94 SensrSvc - ok
16:47:05.0760 0x0b94 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:47:05.0776 0x0b94 Serenum - ok
16:47:05.0776 0x0b94 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
16:47:05.0807 0x0b94 Serial - ok
16:47:05.0807 0x0b94 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:47:05.0822 0x0b94 sermouse - ok
16:47:05.0838 0x0b94 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
16:47:05.0869 0x0b94 SessionEnv - ok
16:47:05.0869 0x0b94 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:47:05.0900 0x0b94 sffdisk - ok
16:47:05.0900 0x0b94 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:47:05.0916 0x0b94 sffp_mmc - ok
16:47:05.0932 0x0b94 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:47:05.0947 0x0b94 sffp_sd - ok
16:47:05.0947 0x0b94 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:47:05.0978 0x0b94 sfloppy - ok
16:47:06.0010 0x0b94 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:47:06.0056 0x0b94 SharedAccess - ok
16:47:06.0088 0x0b94 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:47:06.0134 0x0b94 ShellHWDetection - ok
16:47:06.0134 0x0b94 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:47:06.0166 0x0b94 SiSRaid2 - ok
16:47:06.0166 0x0b94 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:47:06.0181 0x0b94 SiSRaid4 - ok
16:47:06.0181 0x0b94 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:47:06.0228 0x0b94 Smb - ok
16:47:06.0244 0x0b94 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:47:06.0259 0x0b94 SNMPTRAP - ok
16:47:06.0275 0x0b94 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
16:47:06.0290 0x0b94 spldr - ok
16:47:06.0306 0x0b94 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
16:47:06.0384 0x0b94 Spooler - ok
16:47:06.0524 0x0b94 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
16:47:06.0696 0x0b94 sppsvc - ok
16:47:06.0712 0x0b94 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:47:06.0743 0x0b94 sppuinotify - ok
16:47:06.0758 0x0b94 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:47:06.0805 0x0b94 srv - ok
16:47:06.0821 0x0b94 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:47:06.0852 0x0b94 srv2 - ok
16:47:06.0852 0x0b94 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:47:06.0883 0x0b94 srvnet - ok
16:47:06.0883 0x0b94 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:47:06.0930 0x0b94 SSDPSRV - ok
16:47:06.0961 0x0b94 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:47:07.0008 0x0b94 SstpSvc - ok
16:47:07.0055 0x0b94 [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:47:07.0226 0x0b94 Steam Client Service - ok
16:47:07.0242 0x0b94 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:47:07.0258 0x0b94 stexstor - ok
16:47:07.0273 0x0b94 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
16:47:07.0320 0x0b94 stisvc - ok
16:47:07.0320 0x0b94 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:47:07.0336 0x0b94 swenum - ok
16:47:07.0382 0x0b94 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
16:47:07.0445 0x0b94 swprv - ok
16:47:07.0460 0x0b94 [ 2F494CF2EC5DF71465A052CF9A494C06, E2018B28693699291AD384BB4DED666D0B3BE8F35880A945A39EF74DF56A44B0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:47:07.0492 0x0b94 SynTP - ok
16:47:07.0523 0x0b94 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
16:47:07.0632 0x0b94 SysMain - ok
16:47:07.0648 0x0b94 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:47:07.0679 0x0b94 TabletInputService - ok
16:47:07.0710 0x0b94 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
16:47:07.0757 0x0b94 TapiSrv - ok
16:47:07.0772 0x0b94 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
16:47:07.0804 0x0b94 TBS - ok
16:47:07.0866 0x0b94 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:47:07.0960 0x0b94 Tcpip - ok
16:47:08.0006 0x0b94 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:47:08.0053 0x0b94 TCPIP6 - ok
16:47:08.0069 0x0b94 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:47:08.0084 0x0b94 tcpipreg - ok
16:47:08.0084 0x0b94 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:47:08.0147 0x0b94 TDPIPE - ok
16:47:08.0147 0x0b94 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:47:08.0162 0x0b94 TDTCP - ok
16:47:08.0178 0x0b94 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:47:08.0194 0x0b94 tdx - ok
16:47:08.0194 0x0b94 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:47:08.0225 0x0b94 TermDD - ok
16:47:08.0240 0x0b94 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
16:47:08.0287 0x0b94 TermService - ok
16:47:08.0287 0x0b94 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
16:47:08.0303 0x0b94 Themes - ok
16:47:08.0318 0x0b94 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
16:47:08.0350 0x0b94 THREADORDER - ok
16:47:08.0350 0x0b94 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
16:47:08.0365 0x0b94 TPM - ok
16:47:08.0381 0x0b94 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
16:47:08.0412 0x0b94 TrkWks - ok
16:47:08.0428 0x0b94 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:47:08.0459 0x0b94 TrustedInstaller - ok
16:47:08.0506 0x0b94 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:47:08.0537 0x0b94 tssecsrv - ok
16:47:08.0537 0x0b94 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:47:08.0568 0x0b94 TsUsbFlt - ok
16:47:08.0568 0x0b94 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:47:08.0584 0x0b94 TsUsbGD - ok
16:47:08.0599 0x0b94 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:47:08.0630 0x0b94 tunnel - ok
16:47:08.0630 0x0b94 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:47:08.0662 0x0b94 uagp35 - ok
16:47:08.0677 0x0b94 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:47:08.0724 0x0b94 udfs - ok
16:47:08.0740 0x0b94 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:47:08.0755 0x0b94 UI0Detect - ok
16:47:08.0771 0x0b94 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:47:08.0786 0x0b94 uliagpkx - ok
16:47:08.0786 0x0b94 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:47:08.0802 0x0b94 umbus - ok
16:47:08.0818 0x0b94 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
16:47:08.0833 0x0b94 UmPass - ok
16:47:08.0849 0x0b94 [ 5A5D20BD5BA50B8F671CDA78585729D5, 1B537183E883D64F8D6B6FC6CC01F62ED6EE744AB43124CB25EF55CA3A775558 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:47:08.0958 0x0b94 UNS - ok
16:47:08.0974 0x0b94 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
16:47:09.0020 0x0b94 upnphost - ok
16:47:09.0020 0x0b94 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:47:09.0067 0x0b94 usbccgp - ok
16:47:09.0083 0x0b94 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:47:09.0130 0x0b94 usbcir - ok
16:47:09.0145 0x0b94 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:47:09.0161 0x0b94 usbehci - ok
16:47:09.0176 0x0b94 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:47:09.0208 0x0b94 usbhub - ok
16:47:09.0223 0x0b94 [ B26ACA4784AD1295C25A7501FD4AB79E, 85AF98DE6D900C0986C9C5C808D0556DC3704C01EA0137F34C962D3B295455CE ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:47:09.0223 0x0b94 usbohci - detected UnsignedFile.Multi.Generic ( 1 )
16:47:19.0313 0x0b94 Object is SCO, delete is not allowed
16:47:19.0313 0x0b94 usbohci ( UnsignedFile.Multi.Generic ) - warning
16:47:33.0526 0x0b94 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:47:33.0573 0x0b94 usbprint - ok
16:47:33.0604 0x0b94 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:47:33.0636 0x0b94 usbscan - ok
16:47:33.0651 0x0b94 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:47:33.0682 0x0b94 USBSTOR - ok
16:47:33.0682 0x0b94 [ 35944CFF264134FFD2E7EED0F8B81A56, 48D4CD3143950B2D2650B7F37EDE0B9B94921C1E1FB2A3FFF8C23B399929726F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:47:33.0698 0x0b94 usbuhci - detected UnsignedFile.Multi.Generic ( 1 )
16:47:38.0004 0x0b94 Detect skipped due to KSN trusted
16:47:38.0004 0x0b94 usbuhci - ok
16:47:38.0019 0x0b94 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:47:38.0066 0x0b94 usbvideo - ok
16:47:38.0066 0x0b94 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
16:47:38.0097 0x0b94 UxSms - ok
16:47:38.0113 0x0b94 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc C:\Windows\system32\lsass.exe
16:47:38.0113 0x0b94 VaultSvc - ok
16:47:38.0128 0x0b94 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:47:38.0144 0x0b94 vdrvroot - ok
16:47:38.0191 0x0b94 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
16:47:38.0269 0x0b94 vds - ok
16:47:38.0269 0x0b94 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:47:38.0284 0x0b94 vga - ok
16:47:38.0284 0x0b94 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:47:38.0331 0x0b94 VgaSave - ok
16:47:38.0331 0x0b94 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:47:38.0362 0x0b94 vhdmp - ok
16:47:38.0362 0x0b94 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
16:47:38.0378 0x0b94 viaide - ok
16:47:38.0409 0x0b94 [ 9A57B880B0F7AD01155B06741E073FBE, E4E8A6EFB340433012188A1BA763B072A1671796DFCC0336EAC529753BD73A5B ] vm332avs C:\Windows\system32\Drivers\vm332avs.sys
16:47:38.0456 0x0b94 vm332avs - ok
16:47:38.0456 0x0b94 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:47:38.0472 0x0b94 volmgr - ok
16:47:38.0487 0x0b94 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:47:38.0518 0x0b94 volmgrx - ok
16:47:38.0534 0x0b94 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:47:38.0565 0x0b94 volsnap - ok
16:47:38.0565 0x0b94 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:47:38.0581 0x0b94 vsmraid - ok
16:47:38.0628 0x0b94 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
16:47:38.0721 0x0b94 VSS - ok
16:47:38.0737 0x0b94 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:47:38.0752 0x0b94 vwifibus - ok
16:47:38.0752 0x0b94 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:47:38.0784 0x0b94 vwififlt - ok
16:47:38.0799 0x0b94 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
16:47:38.0846 0x0b94 W32Time - ok
16:47:38.0846 0x0b94 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:47:38.0862 0x0b94 WacomPen - ok
16:47:38.0877 0x0b94 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:47:38.0908 0x0b94 WANARP - ok
16:47:38.0908 0x0b94 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:47:38.0940 0x0b94 Wanarpv6 - ok
16:47:38.0986 0x0b94 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
16:47:39.0049 0x0b94 wbengine - ok
16:47:39.0080 0x0b94 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:47:39.0111 0x0b94 WbioSrvc - ok
16:47:39.0127 0x0b94 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:47:39.0158 0x0b94 wcncsvc - ok
16:47:39.0174 0x0b94 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:47:39.0205 0x0b94 WcsPlugInService - ok
16:47:39.0205 0x0b94 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
16:47:39.0220 0x0b94 Wd - ok
16:47:39.0236 0x0b94 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:47:39.0283 0x0b94 Wdf01000 - ok
16:47:39.0298 0x0b94 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:47:39.0314 0x0b94 WdiServiceHost - ok
16:47:39.0330 0x0b94 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:47:39.0330 0x0b94 WdiSystemHost - ok
16:47:39.0345 0x0b94 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
16:47:39.0376 0x0b94 WebClient - ok
16:47:39.0408 0x0b94 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:47:39.0439 0x0b94 Wecsvc - ok
16:47:39.0454 0x0b94 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:47:39.0486 0x0b94 wercplsupport - ok
16:47:39.0486 0x0b94 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
16:47:39.0532 0x0b94 WerSvc - ok
16:47:39.0532 0x0b94 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:47:39.0579 0x0b94 WfpLwf - ok
16:47:39.0579 0x0b94 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:47:39.0595 0x0b94 WIMMount - ok
16:47:39.0595 0x0b94 WinDefend - ok
16:47:39.0595 0x0b94 WinHttpAutoProxySvc - ok
16:47:39.0610 0x0b94 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:47:39.0657 0x0b94 Winmgmt - ok
16:47:39.0720 0x0b94 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
16:47:39.0813 0x0b94 WinRM - ok
16:47:39.0844 0x0b94 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:47:39.0860 0x0b94 WinUsb - ok
16:47:39.0891 0x0b94 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:47:39.0954 0x0b94 Wlansvc - ok
16:47:39.0954 0x0b94 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:47:39.0969 0x0b94 WmiAcpi - ok
16:47:40.0000 0x0b94 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:47:40.0016 0x0b94 wmiApSrv - ok
16:47:40.0032 0x0b94 WMPNetworkSvc - ok
16:47:40.0032 0x0b94 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:47:40.0063 0x0b94 WPCSvc - ok
16:47:40.0078 0x0b94 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:47:40.0110 0x0b94 WPDBusEnum - ok
16:47:40.0110 0x0b94 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:47:40.0141 0x0b94 ws2ifsl - ok
16:47:40.0156 0x0b94 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
16:47:40.0172 0x0b94 wscsvc - ok
16:47:40.0188 0x0b94 WSearch - ok
16:47:40.0266 0x0b94 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
16:47:40.0359 0x0b94 wuauserv - ok
16:47:40.0375 0x0b94 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:47:40.0390 0x0b94 WudfPf - ok
16:47:40.0406 0x0b94 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:47:40.0422 0x0b94 WUDFRd - ok
16:47:40.0437 0x0b94 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:47:40.0453 0x0b94 wudfsvc - ok
16:47:40.0468 0x0b94 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
16:47:40.0500 0x0b94 WwanSvc - ok
16:47:40.0515 0x0b94 [ D83C2FF7EA53E66B8EA7901D710494EA, 5B2D3866C8D00FBDB3D9C5A03FA2C711633DF3C1D3FCB864E9A53C851E17FD18 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
16:47:40.0578 0x0b94 ZAtheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
16:47:44.0900 0x0b94 Detect skipped due to KSN trusted
16:47:44.0900 0x0b94 ZAtheros Bt&Wlan Coex Agent - ok
16:47:44.0916 0x0b94 ================ Scan global ===============================
16:47:44.0931 0x0b94 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:47:44.0947 0x0b94 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:47:44.0963 0x0b94 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:47:44.0963 0x0b94 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:47:44.0994 0x0b94 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:47:45.0009 0x0b94 [ Global ] - ok
16:47:45.0009 0x0b94 ================ Scan MBR ==================================
16:47:45.0009 0x0b94 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:47:45.0009 0x0b94 \Device\Harddisk0\DR0 - ok
16:47:45.0041 0x0b94 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:47:45.0243 0x0b94 \Device\Harddisk1\DR1 - ok
16:47:45.0243 0x0b94 ================ Scan VBR ==================================
16:47:45.0243 0x0b94 [ 690C7060DE21ED5C02DD84BC836DD040 ] \Device\Harddisk1\DR1\Partition1
16:47:45.0243 0x0b94 \Device\Harddisk1\DR1\Partition1 - ok
16:47:45.0259 0x0b94 [ 4124C05B5FBBB1E240FD6618CC6DEB19 ] \Device\Harddisk1\DR1\Partition2
16:47:45.0259 0x0b94 \Device\Harddisk1\DR1\Partition2 - ok
16:47:45.0259 0x0b94 [ 1A51DAB2B82E4985F4C075F660D247A6 ] \Device\Harddisk1\DR1\Partition3
16:47:45.0259 0x0b94 \Device\Harddisk1\DR1\Partition3 - ok
16:47:45.0259 0x0b94 ================ Scan generic autorun ======================
16:47:45.0290 0x0b94 [ 85C1A7A42D559F40AA2BB3FF12D90D4A, A60C8E3C98D8278CA399C7FA9BCA9FCA46EB6E35753503DCBB95036F3978EEF9 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
16:47:45.0337 0x0b94 AtherosBtStack - detected UnsignedFile.Multi.Generic ( 1 )
16:47:49.0674 0x0b94 Detect skipped due to KSN trusted
16:47:49.0674 0x0b94 AtherosBtStack - ok
16:47:49.0721 0x0b94 [ 8004052925477E082FC4B08C90A08D59, 33B836A7EA6B5E6BD43812DB4416CDE4EBFED80508748A6EA3A7384C27887105 ] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
16:47:49.0767 0x0b94 AthBtTray - detected UnsignedFile.Multi.Generic ( 1 )
16:47:54.0109 0x0b94 Detect skipped due to KSN trusted
16:47:54.0109 0x0b94 AthBtTray - ok
16:47:54.0141 0x0b94 [ 29DF2C444582BCACFC910E626EF5EEE0, DF558747D1F7C7C821F65BB8D94FBCF8723BD9E44FCE1BC21AC67EB3A16FFFFA ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
16:47:54.0156 0x0b94 AmIcoSinglun64 - ok
16:47:54.0156 0x0b94 SynTPEnh - ok
16:47:54.0189 0x0b94 [ 4E2B3D1B77FD1D842BAB244D32F8B0D2, B45CAE370040E19FA2C93FB9892DD4C9330828C8F298EB8AEDD5C42B0E4B1A88 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
16:47:54.0236 0x0b94 cAudioFilterAgent - ok
16:47:54.0236 0x0b94 [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
16:47:54.0252 0x0b94 ForteConfig - ok
16:47:54.0252 0x0b94 SynLenovoGestureMgr - ok
16:47:54.0439 0x0b94 [ 0C971FB9C511505E16D5E8A1340FD37E, 46B14D1EE5C9CBCAEFC8B952DCFFEC0F994D8897DDA8F0A53696615EC1149F88 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
16:47:54.0760 0x0b94 Energy Management - ok
16:47:54.0963 0x0b94 [ A0C651367C263C89212B3684977D8FBC, 2269C27E2A5509093733471D794E094EFCEBD8BFA7B0C0615B4C97AB9A0C9DD1 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
16:47:55.0197 0x0b94 EnergyUtility - ok
16:47:55.0228 0x0b94 [ 3A5D0E1BF0D7B954FD3A8BE474FCAABA, 2B41DF59122496519C8B68518AD566F3B7F28BECD089BF15B50D3D78C7369760 ] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
16:47:55.0337 0x0b94 332BigDog - ok
16:47:55.0353 0x0b94 [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
16:47:55.0415 0x0b94 USB3MON - ok
16:47:55.0415 0x0b94 [ 613166769A21CC231605F88A147B27C2, A48EB76D8B49C309B58F8ABC0C19A81379EEC95896D301B8EE8CE8BDB0DE4019 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
16:47:55.0446 0x0b94 Dolby Home Theater v4 - ok
16:47:55.0524 0x0b94 [ 8609649C2E4396209699AB576EF968D6, D6376683F95BB4C9DDAD037F859091471854ACFC82C98516E03E9E4547A50551 ] C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe
16:47:55.0634 0x0b94 Smart Update - ok
16:47:55.0649 0x0b94 [ 487620AB26D4286EB076ADCACB500E7C, 024D7D240D2AE9BBB6FEA81E2C58D431C9A41A8E2C55263CCF30182506C197E3 ] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
16:47:55.0665 0x0b94 Intelligent Touchpad - ok
16:47:55.0712 0x0b94 [ 305C31DC5C120ED45FDE11C818101B19, 251918553366EFBDB26B4A3DD4959EA15B50AF97DA43E75D2642928BA41F46FC ] C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe
16:47:55.0977 0x0b94 CAPOSD - detected UnsignedFile.Multi.Generic ( 1 )
16:48:00.0309 0x0b94 Detect skipped due to KSN trusted
16:48:00.0309 0x0b94 CAPOSD - ok
16:48:00.0371 0x0b94 [ E032ECB5304F71D642A977BC2C1C2B8E, 3B8EC8A70EE69ADBDEEAC3D9055D60C78E8FF774A6113DD4C6BAAFE09061C58E ] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
16:48:00.0434 0x0b94 KeePass 2 PreLoad - detected UnsignedFile.Multi.Generic ( 1 )
16:48:04.0744 0x0b94 Detect skipped due to KSN trusted
16:48:04.0744 0x0b94 KeePass 2 PreLoad - ok
16:48:04.0799 0x0b94 [ DBF1D13790ABEA19AC4ED7118FA3F14A, 5C07B4EDC78A805764D4CA7176AB24CCDC15CBD9838F9DB394D1A2EA8B1FEEA1 ] C:\Windows\DeleteVF.exe
16:48:04.0912 0x0b94 DeleteVeriFace - ok
16:48:04.0959 0x0b94 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:48:05.0030 0x0b94 Sidebar - ok
16:48:05.0045 0x0b94 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:48:05.0071 0x0b94 mctadmin - ok
16:48:05.0114 0x0b94 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:48:05.0150 0x0b94 Sidebar - ok
16:48:05.0157 0x0b94 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:48:05.0176 0x0b94 mctadmin - ok
16:48:05.0207 0x0b94 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:48:05.0244 0x0b94 Sidebar - ok
16:48:05.0249 0x0b94 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:48:05.0266 0x0b94 mctadmin - ok
16:48:05.0267 0x0b94 [ 0EC83E2DA29365048CBEB9A9A963BDFA, 49A41056403042B21AF3C1936489942B703BE609CB7DFC3303C417A5702501B9 ] C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
16:48:05.0300 0x0b94 SkyDrive - ok
16:48:05.0316 0x0b94 [ 0EC83E2DA29365048CBEB9A9A963BDFA, 49A41056403042B21AF3C1936489942B703BE609CB7DFC3303C417A5702501B9 ] C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
16:48:05.0349 0x0b94 SkyDrive - ok
16:48:05.0349 0x0b94 Waiting for KSN requests completion. In queue: 9
16:48:06.0349 0x0b94 Waiting for KSN requests completion. In queue: 9
16:48:07.0360 0x0b94 Waiting for KSN requests completion. In queue: 9
16:48:08.0361 0x0b94 Waiting for KSN requests completion. In queue: 9
16:48:09.0369 0x0b94 Waiting for KSN requests completion. In queue: 9
16:48:10.0572 0x0b94 AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\wmiav.exe ( 15.0.1.415 ), 0x41000 ( enabled : updated )
16:48:10.0587 0x0b94 FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\wmifw.exe ( 15.0.1.415 ), 0x41010 ( enabled )
16:48:23.0813 0x0b94 ============================================================
16:48:23.0813 0x0b94 Scan finished
16:48:23.0813 0x0b94 ============================================================
16:48:23.0828 0x1e0c Detected object count: 1
16:48:23.0828 0x1e0c Actual detected object count: 1
16:49:10.0405 0x1e0c usbohci ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:10.0405 0x1e0c usbohci ( UnsignedFile.Multi.Generic ) - User select action: Skip
ArmeSocke |
|
10.03.2015, 12:20
| #7 |
| /// the machine /// TB-Ausbilder | PC langsam und CPU oft bei 100% Das ist ein Fehlalarm  ProcessExplorer als Ersatz für den Windows Taskmanager installieren Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden. Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt. Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.03.2015, 14:32
| #8 |
| | PC langsam und CPU oft bei 100% Hallo Schrauber, vielen Danke zu erst einmal für diese Info. Das ist schon einmal beruhigend. Was für eine Art von Fehlalarm ist das denn? Ach und noch eine Frage kann ich jetzt die verschieden Programme wieder entfernen, bzw rückgängig machen (defogger)? Leider gibt es Probleme mit dem Process Explorer. Bei dem Öffnen der Links bekomme ich die folgenden Fehler: Process Explorer: Code:
ATTFilter This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Code>OutOfRangeInput</Code>
<Message>
One of the request inputs is out of range. RequestId:130c3954-0001-0000-752f-9ff030000000 Time:2015-03-10T13:22:33.4935350Z
</Message>
</Error>
"We are sorry, the page you requested cannot be found." |
|
10.03.2015, 20:04
| #9 |
| /// the machine /// TB-Ausbilder | PC langsam und CPU oft bei 100%
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.03.2015, 20:54
| #10 |
| | PC langsam und CPU oft bei 100% Hey, damit hat es geklappt. Sowie es aussieht frisst Kaspersky die meisten Ressourcen. Aus diesem Grund habe ich mal Kaspersky geöffnet und gesehen, dass es einen vollständigen Scan ausführt. Und jetzt wo der Scan vorbei ist scheint sich die Performance verbessert zu haben. jetzt sind im oberen Bereich hauptsächlich Chrome-Prozesse aktiv. Wieso hat Chrome eigentlich so viel Prozesse offen, obwohl ich nur ein Fenster offen habe? Ich habe dir ein Bild mit dem Fenster geöffnet und zusätzlich Details von den intensiven Prozessen. Beste Grüße, ArmeSocke |
|
10.03.2015, 21:17
| #11 |
| | PC langsam und CPU oft bei 100% Hey, ich habe mir gerade nochmal die Zeitpläne von Kaspersky angeschaut und da ist mir aufgefallen, dass ich bei der Einstellung wohl einige dumme Fehler gemacht habe. Um 19:30 startet jeden Tag die vollständige Untersuchung, um 20:00 die Schwachstellen suche und um 21:00 noch mal ein Untersuchung. Keine Ahnung wieso ich so viele Untersuchungen starte  Ich habe die Einstellungen wohl immer mal wieder geändert und die anderen Einstellungen dabei nicht bedacht.  Und meist ist mein PC genau zu dieser Zeit sehr langsam. Kann das sein? |
|
11.03.2015, 11:48
| #12 |
| /// the machine /// TB-Ausbilder | PC langsam und CPU oft bei 100% Klar kann das sein .Alle geplanten Scans raus. Chrome hat pro offenem Tab einen Prozess.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.03.2015, 16:02
| #13 |
| | PC langsam und CPU oft bei 100% Okay. Dann werde ich das mal machen und mir das mal die nächsten zwei Tage oder so anschauen, ob es das war. Und dann schreibe ich nochmal. Wie soll ich es dann mit den Scans machen? On Demand? |
|
12.03.2015, 08:55
| #14 |
| /// the machine /// TB-Ausbilder | PC langsam und CPU oft bei 100% Echtzeitschutz ist doch an, mehr braucht es nit.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.03.2015, 09:05
| #15 |
| | PC langsam und CPU oft bei 100% Ja, klar. ;-) d.h. Du würdest nur scannen, wenn dir etwas komisch vorkommt? |
|
| Themen zu PC langsam und CPU oft bei 100% |
| 100%, beste grüße, browser, cpu, defender, desktop, explorer, flash player, google, home, homepage, internet, kaspersky, langsam, mozilla, prozesse, registry, scan, security, siteadvisor, software, temp, usb, virus, windows, wlan |
Linear-Darstellung
