| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1 - Browser immer langsamer - Disconnects und stark schwankende InternetgeschwindigkeitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.08.2015, 06:59
| #1 |
| |  Windows 8.1 - Browser immer langsamer - Disconnects und stark schwankende Internetgeschwindigkeit Hallo liebe Trojaner-Board Community! Seit nun 2 Tagen ca spinnt mein PC. Mein Browser ist immer langsamer geworden bis ich überhaupt nicht mehr im Internet surfen konnte. Daraufhin habe ich in der Systemwiederherstellung eine Woche zurückgespult. Ich hatte extreme Schwankungen bei Speedtests. Manchmal ist er hängen geblieben und hat gar nicht funktioniert. Einige male hat er das erreicht für was ich zahle 125/12,5 mbit/s. Jedoch auch 125 down und 0,1 Up oder 20 down 1 up waren der Fall. Im Spiel (League of Legends) habe ich auch erst seit 2 Tagen massive Probleme mit meiner Latenz und habe ständig Disconnects. Wenn ichs neustarten will funktioniert willkürlich (manchmal gleich manchmal gar nicht). Wobei die Disconnects eigentlich fast immer wieder kommen. Mir kommt es so vor als wird der Zustand immer schlimmer und schlimmer. Die Suche mit Kasperky hat keine Ergebnisse gebracht. Adwcleaner auch keine Funde. Logfiles: Mbam Code:
ATTFilter Abgelaufene Zeit: 7 Min., 54 Sek.
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(keine bösartigen Elemente erkannt)
Module: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswerte: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Dateien: 1
PUP.Optional.Proinstall, C:\Users\Ibrahim\Downloads\GhostMouseAutoClickerSetup-37999292.exe, In Quarantäne, [e88bde263259bf77d9ba9201be43bd43],
Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
(end)
FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
durchgeführt von Ibrahim (Administrator) auf PC (04-08-2015 07:20:59)
Gestartet von C:\Users\Ibrahim\Downloads
Geladene Profile: Ibrahim & postgres (Verfügbare Profile: Ibrahim & postgres)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Entropia Tracker) C:\Users\Ibrahim\AppData\Local\Apps\2.0\X4BO9JD3.19D\AQ5EN8BO.B6O\entr..tion_67e48c3a2893e7a3_0008.0003_6433b85113fc2172\Entropia Tracker Suite.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.250\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.34\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.153\deploy\LolClient.exe
==================== Registry (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254464 2014-10-20] (Razer Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2431583191-4286240723-2257015007-1001\...\Run: [GoogleChromeAutoLaunch_A752B9523338A8D2D47F144E00B0239D] => D:\Google\Chrome\Application\chrome.exe [915784 2015-01-09] (Google Inc.)
HKU\S-1-5-21-2431583191-4286240723-2257015007-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-2431583191-4286240723-2257015007-1001\...\Run: [MurGee.com Auto Clicker] => C:\Users\Ibrahim\AppData\Roaming\Auto Clicker\AutoClicker.exe [120304 2015-03-29] (MurGee.com)
HKU\S-1-5-21-2431583191-4286240723-2257015007-1001\...\Run: [Entropia Tracker Suite] => C:\Users\Ibrahim\AppData\Local\Apps\2.0\X4BO9JD3.19D\AQ5EN8BO.B6O\entr..tion_67e48c3a2893e7a3_0008.0003_6433b85113fc2172\Entropia Tracker Suite.exe [245248 2015-06-11] (Entropia Tracker)
HKU\S-1-5-21-2431583191-4286240723-2257015007-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKU\S-1-5-21-2431583191-4286240723-2257015007-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hitech-gamer.com/
HKU\S-1-5-21-2431583191-4286240723-2257015007-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hitech-gamer.com/
URLSearchHook: [S-1-5-21-2431583191-4286240723-2257015007-1006] ACHTUNG ==> Standard URLSearchHook fehlt
SearchScopes: HKLM -> {61CFDC68-4ACC-4310-8EE4-7BF84C54BB97} URL = hxxp://www.google.com/
SearchScopes: HKLM-x32 -> {61CFDC68-4ACC-4310-8EE4-7BF84C54BB97} URL = hxxp://www.google.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2431583191-4286240723-2257015007-1001 -> DefaultScope {61CFDC68-4ACC-4310-8EE4-7BF84C54BB97} URL = hxxp://www.google.com/
SearchScopes: HKU\S-1-5-21-2431583191-4286240723-2257015007-1001 -> {61CFDC68-4ACC-4310-8EE4-7BF84C54BB97} URL = hxxp://www.google.com/
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-16] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-21] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-21] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-16] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-21] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-21] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ED5A56CF-7645-42B4-AB56-6FA3BBF58E32}: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\uj57y9ss.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: YouTube™ Flash® Player - C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\uj57y9ss.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-05-17]
FF Extension: SmartVideo For YouTube - C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\uj57y9ss.default\Extensions\mytube@ashishmishra.in.xpi [2015-02-24]
FF Extension: Adblock Plus - C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\uj57y9ss.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-15]
FF Extension: Kein Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2015-01-14]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-14]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2015-01-14]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2015-01-14]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2015-01-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-16]
Chrome:
=======
CHR Profile: C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-16]
CHR Extension: (Google Docs) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-16]
CHR Extension: (Google Drive) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
CHR Extension: (Kaspersky Protection) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-01-16]
CHR Extension: (YouTube) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
CHR Extension: (Google Search) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
CHR Extension: (Google Sheets) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-16]
CHR Extension: (AdBlock) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-16]
CHR Extension: (Virtual Keyboard) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2015-01-16]
CHR Extension: (Google Wallet) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR Extension: (Gmail) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [112640 2014-09-15] () [Datei ist nicht signiert]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [Datei ist nicht signiert]
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-10-20] (Razer Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [293088 2014-09-16] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 ArvoFltr; C:\Windows\system32\drivers\ArvoFltr.sys [15872 2009-05-06] (ROCCAT Development, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-05-28] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-08-04] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 GPU-Z; \??\C:\Users\Ibrahim\AppData\Local\Temp\GPU-Z.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-04 07:20 - 2015-08-04 07:21 - 00024067 _____ C:\Users\Ibrahim\Downloads\FRST.txt
2015-08-04 07:20 - 2015-08-04 07:21 - 00000000 ____D C:\FRST
2015-08-04 07:20 - 2015-08-04 07:20 - 02169856 _____ (Farbar) C:\Users\Ibrahim\Downloads\FRST64.exe
2015-08-04 06:21 - 2015-08-04 07:20 - 00164186 _____ C:\Users\Ibrahim\Desktop\external.txt
2015-08-04 06:19 - 2015-08-04 06:20 - 00001897 _____ C:\Users\Ibrahim\Desktop\ping.txt
2015-08-04 06:07 - 2015-08-04 06:07 - 00000364 _____ C:\Windows\PFRO.log
2015-08-04 06:07 - 2015-08-04 06:07 - 00000116 _____ C:\Windows\setupact.log
2015-08-04 06:07 - 2015-08-04 06:07 - 00000000 _____ C:\Windows\setuperr.log
2015-08-04 05:53 - 2015-08-04 05:54 - 00123310 _____ C:\Users\Ibrahim\Documents\cc_20150804_055352.reg
2015-08-04 05:52 - 2015-08-04 05:52 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-04 05:51 - 2015-08-04 05:51 - 05375464 _____ (Piriform Ltd) C:\Users\Ibrahim\Downloads\ccsetup508_slim.exe
2015-08-04 05:51 - 2015-08-04 05:51 - 00000840 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-04 05:51 - 2015-08-04 05:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-04 05:51 - 2015-08-04 05:51 - 00000000 ____D C:\Program Files\CCleaner
2015-08-04 05:40 - 2015-08-04 06:45 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-04 05:40 - 2015-08-04 05:40 - 00001124 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-04 05:40 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-04 05:40 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-04 05:40 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-04 05:36 - 2015-08-04 05:37 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ibrahim\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-04 04:07 - 2015-08-04 04:07 - 00000231 _____ C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
2015-08-04 04:06 - 2015-08-04 04:11 - 00000000 ____D C:\ProgramData\Backup
2015-08-04 04:03 - 2015-08-04 04:17 - 00000000 ____D C:\Program Files (x86)\RegInOut System Utilities
2015-08-04 04:03 - 2015-08-04 04:03 - 00000000 ____D C:\ProgramData\RegInOut
2015-08-04 03:12 - 2015-08-04 03:12 - 00001359 _____ C:\Users\Ibrahim\Desktop\JRT.txt
2015-08-04 02:57 - 2015-08-04 02:57 - 04971741 _____ (CheeseSoft Inc. ) C:\Users\Ibrahim\Downloads\RegistryEasy.exe.part
2015-08-04 02:54 - 2015-08-04 05:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-08-04 02:54 - 2015-08-04 05:40 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-08-04 02:54 - 2015-08-04 02:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-04 02:42 - 2015-08-04 02:42 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-29 22:26 - 2015-08-04 04:19 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-25 01:00 - 2015-07-25 01:00 - 00000812 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2015-07-25 00:59 - 2015-08-04 04:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-07-21 11:07 - 2015-07-14 16:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 11:07 - 2015-07-14 16:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 11:07 - 2015-07-14 16:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 11:07 - 2015-07-14 16:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 09:22 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 09:22 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 09:22 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 09:22 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 09:22 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 09:22 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 09:22 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 09:22 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 09:15 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 09:15 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 09:15 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 09:15 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 09:15 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 09:15 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 09:15 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 09:15 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 09:15 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 09:15 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 09:15 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 09:15 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 09:15 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 09:15 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 09:15 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 09:15 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 09:14 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 09:14 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 09:14 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 09:14 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 09:14 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 09:14 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 09:14 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 09:14 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 09:14 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 09:14 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 09:14 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 09:14 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 09:14 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 09:14 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 09:14 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 09:14 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 09:14 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 09:14 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 09:14 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 09:14 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 09:14 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 09:14 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 09:14 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 09:14 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-15 09:14 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-15 09:14 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-15 09:14 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-15 09:14 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-15 09:14 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-15 09:14 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-15 09:14 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-15 09:13 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 09:13 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 09:13 - 2015-06-29 17:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 09:13 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 09:13 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 09:13 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 09:13 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 09:13 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 09:13 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-15 09:13 - 2014-11-04 21:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-15 09:13 - 2014-11-04 21:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-15 09:13 - 2014-11-04 08:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-15 09:13 - 2014-11-04 08:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-15 09:13 - 2014-11-04 08:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-15 09:13 - 2014-11-04 08:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-15 09:12 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 09:12 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 09:12 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 09:12 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 09:12 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-15 09:12 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-15 09:10 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 09:10 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 09:10 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 09:10 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 09:10 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 09:10 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 09:10 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 09:10 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 09:10 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 09:10 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 09:10 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 09:10 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 09:10 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 09:10 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 09:10 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 09:10 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 09:10 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 09:10 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 09:10 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 09:10 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 09:10 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 09:10 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 09:10 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 09:10 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 09:10 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 09:10 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 09:10 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 09:10 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 09:10 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 09:10 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 09:10 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 09:10 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 09:10 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 09:02 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 09:02 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 09:02 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 09:02 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 09:02 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-15 09:02 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-15 09:02 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-15 09:02 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-15 09:02 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-15 09:01 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-15 09:01 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 09:01 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-15 09:01 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 09:01 - 2015-05-02 01:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-12 20:29 - 2015-07-12 20:29 - 00100122 _____ C:\Users\Ibrahim\Downloads\bewerbung aes.zip
2015-07-12 17:42 - 2015-07-12 17:42 - 00078356 _____ C:\Users\Ibrahim\Downloads\Bewerbung APG.zip
2015-07-12 16:56 - 2015-07-12 16:56 - 00140487 _____ C:\Users\Ibrahim\Downloads\lebenslauf(1).zip
2015-07-12 16:56 - 2015-07-12 16:56 - 00077864 _____ C:\Users\Ibrahim\Downloads\bewerbungsschreiben.zip
2015-07-12 16:53 - 2015-07-12 16:53 - 00303615 _____ C:\Users\Ibrahim\Downloads\Lebenslauf+Motivationsschreiben.zip
2015-07-10 19:28 - 2015-08-01 04:16 - 00000000 ___HD C:\$Windows.~BT
2015-07-10 15:23 - 2015-08-04 05:42 - 00000000 ____D C:\AdwCleaner
2015-07-10 15:22 - 2015-07-10 15:22 - 02248704 _____ C:\Users\Ibrahim\Downloads\adwcleaner_4.208.exe
2015-07-09 15:56 - 2015-07-09 15:56 - 00339659 _____ C:\Users\Ibrahim\Downloads\motivationsschreiben.zip
2015-07-09 15:56 - 2015-07-09 15:56 - 00140175 _____ C:\Users\Ibrahim\Downloads\Lebenslauf.zip
2015-07-09 15:42 - 2015-07-31 02:17 - 00000000 ____D C:\Users\Ibrahim\Desktop\Bewerbung
2015-07-09 14:34 - 2015-07-09 14:53 - 00000000 ____D C:\Users\Ibrahim\Desktop\Bilder
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-04 07:09 - 2015-01-14 10:33 - 01181937 _____ C:\Windows\WindowsUpdate.log
2015-08-04 07:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-04 07:08 - 2015-01-14 10:38 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2431583191-4286240723-2257015007-1001
2015-08-04 07:00 - 2015-01-16 16:55 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-04 07:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-04 06:40 - 2015-01-14 11:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-04 06:38 - 2015-01-15 11:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-04 06:20 - 2015-01-20 05:54 - 00000000 ____D C:\Users\Ibrahim\AppData\Roaming\ClassicShell
2015-08-04 06:13 - 2015-01-14 10:32 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-04 06:13 - 2013-08-23 01:24 - 00764340 _____ C:\Windows\system32\perfh007.dat
2015-08-04 06:13 - 2013-08-23 01:24 - 00159160 _____ C:\Windows\system32\perfc007.dat
2015-08-04 06:09 - 2015-01-15 11:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-04 06:07 - 2015-05-30 22:06 - 00000000 ____D C:\Users\Ibrahim\Documents\Entropia Tracker
2015-08-04 06:07 - 2015-01-16 16:55 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-04 06:07 - 2015-01-14 11:04 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-08-04 06:07 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-04 06:07 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-04 05:53 - 2015-06-19 23:45 - 00000000 ____D C:\Windows\Minidump
2015-08-04 05:53 - 2015-03-30 19:17 - 00000000 ____D C:\Users\Ibrahim\AppData\Roaming\TS3Client
2015-08-04 05:53 - 2015-01-14 10:26 - 00000000 ____D C:\Windows\Panther
2015-08-04 05:43 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-04 04:38 - 2014-05-28 17:38 - 00077680 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwfp.sys
2015-08-04 04:22 - 2015-04-05 21:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-08-04 04:22 - 2015-04-05 21:23 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-04 04:22 - 2015-03-05 00:33 - 00000000 ____D C:\Program Files\Bonjour
2015-08-04 04:22 - 2015-03-01 20:21 - 00000000 ____D C:\Users\postgres
2015-08-04 04:22 - 2015-01-19 06:58 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-04 04:22 - 2015-01-19 06:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-04 04:22 - 2015-01-14 10:33 - 00000000 ____D C:\Users\Ibrahim
2015-08-04 04:22 - 2013-08-22 17:36 - 00000000 __RSD C:\Windows\Media
2015-08-04 04:22 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-08-04 04:22 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore
2015-08-04 04:22 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\WinMetadata
2015-08-04 04:22 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-08-04 04:22 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-04 04:22 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-04 04:21 - 2015-06-12 15:01 - 00000000 ____D C:\Battle.net
2015-08-04 04:21 - 2015-03-30 14:21 - 00000000 ____D C:\Users\Ibrahim\Documents\Heroes of the Storm
2015-08-04 04:21 - 2015-03-05 00:33 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-08-04 04:21 - 2015-02-22 02:52 - 00000000 ____D C:\Program Files (x86)\KeyTweak
2015-08-04 04:21 - 2015-01-17 03:01 - 00000000 ____D C:\Users\Ibrahim\AppData\Roaming\Battle.net
2015-08-04 04:21 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\registration
2015-08-04 04:21 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-04 04:21 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\servicing
2015-08-04 04:20 - 2015-05-20 22:05 - 00000000 ____D C:\Users\Public\entropia universe
2015-08-04 04:20 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppCompat
2015-08-04 04:20 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\Sysprep
2015-08-04 01:27 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-03 21:53 - 2015-01-17 03:01 - 00000000 ____D C:\Users\Ibrahim\AppData\Local\Battle.net
2015-07-29 07:22 - 2015-05-20 22:29 - 00000000 ____D C:\Users\Ibrahim\Documents\Entropia Universe
2015-07-28 10:11 - 2015-01-14 10:44 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{287458AA-0860-45B1-9622-78AAFF9A2964}
2015-07-21 14:28 - 2013-08-22 16:44 - 00338016 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 14:28 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI(284)
2015-07-16 01:38 - 2015-01-15 11:02 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 14:38 - 2015-01-16 18:05 - 00000000 ____D C:\Windows\system32\MRT
2015-07-13 23:10 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 15:34 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI(265)
2015-07-09 11:00 - 2015-05-17 19:48 - 00000000 ____D C:\ProgramData\Riot Games
2015-07-07 18:10 - 2015-02-15 15:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-07 18:10 - 2015-02-15 15:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-07 14:16 - 2015-05-20 22:29 - 00000000 ____D C:\Program Files (x86)\Entropia Universe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-05-04 17:54 - 2015-05-04 22:54 - 0000000 _____ () C:\Users\Ibrahim\AppData\Roaming\ADF8F0174DAB4265999B9336FFF72A2D.dat
2015-01-14 15:04 - 2015-01-14 15:04 - 1065984 _____ () C:\Users\Ibrahim\AppData\Local\file__0.localstorage
2015-01-14 10:47 - 2015-01-14 10:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-04 04:07 - 2015-08-04 04:07 - 0000231 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
==================== Bamital & volsnap Check =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-07-27 20:23
==================== Ende von log ============================
Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
durchgeführt von Ibrahim (2015-08-04 07:21:20)
Gestartet von C:\Users\Ibrahim\Downloads
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2431583191-4286240723-2257015007-500 - Administrator - Disabled)
Gast (S-1-5-21-2431583191-4286240723-2257015007-501 - Limited - Disabled)
Ibrahim (S-1-5-21-2431583191-4286240723-2257015007-1001 - Administrator - Enabled) => C:\Users\Ibrahim
postgres (S-1-5-21-2431583191-4286240723-2257015007-1006 - Limited - Enabled) => C:\Users\postgres
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auto Clicker v1.9 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 1.9 - MurGee.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Entropia Tracker Suite (HKU\S-1-5-21-2431583191-4286240723-2257015007-1001\...\cc766f23e758523a) (Version: 8.3.3.22 - Entropia Tracker)
Entropia Universe (HKLM-x32\...\Entropia Universe) (Version: 15.2.3.128490 - MindArk PE AB)
Free YouTube Download version 3.2.55.301 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.55.301 - DVDVideoSoft Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
PTFB Pro 4.7.1.1 (HKLM-x32\...\AFE37E47-37E7-435a-A665-729806B98AEF_is1) (Version: - Technology Lighthouse)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
15-07-2015 14:36:13 Windows Update
21-07-2015 11:23:05 Windows Update
28-07-2015 10:47:23 Windows Update
04-08-2015 00:39:42 Wiederherstellungsvorgang
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {18650692-2B05-4B92-B983-3902443F3361} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {36904DB1-76F2-4E13-8427-048DF4FD9C07} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {52135AC7-59B3-4E6D-B713-8A42CD9A1018} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {6A915F64-9C75-4993-95F8-A906049C1DF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C35346CA-8361-460C-BFBC-40929D6A0DC1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {C8075971-6AB5-4AA4-8330-20600F14B1AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-09-15 19:13 - 2014-09-15 19:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-09-15 19:09 - 2014-09-15 19:09 - 00112640 _____ () C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-15 19:13 - 2014-09-15 19:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-01-21 16:54 - 2015-05-17 19:48 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2015-07-22 13:39 - 2015-07-22 13:39 - 02354168 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.250\deploy\LoLLauncher.exe
2015-07-22 13:39 - 2015-07-22 13:39 - 03985912 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.34\deploy\LoLPatcher.exe
2015-08-04 04:48 - 2015-08-04 04:48 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.153\deploy\LolClient.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2015-03-01 20:20 - 2014-02-18 10:11 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2015-03-01 20:20 - 2012-08-14 15:19 - 00999424 _____ () c:\postgreSQL\bin\libxml2.dll
2015-07-22 13:39 - 2015-07-22 13:39 - 01715704 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.34\deploy\RiotLauncher.dll
2015-08-04 04:48 - 2015-08-04 04:48 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.153\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer trusted/restricted ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2431583191-4286240723-2257015007-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run32: => "RzWizard"
HKU\S-1-5-21-2431583191-4286240723-2257015007-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2431583191-4286240723-2257015007-1001\...\StartupApproved\Run: => "Skype"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9752E280-EC17-4D05-8B28-A030A935FD8F}] => (Allow) D:\Battle.net\Hearthstone\Hearthstone.exe
FirewallRules: [{7AF3E587-2BEF-4DC2-A8AA-57210F81D887}] => (Allow) D:\Battle.net\Hearthstone\Hearthstone.exe
FirewallRules: [{DA48935F-5982-4967-BBE0-6A9B6B28895C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{53089BC9-D75A-4613-9CFB-5F6B059E3436}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{424E5C42-0886-496E-BA61-E34EACAC8567}] => (Allow) LPort=5432
FirewallRules: [{B75564FB-EAB5-44D1-9D83-90259BEF7D0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B7409DBD-6716-4B4C-B299-BA80C085A1D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{85D9C3E6-8532-4254-8762-9E96A6FAF518}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{68E053C5-08E5-486B-88EA-B4B2D55350A7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{48C2B7D0-6434-488B-AC79-3CD9143570B5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6B3306EC-849F-4184-A3E9-1A325FDCE7C5}] => (Allow) C:\Battle.net\Battle.net.exe
FirewallRules: [{A989A1C1-C0EA-45F8-A016-F615D572BA2E}] => (Allow) C:\Battle.net\Battle.net.exe
FirewallRules: [{EFF5D401-4E07-4E68-962F-C5E2D7BA4912}] => (Allow) C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.153\deploy
FirewallRules: [{684EABD3-5D12-4B86-8BAE-EB12566AC9D1}] => (Allow) C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.250\deploy
FirewallRules: [{9ABDAE83-3E21-48BD-800F-CA788B3C82AF}] => (Allow) C:\Riot Games\League of Legends
FirewallRules: [{5F59DEE7-217A-4BD6-BA5E-D66235AC02A6}] => (Allow) C:\Riot Games\League of Legends\RADS\system
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: High Definition Audio Bus
Description: High Definition Audio Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD
Service: HDAudBus
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/04/2015 07:08:37 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Wiederherstellung" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (08/04/2015 06:20:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsMpEng.exe, Version: 4.7.205.0, Zeitstempel: 0x54cb5aeb
Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.9700.0, Zeitstempel: 0x51d28fcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000005615b7
ID des fehlerhaften Prozesses: 0x1e38
Startzeit der fehlerhaften Anwendung: 0xMsMpEng.exe0
Pfad der fehlerhaften Anwendung: MsMpEng.exe1
Pfad des fehlerhaften Moduls: MsMpEng.exe2
Berichtskennung: MsMpEng.exe3
Vollständiger Name des fehlerhaften Pakets: MsMpEng.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MsMpEng.exe5
Error: (08/04/2015 06:09:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "39.0.2171.99,language="*",type="win32",version="39.0.2171.99"1".
Die abhängige Assemblierung "39.0.2171.99,language="*",type="win32",version="39.0.2171.99"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/04/2015 06:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsMpEng.exe, Version: 4.7.205.0, Zeitstempel: 0x54cb5aeb
Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.9700.0, Zeitstempel: 0x51d28fcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000005615b7
ID des fehlerhaften Prozesses: 0x1e3c
Startzeit der fehlerhaften Anwendung: 0xMsMpEng.exe0
Pfad der fehlerhaften Anwendung: MsMpEng.exe1
Pfad des fehlerhaften Moduls: MsMpEng.exe2
Berichtskennung: MsMpEng.exe3
Vollständiger Name des fehlerhaften Pakets: MsMpEng.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MsMpEng.exe5
Error: (08/04/2015 06:08:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17924, Zeitstempel: 0x55959290
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0x1854
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5
Error: (08/04/2015 06:07:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsMpEng.exe, Version: 4.7.205.0, Zeitstempel: 0x54cb5aeb
Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.9700.0, Zeitstempel: 0x51d28fcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000005615b7
ID des fehlerhaften Prozesses: 0xafc
Startzeit der fehlerhaften Anwendung: 0xMsMpEng.exe0
Pfad der fehlerhaften Anwendung: MsMpEng.exe1
Pfad des fehlerhaften Moduls: MsMpEng.exe2
Berichtskennung: MsMpEng.exe3
Vollständiger Name des fehlerhaften Pakets: MsMpEng.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MsMpEng.exe5
Error: (08/04/2015 06:07:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "39.0.2171.99,language="*",type="win32",version="39.0.2171.99"1".
Die abhängige Assemblierung "39.0.2171.99,language="*",type="win32",version="39.0.2171.99"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/04/2015 06:07:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "39.0.2171.99,language="*",type="win32",version="39.0.2171.99"1".
Die abhängige Assemblierung "39.0.2171.99,language="*",type="win32",version="39.0.2171.99"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/04/2015 06:07:34 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-08-04 06:07:34 CESTFATAL: the database system is starting up
Error: (08/04/2015 05:57:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsMpEng.exe, Version: 4.7.205.0, Zeitstempel: 0x54cb5aeb
Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.9700.0, Zeitstempel: 0x51d28fcb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000005615b7
ID des fehlerhaften Prozesses: 0x10f4
Startzeit der fehlerhaften Anwendung: 0xMsMpEng.exe0
Pfad der fehlerhaften Anwendung: MsMpEng.exe1
Pfad des fehlerhaften Moduls: MsMpEng.exe2
Berichtskennung: MsMpEng.exe3
Vollständiger Name des fehlerhaften Pakets: MsMpEng.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MsMpEng.exe5
Systemfehler:
=============
Error: (08/04/2015 07:09:19 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (08/04/2015 07:08:49 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (08/04/2015 07:08:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070057 fehlgeschlagen: Microsoft.Reader
Error: (08/04/2015 06:20:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Defender-Dienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (08/04/2015 06:09:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/04/2015 06:07:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/04/2015 06:07:25 AM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x12
Error: (08/04/2015 05:57:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Defender-Dienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (08/04/2015 05:56:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/04/2015 05:45:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (08/04/2015 07:08:37 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WiederherstellungFalscher Parameter. (0x80070057)
Error: (08/04/2015 06:20:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.9700.051d28fcbc000000500000000005615b71e3801d0ce6b71136befC:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll160ee42d-3a60-11e5-82a3-d8cb8a158164
Error: (08/04/2015 06:09:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 39.0.2171.99,language="*",type="win32",version="39.0.2171.99"D:\Google\Chrome\Application\chrome.exe
Error: (08/04/2015 06:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.9700.051d28fcbc000000500000000005615b71e3c01d0ce6b44167f0fC:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll8aee093c-3a5e-11e5-82a3-d8cb8a158164
Error: (08/04/2015 06:08:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792455959290ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e185401d0ce6b28c882b2C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll69ec098a-3a5e-11e5-82a3-d8cb8a158164
Error: (08/04/2015 06:07:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.9700.051d28fcbc000000500000000005615b7afc01d0ce6b16f2ef4fC:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll5df0e526-3a5e-11e5-82a3-d8cb8a158164
Error: (08/04/2015 06:07:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 39.0.2171.99,language="*",type="win32",version="39.0.2171.99"D:\Google\Chrome\Application\chrome.exe
Error: (08/04/2015 06:07:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 39.0.2171.99,language="*",type="win32",version="39.0.2171.99"D:\Google\Chrome\Application\chrome.exe
Error: (08/04/2015 06:07:34 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-08-04 06:07:34 CESTFATAL: the database system is starting up
Error: (08/04/2015 05:57:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.9700.051d28fcbc000000500000000005615b710f401d0ce69a3a932f8C:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dllfb398773-3a5c-11e5-82a2-d8cb8a158164
==================== Speicherinformationen ===========================
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 20%
Total physical RAM: 16347.95 MB
Available physical RAM: 13034.49 MB
Total Virtual: 18779.95 MB
Available Virtual: 14833.78 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:111.27 GB) (Free:43.64 GB) NTFS
Drive d: (Daten) (Fixed) (Total:929.37 GB) (Free:891.62 GB) NTFS
Drive e: (HI-TECH Treiber) (Fixed) (Total:2.02 GB) (Free:1.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== Ende von log ============================
Vielen Dank das ich euch die Zeit nimmt! |
|
04.08.2015, 07:58
| #2 |
| | Windows 8.1 - Browser immer langsamer - Disconnects und stark schwankende Internetgeschwindigkeit Gmer:
__________________Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-04 07:32:17
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 Crucial_CT120M500SSD1 rev.MU05 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Ibrahim\AppData\Local\Temp\pgldapow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000213600 15 bytes [00, 96, F2, 01, 00, 6A, 6C, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff96000213610 11 bytes [00, D7, FB, FF, 00, 7B, D1, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffcb4fc4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffcb4fc4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffcb4fc5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffcb4fc53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffcb4fc579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffcb4fc5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffcb4fc5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffcb4fc5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ffcb4fc60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ffcb4fc64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ffcb4fc6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ffcb4fc66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ffcb4fc8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ffcb4fc8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ffcb4fc8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ffcb4fc8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ffcb4fc90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ffcb4fc917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ffcb4fc9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ffcb4fc9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ffcb4fcaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ffcb4fcab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ffcb4fcb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ffcb4fcb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ffcb4fcc4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ffcb4fcc5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ffcb4fcd0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffcb4fcd10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ffcb4fcd57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffcb4fcd6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ffcb4fcd888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ffcb4fcd944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ffcb4fcdba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ffcb4fcdd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ffcb4fce073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ffcb4fce124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ffcb4fce160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ffcb4fceb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ffcb4fcfe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ffcb4fd009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ffcb4fd015b 8 bytes [70, 6C, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ffcb4fd1438 8 bytes [40, 6C, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ffcb4fd15e6 8 bytes [30, 6C, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ffcb4fd1877 8 bytes [20, 6C, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ffcb4fd1a2d 8 bytes [10, 6C, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ffcb4fd1c35 8 bytes [00, 6C, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffcb5041290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffcb5041410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffcb5041440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffcb5041560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffcb5041610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffcb5041cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffcb5041fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffcb5042850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776913f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077691583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077691621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077691674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776916e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077691727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776925d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077692714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077692961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[6208] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077692bd3 8 bytes [DC, 6A, 68, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffcb4fc4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffcb4fc4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffcb4fc5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffcb4fc53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffcb4fc579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffcb4fc5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffcb4fc5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffcb4fc5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ffcb4fc60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ffcb4fc64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ffcb4fc6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ffcb4fc66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ffcb4fc8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ffcb4fc8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ffcb4fc8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ffcb4fc8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ffcb4fc90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ffcb4fc917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ffcb4fc9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ffcb4fc9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ffcb4fcaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ffcb4fcab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ffcb4fcb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ffcb4fcb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ffcb4fcc4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ffcb4fcc5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ffcb4fcd0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffcb4fcd10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ffcb4fcd57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffcb4fcd6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ffcb4fcd888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ffcb4fcd944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ffcb4fcdba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ffcb4fcdd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ffcb4fce073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ffcb4fce124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ffcb4fce160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ffcb4fceb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ffcb4fcfe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ffcb4fd009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ffcb4fd015b 8 bytes [70, 6C, B5, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ffcb4fd1438 8 bytes [40, 6C, B5, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ffcb4fd15e6 8 bytes [30, 6C, B5, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ffcb4fd1877 8 bytes [20, 6C, B5, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ffcb4fd1a2d 8 bytes [10, 6C, B5, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ffcb4fd1c35 8 bytes [00, 6C, B5, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffcb5041290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffcb5041410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffcb5041440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffcb5041560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffcb5041610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffcb5041cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffcb5041fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffcb5042850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776913f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077691583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077691621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077691674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776916e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077691727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776925d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077692714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077692961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[7712] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077692bd3 8 bytes [DC, 6A, B5, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffcb4fc4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffcb4fc4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffcb4fc5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffcb4fc53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffcb4fc579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffcb4fc5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffcb4fc5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffcb4fc5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ffcb4fc60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ffcb4fc64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ffcb4fc6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ffcb4fc66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ffcb4fc8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ffcb4fc8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ffcb4fc8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ffcb4fc8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ffcb4fc90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ffcb4fc917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ffcb4fc9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ffcb4fc9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ffcb4fcaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ffcb4fcab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ffcb4fcb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ffcb4fcb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ffcb4fcc4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ffcb4fcc5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ffcb4fcd0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffcb4fcd10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ffcb4fcd57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffcb4fcd6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ffcb4fcd888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ffcb4fcd944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ffcb4fcdba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ffcb4fcdd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ffcb4fce073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ffcb4fce124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ffcb4fce160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ffcb4fceb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ffcb4fcfe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ffcb4fd009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ffcb4fd015b 8 bytes [70, 6C, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ffcb4fd1438 8 bytes [40, 6C, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ffcb4fd15e6 8 bytes [30, 6C, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ffcb4fd1877 8 bytes [20, 6C, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ffcb4fd1a2d 8 bytes [10, 6C, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ffcb4fd1c35 8 bytes [00, 6C, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffcb5041290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffcb5041410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffcb5041440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffcb5041560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffcb5041610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffcb5041cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffcb5041fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffcb5042850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776913f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077691583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077691621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077691674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776916e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077691727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776925d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077692714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077692961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8000] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077692bd3 8 bytes [DC, 6A, 44, FF, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffcb4fc4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffcb4fc4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffcb4fc5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffcb4fc53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffcb4fc579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffcb4fc5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffcb4fc5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffcb4fc5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ffcb4fc60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ffcb4fc64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ffcb4fc6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ffcb4fc66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ffcb4fc8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ffcb4fc8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ffcb4fc8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ffcb4fc8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ffcb4fc90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ffcb4fc917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ffcb4fc9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ffcb4fc9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ffcb4fcaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ffcb4fcab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ffcb4fcb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ffcb4fcb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ffcb4fcc4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ffcb4fcc5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ffcb4fcd0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffcb4fcd10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ffcb4fcd57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffcb4fcd6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ffcb4fcd888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ffcb4fcd944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ffcb4fcdba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ffcb4fcdd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ffcb4fce073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ffcb4fce124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ffcb4fce160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ffcb4fceb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ffcb4fcfe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ffcb4fd009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ffcb4fd015b 8 bytes [70, 6C, 56, FE, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ffcb4fd1438 8 bytes [40, 6C, 56, FE, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ffcb4fd15e6 8 bytes [30, 6C, 56, FE, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ffcb4fd1877 8 bytes [20, 6C, 56, FE, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ffcb4fd1a2d 8 bytes [10, 6C, 56, FE, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ffcb4fd1c35 8 bytes [00, 6C, 56, FE, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffcb5041290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffcb5041410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffcb5041440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffcb5041560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffcb5041610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffcb5041cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffcb5041fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffcb5042850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776913f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077691583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077691621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077691674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776916e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077691727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776925d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077692714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077692961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[8120] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077692bd3 8 bytes [DC, 6A, 56, FE, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffcb4fc4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffcb4fc4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffcb4fc5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffcb4fc53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffcb4fc579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffcb4fc5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffcb4fc5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ffcb4fc5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ffcb4fc60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ffcb4fc64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ffcb4fc6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ffcb4fc66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ffcb4fc8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ffcb4fc8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ffcb4fc8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ffcb4fc8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ffcb4fc90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ffcb4fc917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ffcb4fc9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ffcb4fc9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ffcb4fcaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ffcb4fcab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ffcb4fcb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ffcb4fcb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ffcb4fcc4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ffcb4fcc5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ffcb4fcd0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffcb4fcd10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ffcb4fcd57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffcb4fcd6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ffcb4fcd888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ffcb4fcd944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ffcb4fcdba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ffcb4fcdd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ffcb4fce073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ffcb4fce124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ffcb4fce160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ffcb4fceb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ffcb4fcfe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ffcb4fd009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ffcb4fd015b 8 bytes [70, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ffcb4fd1438 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ffcb4fd15e6 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ffcb4fd1877 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ffcb4fd1a2d 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ffcb4fd1c35 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffcb5041290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffcb5041410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffcb5041440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffcb5041560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffcb5041610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffcb5041cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffcb5041fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffcb5042850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776913f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077691583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077691621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077691674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776916e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077691727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776925d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077692714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077692961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Ibrahim\Downloads\Gmer-19357.exe[6660] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077692bd3 8 bytes [DC, 6A, F8, 7F, 00, 00, 00, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [704:7472] fffff960008642d0
Thread C:\Windows\system32\csrss.exe [704:8104] fffff960008642d0
---- EOF - GMER 2.1 ----
wenn ich jetzt suche habe ich keine Funde. Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 10/07/2015 um 15:23:18
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-10.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Ibrahim - PC
# Gestarted von : C:\Users\Ibrahim\Downloads\adwcleaner_4.208.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\uj57y9ss.default\user.js
Ordner Gefunden : C:\Users\Ibrahim\AppData\Roaming\RHEng
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v39.0 (x86 de)
-\\ Google Chrome v39.0.2171.99
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB19A5DA2-93CE-4F7F-9155-BCB5F2F9D10A&q={searchTerms}&SSPV=
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB19A5DA2-93CE-4F7F-9155-BCB5F2F9D10A&q={searchTerms}&SSPV=
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10263&locale=de_AT&apn_uid=70bc7904-fb3b-4000-8e6d-003b808e46ef&apn_ptnrs=%5EAGU&apn_sauid=F5DBEF0E-9B90-4600-826F-3E5D7B6E3040&apn_dtid=%5EYYYYYY%5EYY%5EAT&q={searchTerms}
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110823&tt=3612_7&babsrc=SP_ss&mntrId=bc6b19f8000000000000001e8c9f56a0
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Homepage] : hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPB19A5DA2-93CE-4F7F-9155-BCB5F2F9D10A&SSPV=
[C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPB19A5DA2-93CE-4F7F-9155-BCB5F2F9D10A&SSPV=
*************************
AdwCleaner[R0].txt - [3736 Bytes] - [10/07/2015 15:23:18]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3795 Bytes] ##########
|
|
04.08.2015, 08:04
| #3 |
| /// the machine /// TB-Ausbilder    | Windows 8.1 - Browser immer langsamer - Disconnects und stark schwankende Internetgeschwindigkeit hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
04.08.2015, 10:34
| #4 |
| | Windows 8.1 - Browser immer langsamer - Disconnects und stark schwankende Internetgeschwindigkeit Hi bin dabei! Eset Scan ist auch schon fertig hier der Log. Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Users\Ibrahim\AppData\Roaming\RHEng\CE02FEA7646642D38936CB27088E2B00\WWE_1.2.0.53.exe.vir Win32/Wajam.K evtl. unerwünschte Anwendung
C:\Users\Ibrahim\Downloads\KeyTweak - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
C:\Users\Ibrahim\Downloads\RegistryEasy.exe.part Variante von Win32/Adware.RegistryEasy Anwendung
C:\Users\Ibrahim\Downloads\wz190gev-64.msi Variante von Win32/Systweak.L evtl. unerwünschte Anwendung
C:\Windows\Installer\14561f38.msi Variante von Win32/Systweak.L evtl. unerwünschte Anwendung
Code:
ATTFilter 09:27:16.0945 0x0c84 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
09:27:16.0945 0x0c84 UEFI system
09:27:33.0413 0x0c84 ============================================================
09:27:33.0414 0x0c84 Current date / time: 2015/08/04 09:27:33.0413
09:27:33.0414 0x0c84 SystemInfo:
09:27:33.0414 0x0c84
09:27:33.0414 0x0c84 OS Version: 6.3.9600 ServicePack: 0.0
09:27:33.0414 0x0c84 Product type: Workstation
09:27:33.0414 0x0c84 ComputerName: PC
09:27:33.0414 0x0c84 UserName: Ibrahim
09:27:33.0414 0x0c84 Windows directory: C:\Windows
09:27:33.0414 0x0c84 System windows directory: C:\Windows
09:27:33.0414 0x0c84 Running under WOW64
09:27:33.0414 0x0c84 Processor architecture: Intel x64
09:27:33.0414 0x0c84 Number of processors: 6
09:27:33.0414 0x0c84 Page size: 0x1000
09:27:33.0414 0x0c84 Boot type: Normal boot
09:27:33.0414 0x0c84 ============================================================
09:27:33.0611 0x0c84 KLMD registered as C:\Windows\system32\drivers\92547745.sys
09:27:33.0752 0x0c84 System UUID: {059D065D-B994-D122-F25C-51CF06CAF7D4}
09:27:34.0288 0x0c84 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:27:34.0288 0x0c84 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:27:34.0293 0x0c84 ============================================================
09:27:34.0293 0x0c84 \Device\Harddisk0\DR0:
09:27:34.0293 0x0c84 GPT partitions:
09:27:34.0294 0x0c84 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {62629690-986A-48F7-A960-14B4DD4AC0F1}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
09:27:34.0294 0x0c84 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {0F817CFB-6F26-4A58-94B0-4A64C42D337D}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x31800
09:27:34.0294 0x0c84 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C82E861B-082F-4E4C-BC42-091CC31C00F1}, Name: Microsoft reserved partition, StartLBA 0xC8000, BlocksNum 0x40000
09:27:34.0294 0x0c84 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A0BE0C06-5DB2-4023-BFBD-CFB37408D753}, Name: Basic data partition, StartLBA 0x108000, BlocksNum 0xDE8C000
09:27:34.0294 0x0c84 MBR partitions:
09:27:34.0294 0x0c84 \Device\Harddisk1\DR1:
09:27:34.0294 0x0c84 GPT partitions:
09:27:34.0294 0x0c84 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {09500D3E-6569-458B-AF1E-943AA41A76C3}, Name: Microsoft reserved partition, StartLBA 0x800, BlocksNum 0x40000
09:27:34.0294 0x0c84 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8DDB3EEC-A635-4CEC-9A2B-ACA1C1877352}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x742BB800
09:27:34.0294 0x0c84 \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {449E58C9-4783-4200-AF43-1420A08D1F2D}, Name: Basic data partition, StartLBA 0x742FC000, BlocksNum 0x40A800
09:27:34.0294 0x0c84 MBR partitions:
09:27:34.0294 0x0c84 ============================================================
09:27:34.0296 0x0c84 C: <-> \Device\Harddisk0\DR0\Partition4
09:27:34.0337 0x0c84 E: <-> \Device\Harddisk1\DR1\Partition3
09:27:34.0389 0x0c84 D: <-> \Device\Harddisk1\DR1\Partition2
09:27:34.0389 0x0c84 ============================================================
09:27:34.0389 0x0c84 Initialize success
09:27:34.0389 0x0c84 ============================================================
09:27:55.0924 0x06fc ============================================================
09:27:55.0924 0x06fc Scan started
09:27:55.0924 0x06fc Mode: Manual; SigCheck; TDLFS;
09:27:55.0924 0x06fc ============================================================
09:27:55.0924 0x06fc KSN ping started
09:28:18.0389 0x06fc KSN ping finished: true
09:28:20.0648 0x06fc ================ Scan system memory ========================
09:28:20.0648 0x06fc System memory - ok
09:28:20.0648 0x06fc ================ Scan services =============================
09:28:20.0706 0x06fc [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
09:28:20.0768 0x06fc 1394ohci - ok
09:28:20.0778 0x06fc [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys
09:28:20.0790 0x06fc 3ware - ok
09:28:20.0808 0x06fc [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:28:20.0830 0x06fc ACPI - ok
09:28:20.0837 0x06fc [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
09:28:20.0848 0x06fc acpiex - ok
09:28:20.0853 0x06fc [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
09:28:20.0863 0x06fc acpipagr - ok
09:28:20.0868 0x06fc [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
09:28:20.0880 0x06fc AcpiPmi - ok
09:28:20.0884 0x06fc [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys
09:28:20.0897 0x06fc acpitime - ok
09:28:20.0902 0x06fc [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:28:20.0912 0x06fc AdobeARMservice - ok
09:28:20.0949 0x06fc [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:28:20.0960 0x06fc AdobeFlashPlayerUpdateSvc - ok
09:28:20.0981 0x06fc [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
09:28:21.0007 0x06fc ADP80XX - ok
09:28:21.0018 0x06fc [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:28:21.0035 0x06fc AeLookupSvc - ok
09:28:21.0050 0x06fc [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\Windows\system32\drivers\afd.sys
09:28:21.0072 0x06fc AFD - ok
09:28:21.0079 0x06fc [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:28:21.0089 0x06fc agp440 - ok
09:28:21.0095 0x06fc [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
09:28:21.0107 0x06fc ahcache - ok
09:28:21.0113 0x06fc [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\Windows\System32\alg.exe
09:28:21.0126 0x06fc ALG - ok
09:28:21.0135 0x06fc [ F17B1902DFCED1C24DB57492A7896FF8, 966AB1A072A8AF98D7EDD2A388D919B50FC41A06E1C51B04B2C2F54F1BA7F0D5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:28:21.0157 0x06fc AMD External Events Utility - ok
09:28:21.0160 0x06fc AMD FUEL Service - ok
09:28:21.0169 0x06fc [ 6190A6BBDCE4BEB0E2B3943862C64842, C84765DDECFF03E59D1AA672E1936031C3E3375284D52875341DF6C414AA6383 ] amdacpksd C:\Windows\system32\drivers\amdacpksd.sys
09:28:21.0190 0x06fc amdacpksd - ok
09:28:21.0196 0x06fc [ CFD407510AD5E14B8F9EE617FCDF0214, D1A9B17B0393A33E96ACE7EF65160C6A9833838681F68450987158CCEA33B050 ] amdacpusrsvc C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
09:28:21.0203 0x06fc amdacpusrsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:28:24.0787 0x06fc Detect skipped due to KSN trusted
09:28:24.0787 0x06fc amdacpusrsvc - ok
09:28:24.0794 0x06fc [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
09:28:24.0806 0x06fc AmdK8 - ok
09:28:24.0811 0x06fc [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd C:\Windows\system32\drivers\amdkmafd.sys
09:28:24.0819 0x06fc amdkmafd - ok
09:28:25.0136 0x06fc [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:28:25.0457 0x06fc amdkmdag - ok
09:28:25.0502 0x06fc [ AF6B384E03D15471EDCEDDDEBAA363B2, 2D8CFA26D69A8FF0FAC6EBA2E5A62977B21ECBA0C65458072FEC4A886B3EDD73 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:28:25.0526 0x06fc amdkmdap - ok
09:28:25.0533 0x06fc [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
09:28:25.0546 0x06fc AmdPPM - ok
09:28:25.0552 0x06fc [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:28:25.0562 0x06fc amdsata - ok
09:28:25.0570 0x06fc [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:28:25.0585 0x06fc amdsbs - ok
09:28:25.0589 0x06fc [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:28:25.0599 0x06fc amdxata - ok
09:28:25.0603 0x06fc [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
09:28:25.0610 0x06fc AODDriver4.3 - ok
09:28:25.0616 0x06fc [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\Windows\system32\drivers\appid.sys
09:28:25.0628 0x06fc AppID - ok
09:28:25.0632 0x06fc [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:28:25.0644 0x06fc AppIDSvc - ok
09:28:25.0650 0x06fc [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\Windows\System32\appinfo.dll
09:28:25.0663 0x06fc Appinfo - ok
09:28:25.0669 0x06fc [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:28:25.0676 0x06fc Apple Mobile Device Service - ok
09:28:25.0691 0x06fc [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\Windows\system32\AppReadiness.dll
09:28:25.0713 0x06fc AppReadiness - ok
09:28:25.0743 0x06fc [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
09:28:25.0780 0x06fc AppXSvc - ok
09:28:25.0788 0x06fc [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:28:25.0799 0x06fc arcsas - ok
09:28:25.0803 0x06fc [ 6053C47F327C78F7176D2797BBFA8348, B388A427E61D1738FDED108F4AA7B23363DF59EA19442420CC5988C8FA75560A ] ArvoFltr C:\Windows\system32\drivers\ArvoFltr.sys
09:28:25.0813 0x06fc ArvoFltr - ok
09:28:25.0817 0x06fc [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys
09:28:25.0826 0x06fc atapi - ok
09:28:25.0835 0x06fc [ 8523AA8BD207F937E8C047F8713D4788, EB131C38F51DEDCE2445648CAAE7B7F04F0009EB823A77D1D08B2E9CA8EC9B7D ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWB6.sys
09:28:25.0850 0x06fc AtiHDAudioService - ok
09:28:25.0858 0x06fc [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
09:28:25.0874 0x06fc AudioEndpointBuilder - ok
09:28:25.0894 0x06fc [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:28:25.0923 0x06fc Audiosrv - ok
09:28:25.0936 0x06fc [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
09:28:25.0948 0x06fc AVP - ok
09:28:25.0954 0x06fc [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:28:25.0967 0x06fc AxInstSV - ok
09:28:25.0980 0x06fc [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:28:26.0001 0x06fc b06bdrv - ok
09:28:26.0007 0x06fc [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
09:28:26.0019 0x06fc BasicDisplay - ok
09:28:26.0024 0x06fc [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
09:28:26.0035 0x06fc BasicRender - ok
09:28:26.0040 0x06fc [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
09:28:26.0048 0x06fc bcmfn2 - ok
09:28:26.0057 0x06fc [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\Windows\System32\bdesvc.dll
09:28:26.0076 0x06fc BDESVC - ok
09:28:26.0081 0x06fc [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys
09:28:26.0091 0x06fc Beep - ok
09:28:26.0111 0x06fc [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\Windows\System32\bfe.dll
09:28:26.0139 0x06fc BFE - ok
09:28:26.0163 0x06fc [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\Windows\System32\qmgr.dll
09:28:26.0193 0x06fc BITS - ok
09:28:26.0206 0x06fc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:28:26.0221 0x06fc Bonjour Service - ok
09:28:26.0227 0x06fc [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:28:26.0239 0x06fc bowser - ok
09:28:26.0247 0x06fc [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
09:28:26.0264 0x06fc BrokerInfrastructure - ok
09:28:26.0271 0x06fc [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\Windows\System32\browser.dll
09:28:26.0284 0x06fc Browser - ok
09:28:26.0289 0x06fc [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
09:28:26.0301 0x06fc BthAvrcpTg - ok
09:28:26.0306 0x06fc [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
09:28:26.0318 0x06fc BthHFEnum - ok
09:28:26.0323 0x06fc [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
09:28:26.0336 0x06fc bthhfhid - ok
09:28:26.0347 0x06fc [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
09:28:26.0365 0x06fc BthHFSrv - ok
09:28:26.0371 0x06fc [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
09:28:26.0384 0x06fc BTHMODEM - ok
09:28:26.0391 0x06fc [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\Windows\system32\bthserv.dll
09:28:26.0403 0x06fc bthserv - ok
09:28:26.0432 0x06fc [ FECA9F830A5C6BAB9978E6781A26AE2B, CA1681A2F4FA849815B8E823805E078DB9C050CEE86E9E394B2A37B57CC474A6 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
09:28:26.0467 0x06fc c2cautoupdatesvc - ok
09:28:26.0504 0x06fc [ 5B33709F7FE59BB625F113EED86AFC5C, 8D29FE242D55526FDEB2CB4009B5DE19C93972E872BE6328AD3305E360A3D44B ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
09:28:26.0546 0x06fc c2cpnrsvc - ok
09:28:26.0554 0x06fc [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:28:26.0567 0x06fc cdfs - ok
09:28:26.0576 0x06fc [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys
09:28:26.0589 0x06fc cdrom - ok
09:28:26.0597 0x06fc [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\Windows\System32\certprop.dll
09:28:26.0612 0x06fc CertPropSvc - ok
09:28:26.0617 0x06fc [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys
09:28:26.0629 0x06fc circlass - ok
09:28:26.0640 0x06fc [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\Windows\system32\drivers\CLFS.sys
09:28:26.0658 0x06fc CLFS - ok
09:28:26.0669 0x06fc [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
09:28:26.0680 0x06fc CmBatt - ok
09:28:26.0694 0x06fc [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\Windows\system32\Drivers\cng.sys
09:28:26.0717 0x06fc CNG - ok
09:28:26.0723 0x06fc [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
09:28:26.0735 0x06fc CompositeBus - ok
09:28:26.0739 0x06fc COMSysApp - ok
09:28:26.0744 0x06fc [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys
09:28:26.0757 0x06fc condrv - ok
09:28:26.0765 0x06fc [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:28:26.0779 0x06fc CryptSvc - ok
09:28:26.0784 0x06fc [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\Windows\system32\drivers\dam.sys
09:28:26.0794 0x06fc dam - ok
09:28:26.0816 0x06fc [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:28:26.0843 0x06fc DcomLaunch - ok
09:28:26.0858 0x06fc [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\Windows\System32\defragsvc.dll
09:28:26.0879 0x06fc defragsvc - ok
09:28:26.0892 0x06fc [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
09:28:26.0911 0x06fc DeviceAssociationService - ok
09:28:26.0918 0x06fc [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
09:28:26.0933 0x06fc DeviceInstall - ok
09:28:26.0944 0x06fc [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
09:28:26.0958 0x06fc Dfsc - ok
09:28:26.0977 0x06fc [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\Windows\system32\dhcpcore.dll
09:28:26.0997 0x06fc Dhcp - ok
09:28:27.0039 0x06fc [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack C:\Windows\system32\diagtrack.dll
09:28:27.0077 0x06fc DiagTrack - ok
09:28:27.0089 0x06fc [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\Windows\system32\drivers\disk.sys
09:28:27.0100 0x06fc disk - ok
09:28:27.0105 0x06fc [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
09:28:27.0116 0x06fc dmvsc - ok
09:28:27.0124 0x06fc [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:28:27.0141 0x06fc Dnscache - ok
09:28:27.0161 0x06fc [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\Windows\System32\dot3svc.dll
09:28:27.0186 0x06fc dot3svc - ok
09:28:27.0199 0x06fc [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\Windows\system32\dps.dll
09:28:27.0216 0x06fc DPS - ok
09:28:27.0222 0x06fc [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:28:27.0231 0x06fc drmkaud - ok
09:28:27.0242 0x06fc [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
09:28:27.0261 0x06fc DsmSvc - ok
09:28:27.0305 0x06fc [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:28:27.0354 0x06fc DXGKrnl - ok
09:28:27.0371 0x06fc [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\Windows\System32\eapsvc.dll
09:28:27.0389 0x06fc Eaphost - ok
09:28:27.0477 0x06fc [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:28:27.0565 0x06fc ebdrv - ok
09:28:27.0579 0x06fc [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\Windows\System32\lsass.exe
09:28:27.0591 0x06fc EFS - ok
09:28:27.0597 0x06fc [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
09:28:27.0607 0x06fc EhStorClass - ok
09:28:27.0618 0x06fc [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
09:28:27.0629 0x06fc EhStorTcgDrv - ok
09:28:27.0636 0x06fc [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys
09:28:27.0651 0x06fc ErrDev - ok
09:28:27.0669 0x06fc [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\Windows\system32\es.dll
09:28:27.0690 0x06fc EventSystem - ok
09:28:27.0698 0x06fc [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys
09:28:27.0720 0x06fc exfat - ok
09:28:27.0728 0x06fc [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:28:27.0743 0x06fc fastfat - ok
09:28:27.0773 0x06fc [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\Windows\system32\fxssvc.exe
09:28:27.0800 0x06fc Fax - ok
09:28:27.0810 0x06fc [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys
09:28:27.0823 0x06fc fdc - ok
09:28:27.0831 0x06fc [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\Windows\system32\fdPHost.dll
09:28:27.0845 0x06fc fdPHost - ok
09:28:27.0850 0x06fc [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\Windows\system32\fdrespub.dll
09:28:27.0867 0x06fc FDResPub - ok
09:28:27.0884 0x06fc [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\Windows\system32\fhsvc.dll
09:28:27.0901 0x06fc fhsvc - ok
09:28:27.0909 0x06fc [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:28:27.0920 0x06fc FileInfo - ok
09:28:27.0929 0x06fc [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:28:27.0948 0x06fc Filetrace - ok
09:28:27.0953 0x06fc [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
09:28:27.0971 0x06fc flpydisk - ok
09:28:27.0985 0x06fc [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:28:28.0001 0x06fc FltMgr - ok
09:28:28.0045 0x06fc [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache C:\Windows\system32\FntCache.dll
09:28:28.0090 0x06fc FontCache - ok
09:28:28.0110 0x06fc [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:28:28.0121 0x06fc FontCache3.0.0.0 - ok
09:28:28.0127 0x06fc [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:28:28.0138 0x06fc FsDepends - ok
09:28:28.0142 0x06fc [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:28:28.0153 0x06fc Fs_Rec - ok
09:28:28.0177 0x06fc [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:28:28.0199 0x06fc fvevol - ok
09:28:28.0205 0x06fc [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
09:28:28.0219 0x06fc FxPPM - ok
09:28:28.0224 0x06fc [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:28:28.0236 0x06fc gagp30kx - ok
09:28:28.0241 0x06fc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:28:28.0249 0x06fc GEARAspiWDM - ok
09:28:28.0255 0x06fc [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
09:28:28.0267 0x06fc gencounter - ok
09:28:28.0278 0x06fc [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
09:28:28.0290 0x06fc GPIOClx0101 - ok
09:28:28.0322 0x06fc [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\Windows\System32\gpsvc.dll
09:28:28.0361 0x06fc gpsvc - ok
09:28:28.0376 0x06fc GPU-Z - ok
09:28:28.0390 0x06fc [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:28:28.0408 0x06fc HdAudAddService - ok
09:28:28.0414 0x06fc [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
09:28:28.0425 0x06fc HDAudBus - ok
09:28:28.0430 0x06fc [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
09:28:28.0441 0x06fc HidBatt - ok
09:28:28.0448 0x06fc [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys
09:28:28.0460 0x06fc HidBth - ok
09:28:28.0465 0x06fc [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
09:28:28.0477 0x06fc hidi2c - ok
09:28:28.0481 0x06fc [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys
09:28:28.0492 0x06fc HidIr - ok
09:28:28.0497 0x06fc [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\Windows\system32\hidserv.dll
09:28:28.0509 0x06fc hidserv - ok
09:28:28.0514 0x06fc [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
09:28:28.0524 0x06fc HidUsb - ok
09:28:28.0530 0x06fc [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\Windows\system32\kmsvc.dll
09:28:28.0543 0x06fc hkmsvc - ok
09:28:28.0552 0x06fc [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:28:28.0568 0x06fc HomeGroupListener - ok
09:28:28.0580 0x06fc [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:28:28.0600 0x06fc HomeGroupProvider - ok
09:28:28.0605 0x06fc [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:28:28.0614 0x06fc HpSAMD - ok
09:28:28.0636 0x06fc [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:28:28.0666 0x06fc HTTP - ok
09:28:28.0671 0x06fc [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:28:28.0680 0x06fc hwpolicy - ok
09:28:28.0683 0x06fc [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
09:28:28.0694 0x06fc hyperkbd - ok
09:28:28.0698 0x06fc [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
09:28:28.0709 0x06fc HyperVideo - ok
09:28:28.0716 0x06fc [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
09:28:28.0728 0x06fc i8042prt - ok
09:28:28.0732 0x06fc [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
09:28:28.0739 0x06fc iaLPSSi_GPIO - ok
09:28:28.0745 0x06fc [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
09:28:28.0753 0x06fc iaLPSSi_I2C - ok
09:28:28.0769 0x06fc [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
09:28:28.0787 0x06fc iaStorAV - ok
09:28:28.0799 0x06fc [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:28:28.0817 0x06fc iaStorV - ok
09:28:28.0820 0x06fc IEEtwCollectorService - ok
09:28:28.0842 0x06fc [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\Windows\System32\ikeext.dll
09:28:28.0873 0x06fc IKEEXT - ok
09:28:28.0952 0x06fc [ CC2521C1BE66E922196431B77F765178, 07106F575F715F761E01D3788053CBA6E53DD8390CE79BD4F6FC2BCDDC34C982 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:28:29.0030 0x06fc IntcAzAudAddService - ok
09:28:29.0039 0x06fc [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys
09:28:29.0048 0x06fc intelide - ok
09:28:29.0052 0x06fc [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\Windows\system32\drivers\intelpep.sys
09:28:29.0062 0x06fc intelpep - ok
09:28:29.0067 0x06fc [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys
09:28:29.0080 0x06fc intelppm - ok
09:28:29.0085 0x06fc [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:28:29.0100 0x06fc IpFilterDriver - ok
09:28:29.0120 0x06fc [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:28:29.0149 0x06fc iphlpsvc - ok
09:28:29.0155 0x06fc [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
09:28:29.0167 0x06fc IPMIDRV - ok
09:28:29.0173 0x06fc [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:28:29.0186 0x06fc IPNAT - ok
09:28:29.0201 0x06fc [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:28:29.0218 0x06fc iPod Service - ok
09:28:29.0223 0x06fc [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:28:29.0236 0x06fc IRENUM - ok
09:28:29.0240 0x06fc [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:28:29.0250 0x06fc isapnp - ok
09:28:29.0260 0x06fc [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
09:28:29.0275 0x06fc iScsiPrt - ok
09:28:29.0281 0x06fc [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
09:28:29.0291 0x06fc kbdclass - ok
09:28:29.0295 0x06fc [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
09:28:29.0307 0x06fc kbdhid - ok
09:28:29.0311 0x06fc [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
09:28:29.0323 0x06fc kdnic - ok
09:28:29.0327 0x06fc [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\Windows\system32\lsass.exe
09:28:29.0337 0x06fc KeyIso - ok
09:28:29.0349 0x06fc [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
09:28:29.0363 0x06fc kl1 - ok
09:28:29.0369 0x06fc [ 2248A9F2B7704271C72E306001C7FBE0, FEC8E10F4FAB332E36C1C5801396174B4CE21186431A2A234CE49695C4674ACA ] klelam C:\Windows\system32\DRIVERS\klelam.sys
09:28:29.0378 0x06fc klelam - ok
09:28:29.0394 0x06fc [ E8D6C80D4E11383CEE269F9C27E6464C, 5E9EAD64AE221AE8BF87730A7FDDF8023805184D12A058A147ECD887FA3D3012 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
09:28:29.0412 0x06fc KLIF - ok
09:28:29.0417 0x06fc [ B6822DEFE601629F19E0A2D7F0D623F2, FD71A2AA3FC4698B5436D185E2F2A3EB6A111AE8F35606E1658E2D18CE744F13 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
09:28:29.0424 0x06fc KLIM6 - ok
09:28:29.0429 0x06fc [ B45DEC5BD71885E833DF3D837CE7C606, 8A81802122EE6BD791E36F9F27D921C9BC4D5B6604C0A79F9F1D806AD44B9869 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
09:28:29.0436 0x06fc klkbdflt - ok
09:28:29.0440 0x06fc [ 8849D8F6259D3494E8C5C9482EE40A08, 62C60FD28916407AEF3C4F8B8FF7E5FCDFAE261E772E672E3E06F0D0CA6D6729 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
09:28:29.0447 0x06fc klmouflt - ok
09:28:29.0451 0x06fc [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd C:\Windows\system32\DRIVERS\klpd.sys
09:28:29.0458 0x06fc klpd - ok
09:28:29.0463 0x06fc [ C66A4C640B7F9606668D35D726D2FF51, B6708A516D55FDDB3C5F018827D4E0B52D2B65D7B0DC33A9AECC301A05A860DE ] klwfp C:\Windows\system32\DRIVERS\klwfp.sys
09:28:29.0473 0x06fc klwfp - ok
09:28:29.0480 0x06fc [ 91BC1C5B00275A4D7FD669EFF0DDEB2A, B745518E1916441A49565478EA77C8DBC784E7B4D9DAD1EA1F648ED1727F413D ] kneps C:\Windows\system32\DRIVERS\kneps.sys
09:28:29.0490 0x06fc kneps - ok
09:28:29.0496 0x06fc [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:28:29.0506 0x06fc KSecDD - ok
09:28:29.0514 0x06fc [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:28:29.0527 0x06fc KSecPkg - ok
09:28:29.0531 0x06fc [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:28:29.0544 0x06fc ksthunk - ok
09:28:29.0554 0x06fc [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:28:29.0573 0x06fc KtmRm - ok
09:28:29.0584 0x06fc [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\Windows\system32\srvsvc.dll
09:28:29.0602 0x06fc LanmanServer - ok
09:28:29.0611 0x06fc [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:28:29.0630 0x06fc LanmanWorkstation - ok
09:28:29.0639 0x06fc [ 1D5C6790425CB6DBB1B3C2722C34E199, D8BCC31A443B77711A7CA468E754A73137C1CC47D6F3DA5BEE3735B654327B0C ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
09:28:29.0652 0x06fc LBTServ - ok
09:28:29.0658 0x06fc [ 5EA1731968F2FD0E950DDCE6D36C5134, 16C47AA60CB62F206DBF3B4FAF99FCA667E7193178D1B7ECB162FA87C008BAA3 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
09:28:29.0666 0x06fc LEqdUsb - ok
09:28:29.0679 0x06fc [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
09:28:29.0699 0x06fc lfsvc - ok
09:28:29.0704 0x06fc [ 50AC0930F05DFB996F085B49E112E5C9, C5147E92656506981705AFCAA97B7BDAD0929FF39C1666E774BE1BD32FB08387 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
09:28:29.0710 0x06fc LHidEqd - ok
09:28:29.0715 0x06fc [ 96EB043E2843B5A87A486D0BC6921094, 0B339A18B2F536F12B2C1B4FEDEB3A815DC7F8E7B082144EE084B3E6ED067FBC ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:28:29.0722 0x06fc LHidFilt - ok
09:28:29.0726 0x06fc [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:28:29.0741 0x06fc lltdio - ok
09:28:29.0751 0x06fc [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:28:29.0768 0x06fc lltdsvc - ok
09:28:29.0772 0x06fc [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:28:29.0785 0x06fc lmhosts - ok
09:28:29.0789 0x06fc [ A5C1DA229B3B660BBF3BDC30ADBFBB61, B657092424C6BF418A6FA56353370C195D9CA67999B355E8EDD6AFCFD9FEF8E5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:28:29.0797 0x06fc LMouFilt - ok
09:28:29.0804 0x06fc [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:28:29.0815 0x06fc LSI_SAS - ok
09:28:29.0819 0x06fc [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:28:29.0830 0x06fc LSI_SAS2 - ok
09:28:29.0835 0x06fc [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
09:28:29.0846 0x06fc LSI_SAS3 - ok
09:28:29.0851 0x06fc [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
09:28:29.0861 0x06fc LSI_SSS - ok
09:28:29.0879 0x06fc [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\Windows\System32\lsm.dll
09:28:29.0905 0x06fc LSM - ok
09:28:29.0912 0x06fc [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys
09:28:29.0924 0x06fc luafv - ok
09:28:29.0931 0x06fc [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
09:28:29.0939 0x06fc mbamchameleon - ok
09:28:29.0943 0x06fc [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:28:29.0949 0x06fc MBAMProtector - ok
09:28:29.0986 0x06fc [ 301E3FDFCF33640BB8763BA444BC5093, 362B069BB9A313A06B376CE27E6F7F8D569F6CA39A8ABC96D9DF231EE462C604 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
09:28:30.0024 0x06fc MBAMScheduler - ok
09:28:30.0050 0x06fc [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
09:28:30.0076 0x06fc MBAMService - ok
09:28:30.0085 0x06fc [ 8F22037D3F5A6BB676525D825A1388B9, 2AAC748D46136DFA1BE45150BF0AB7707D45391CAC1F63B964D341D11B135C91 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
09:28:30.0094 0x06fc MBAMSwissArmy - ok
09:28:30.0098 0x06fc [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
09:28:30.0105 0x06fc MBAMWebAccessControl - ok
09:28:30.0110 0x06fc [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys
09:28:30.0120 0x06fc megasas - ok
09:28:30.0134 0x06fc [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys
09:28:30.0155 0x06fc megasr - ok
09:28:30.0161 0x06fc [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\Windows\system32\mmcss.dll
09:28:30.0174 0x06fc MMCSS - ok
09:28:30.0179 0x06fc [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys
09:28:30.0193 0x06fc Modem - ok
09:28:30.0198 0x06fc [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys
09:28:30.0208 0x06fc monitor - ok
09:28:30.0214 0x06fc [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\Windows\System32\drivers\mouclass.sys
09:28:30.0223 0x06fc mouclass - ok
09:28:30.0232 0x06fc [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\Windows\System32\drivers\mouhid.sys
09:28:30.0243 0x06fc mouhid - ok
09:28:30.0249 0x06fc [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:28:30.0259 0x06fc mountmgr - ok
09:28:30.0266 0x06fc [ 22A7042C70F90F8261840740DDBB5176, AD0075C97D2D7C568D5CFB1C3A02DCE3BC01941844A759B29CD4DE4AF2F5FC45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:28:30.0275 0x06fc MozillaMaintenance - ok
09:28:30.0281 0x06fc [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:28:30.0293 0x06fc mpsdrv - ok
09:28:30.0312 0x06fc [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\Windows\system32\mpssvc.dll
09:28:30.0352 0x06fc MpsSvc - ok
09:28:30.0359 0x06fc [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:28:30.0372 0x06fc MRxDAV - ok
09:28:30.0383 0x06fc [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:28:30.0403 0x06fc mrxsmb - ok
09:28:30.0412 0x06fc [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:28:30.0427 0x06fc mrxsmb10 - ok
09:28:30.0434 0x06fc [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:28:30.0463 0x06fc mrxsmb20 - ok
09:28:30.0468 0x06fc [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
09:28:30.0481 0x06fc MsBridge - ok
09:28:30.0487 0x06fc [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\Windows\System32\msdtc.exe
09:28:30.0500 0x06fc MSDTC - ok
09:28:30.0507 0x06fc [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:28:30.0519 0x06fc Msfs - ok
09:28:30.0524 0x06fc [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
09:28:30.0534 0x06fc msgpiowin32 - ok
09:28:30.0538 0x06fc [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:28:30.0550 0x06fc mshidkmdf - ok
09:28:30.0555 0x06fc [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
09:28:30.0569 0x06fc mshidumdf - ok
09:28:30.0575 0x06fc [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:28:30.0585 0x06fc msisadrv - ok
09:28:30.0592 0x06fc [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:28:30.0607 0x06fc MSiSCSI - ok
09:28:30.0610 0x06fc msiserver - ok
09:28:30.0614 0x06fc [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:28:30.0625 0x06fc MSKSSRV - ok
09:28:30.0630 0x06fc [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
09:28:30.0641 0x06fc MsLldp - ok
09:28:30.0645 0x06fc [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:28:30.0656 0x06fc MSPCLOCK - ok
09:28:30.0660 0x06fc [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:28:30.0671 0x06fc MSPQM - ok
09:28:30.0681 0x06fc [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:28:30.0698 0x06fc MsRPC - ok
09:28:30.0704 0x06fc [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
09:28:30.0714 0x06fc mssmbios - ok
09:28:30.0719 0x06fc [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:28:30.0729 0x06fc MSTEE - ok
09:28:30.0733 0x06fc [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
09:28:30.0745 0x06fc MTConfig - ok
09:28:30.0749 0x06fc [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\Windows\system32\Drivers\mup.sys
09:28:30.0760 0x06fc Mup - ok
09:28:30.0764 0x06fc [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys
09:28:30.0774 0x06fc mvumis - ok
09:28:30.0786 0x06fc [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\Windows\system32\qagentRT.dll
09:28:30.0807 0x06fc napagent - ok
09:28:30.0819 0x06fc [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:28:30.0840 0x06fc NativeWifiP - ok
09:28:30.0847 0x06fc [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\Windows\System32\ncasvc.dll
09:28:30.0862 0x06fc NcaSvc - ok
09:28:30.0868 0x06fc [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\Windows\System32\ncbservice.dll
09:28:30.0882 0x06fc NcbService - ok
09:28:30.0887 0x06fc [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
09:28:30.0900 0x06fc NcdAutoSetup - ok
09:28:30.0923 0x06fc [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:28:30.0958 0x06fc NDIS - ok
09:28:30.0964 0x06fc [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:28:30.0976 0x06fc NdisCap - ok
09:28:30.0982 0x06fc [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
09:28:30.0995 0x06fc NdisImPlatform - ok
09:28:30.0999 0x06fc [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:28:31.0010 0x06fc NdisTapi - ok
09:28:31.0015 0x06fc [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:28:31.0026 0x06fc Ndisuio - ok
09:28:31.0031 0x06fc [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
09:28:31.0044 0x06fc NdisVirtualBus - ok
09:28:31.0051 0x06fc [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:28:31.0068 0x06fc NdisWan - ok
09:28:31.0074 0x06fc [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
09:28:31.0090 0x06fc NdisWanLegacy - ok
09:28:31.0095 0x06fc [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:28:31.0107 0x06fc NDProxy - ok
09:28:31.0112 0x06fc [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\Windows\system32\drivers\Ndu.sys
09:28:31.0125 0x06fc Ndu - ok
09:28:31.0130 0x06fc [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:28:31.0141 0x06fc NetBIOS - ok
09:28:31.0150 0x06fc [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:28:31.0166 0x06fc NetBT - ok
09:28:31.0170 0x06fc [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\Windows\system32\lsass.exe
09:28:31.0181 0x06fc Netlogon - ok
09:28:31.0189 0x06fc [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\Windows\System32\netman.dll
09:28:31.0205 0x06fc Netman - ok
09:28:31.0219 0x06fc [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\Windows\System32\netprofmsvc.dll
09:28:31.0241 0x06fc netprofm - ok
09:28:31.0250 0x06fc [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:28:31.0261 0x06fc NetTcpPortSharing - ok
09:28:31.0267 0x06fc [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\Windows\System32\drivers\netvsc63.sys
09:28:31.0279 0x06fc netvsc - ok
09:28:31.0289 0x06fc [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll
09:28:31.0308 0x06fc NlaSvc - ok
09:28:31.0313 0x06fc [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:28:31.0326 0x06fc Npfs - ok
09:28:31.0330 0x06fc [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
09:28:31.0341 0x06fc npsvctrig - ok
09:28:31.0345 0x06fc [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\Windows\system32\nsisvc.dll
09:28:31.0357 0x06fc nsi - ok
09:28:31.0362 0x06fc [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:28:31.0374 0x06fc nsiproxy - ok
09:28:31.0418 0x06fc [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:28:31.0471 0x06fc Ntfs - ok
09:28:31.0477 0x06fc [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys
09:28:31.0489 0x06fc Null - ok
09:28:31.0495 0x06fc [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:28:31.0506 0x06fc nvraid - ok
09:28:31.0513 0x06fc [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:28:31.0525 0x06fc nvstor - ok
09:28:31.0531 0x06fc [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:28:31.0542 0x06fc nv_agp - ok
09:28:31.0553 0x06fc [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:28:31.0572 0x06fc p2pimsvc - ok
09:28:31.0584 0x06fc [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\Windows\system32\p2psvc.dll
09:28:31.0604 0x06fc p2psvc - ok
09:28:31.0610 0x06fc [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\Windows\System32\drivers\parport.sys
09:28:31.0622 0x06fc Parport - ok
09:28:31.0627 0x06fc [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:28:31.0638 0x06fc partmgr - ok
09:28:31.0650 0x06fc [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:28:31.0670 0x06fc PcaSvc - ok
09:28:31.0681 0x06fc [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys
09:28:31.0695 0x06fc pci - ok
09:28:31.0699 0x06fc [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys
09:28:31.0707 0x06fc pciide - ok
09:28:31.0714 0x06fc [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:28:31.0725 0x06fc pcmcia - ok
09:28:31.0729 0x06fc [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys
09:28:31.0739 0x06fc pcw - ok
09:28:31.0744 0x06fc [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\Windows\system32\drivers\pdc.sys
09:28:31.0755 0x06fc pdc - ok
09:28:31.0770 0x06fc [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:28:31.0793 0x06fc PEAUTH - ok
09:28:31.0840 0x06fc [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:28:31.0852 0x06fc PerfHost - ok
09:28:31.0886 0x06fc [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\Windows\system32\pla.dll
09:28:31.0927 0x06fc pla - ok
09:28:31.0935 0x06fc [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:28:31.0948 0x06fc PlugPlay - ok
09:28:31.0952 0x06fc [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:28:31.0965 0x06fc PNRPAutoReg - ok
09:28:31.0974 0x06fc [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:28:31.0992 0x06fc PNRPsvc - ok
09:28:32.0004 0x06fc [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:28:32.0023 0x06fc PolicyAgent - ok
09:28:32.0030 0x06fc [ 4671F353D0DF74C3B0D2D00DE676F56C, 0F75009DD36B2E18212CE855FB7CA7D273E5749D8F2F451655ED81AA5E86BA9F ] postgresql-8.4 c:\postgreSQL\bin\pg_ctl.exe
09:28:32.0036 0x06fc postgresql-8.4 - detected UnsignedFile.Multi.Generic ( 1 )
09:28:35.0633 0x06fc Detect skipped due to KSN trusted
09:28:35.0633 0x06fc postgresql-8.4 - ok
09:28:35.0638 0x06fc [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\Windows\system32\umpo.dll
09:28:35.0651 0x06fc Power - ok
09:28:35.0711 0x06fc [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
09:28:35.0773 0x06fc PrintNotify - ok
09:28:35.0784 0x06fc [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys
09:28:35.0797 0x06fc Processor - ok
09:28:35.0804 0x06fc [ C8D39A07CAD9EF1C86BD5D7CAC98DA54, 10146D1E023D9BC5B8CBAADE6A70D87A41BDABAA44D812B609C13563DF25527A ] ProfSvc C:\Windows\system32\profsvc.dll
09:28:35.0820 0x06fc ProfSvc - ok
09:28:35.0827 0x06fc [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:28:35.0840 0x06fc Psched - ok
09:28:35.0849 0x06fc [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\Windows\system32\qwave.dll
09:28:35.0867 0x06fc QWAVE - ok
09:28:35.0872 0x06fc [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:28:35.0883 0x06fc QWAVEdrv - ok
09:28:35.0887 0x06fc [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:28:35.0898 0x06fc RasAcd - ok
09:28:35.0903 0x06fc [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\Windows\System32\rasauto.dll
09:28:35.0917 0x06fc RasAuto - ok
09:28:35.0931 0x06fc [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\Windows\System32\rasmans.dll
09:28:35.0953 0x06fc RasMan - ok
09:28:35.0958 0x06fc [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:28:35.0972 0x06fc RasPppoe - ok
09:28:35.0983 0x06fc [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:28:36.0001 0x06fc rdbss - ok
09:28:36.0007 0x06fc [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
09:28:36.0017 0x06fc rdpbus - ok
09:28:36.0024 0x06fc [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:28:36.0038 0x06fc RDPDR - ok
09:28:36.0045 0x06fc [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:28:36.0054 0x06fc RdpVideoMiniport - ok
09:28:36.0062 0x06fc [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:28:36.0076 0x06fc rdyboost - ok
09:28:36.0098 0x06fc [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\Windows\system32\drivers\ReFS.sys
09:28:36.0127 0x06fc ReFS - ok
09:28:36.0136 0x06fc [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:28:36.0151 0x06fc RemoteAccess - ok
09:28:36.0158 0x06fc [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:28:36.0173 0x06fc RemoteRegistry - ok
09:28:36.0179 0x06fc [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:28:36.0193 0x06fc RpcEptMapper - ok
09:28:36.0198 0x06fc [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\Windows\system32\locator.exe
09:28:36.0209 0x06fc RpcLocator - ok
09:28:36.0229 0x06fc [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\Windows\system32\rpcss.dll
09:28:36.0255 0x06fc RpcSs - ok
09:28:36.0261 0x06fc [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:28:36.0275 0x06fc rspndr - ok
09:28:36.0294 0x06fc [ D9C5260772FDA64AB729C0B4822F11E3, D52B79C4D30D18AD5DE60EFE68BFAF4221C0F4D226F5067312CE546EDE4E89CE ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
09:28:36.0316 0x06fc RTL8168 - ok
09:28:36.0327 0x06fc [ BE374DC1B2B07D7453D3BA15E8B49A46, EF273E9A64115933C371AC22F2BB1E3A47F5350A209F41B4A2A3000ED91E0188 ] RzWizardService C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
09:28:36.0339 0x06fc RzWizardService - detected UnsignedFile.Multi.Generic ( 1 )
09:28:39.0927 0x06fc Detect skipped due to KSN trusted
09:28:39.0927 0x06fc RzWizardService - ok
09:28:39.0932 0x06fc [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
09:28:39.0944 0x06fc s3cap - ok
09:28:39.0949 0x06fc [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\Windows\system32\lsass.exe
09:28:39.0961 0x06fc SamSs - ok
09:28:39.0969 0x06fc [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:28:39.0980 0x06fc sbp2port - ok
09:28:39.0996 0x06fc [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:28:40.0013 0x06fc SCardSvr - ok
09:28:40.0023 0x06fc [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
09:28:40.0037 0x06fc ScDeviceEnum - ok
09:28:40.0042 0x06fc [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:28:40.0053 0x06fc scfilter - ok
09:28:40.0080 0x06fc [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule C:\Windows\system32\schedsvc.dll
09:28:40.0114 0x06fc Schedule - ok
09:28:40.0122 0x06fc [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:28:40.0136 0x06fc SCPolicySvc - ok
09:28:40.0145 0x06fc [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\Windows\System32\drivers\sdbus.sys
09:28:40.0161 0x06fc sdbus - ok
09:28:40.0167 0x06fc [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys
09:28:40.0177 0x06fc sdstor - ok
09:28:40.0181 0x06fc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:28:40.0193 0x06fc secdrv - ok
09:28:40.0198 0x06fc [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\Windows\system32\seclogon.dll
09:28:40.0211 0x06fc seclogon - ok
09:28:40.0216 0x06fc [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\Windows\System32\sens.dll
09:28:40.0230 0x06fc SENS - ok
09:28:40.0238 0x06fc [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:28:40.0254 0x06fc SensrSvc - ok
09:28:40.0259 0x06fc [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys
09:28:40.0270 0x06fc SerCx - ok
09:28:40.0276 0x06fc [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
09:28:40.0288 0x06fc SerCx2 - ok
09:28:40.0292 0x06fc [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\Windows\System32\drivers\serenum.sys
09:28:40.0303 0x06fc Serenum - ok
09:28:40.0308 0x06fc [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\Windows\System32\drivers\serial.sys
09:28:40.0321 0x06fc Serial - ok
09:28:40.0325 0x06fc [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\Windows\System32\drivers\sermouse.sys
09:28:40.0336 0x06fc sermouse - ok
09:28:40.0351 0x06fc [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\Windows\system32\sessenv.dll
09:28:40.0369 0x06fc SessionEnv - ok
09:28:40.0374 0x06fc [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
09:28:40.0385 0x06fc sfloppy - ok
09:28:40.0397 0x06fc [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:28:40.0417 0x06fc SharedAccess - ok
09:28:40.0433 0x06fc [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:28:40.0458 0x06fc ShellHWDetection - ok
09:28:40.0463 0x06fc [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:28:40.0472 0x06fc SiSRaid2 - ok
09:28:40.0477 0x06fc [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:28:40.0488 0x06fc SiSRaid4 - ok
09:28:40.0496 0x06fc [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:28:40.0510 0x06fc SkypeUpdate - ok
09:28:40.0515 0x06fc [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\Windows\System32\smphost.dll
09:28:40.0526 0x06fc smphost - ok
09:28:40.0534 0x06fc [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:28:40.0547 0x06fc SNMPTRAP - ok
09:28:40.0561 0x06fc [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\Windows\system32\drivers\spaceport.sys
09:28:40.0579 0x06fc spaceport - ok
09:28:40.0584 0x06fc [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
09:28:40.0594 0x06fc SpbCx - ok
09:28:40.0612 0x06fc [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\Windows\System32\spoolsv.exe
09:28:40.0640 0x06fc Spooler - ok
09:28:40.0763 0x06fc [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\Windows\system32\sppsvc.exe
09:28:40.0918 0x06fc sppsvc - ok
09:28:40.0939 0x06fc [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:28:40.0957 0x06fc srv - ok
09:28:40.0973 0x06fc [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:28:40.0996 0x06fc srv2 - ok
09:28:41.0005 0x06fc [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:28:41.0020 0x06fc srvnet - ok
09:28:41.0028 0x06fc [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:28:41.0045 0x06fc SSDPSRV - ok
09:28:41.0052 0x06fc [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:28:41.0066 0x06fc SstpSvc - ok
09:28:41.0083 0x06fc [ AC8B882D658AF3070167F59AE92E5CA3, 7781475B6A49DCE239FEE2B32767A7E58188EF04BC4BB29E04B40DAFD8214E85 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:28:41.0104 0x06fc Steam Client Service - ok
09:28:41.0109 0x06fc [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:28:41.0120 0x06fc stexstor - ok
09:28:41.0135 0x06fc [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\Windows\System32\wiaservc.dll
09:28:41.0159 0x06fc stisvc - ok
09:28:41.0166 0x06fc [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys
09:28:41.0177 0x06fc storahci - ok
09:28:41.0182 0x06fc [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:28:41.0192 0x06fc storflt - ok
09:28:41.0197 0x06fc [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\Windows\system32\drivers\stornvme.sys
09:28:41.0207 0x06fc stornvme - ok
09:28:41.0211 0x06fc [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\Windows\system32\storsvc.dll
09:28:41.0224 0x06fc StorSvc - ok
09:28:41.0229 0x06fc [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:28:41.0238 0x06fc storvsc - ok
09:28:41.0242 0x06fc [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\Windows\system32\svsvc.dll
09:28:41.0254 0x06fc svsvc - ok
09:28:41.0259 0x06fc [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\Windows\System32\drivers\swenum.sys
09:28:41.0267 0x06fc swenum - ok
09:28:41.0284 0x06fc [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\Windows\System32\swprv.dll
09:28:41.0310 0x06fc swprv - ok
09:28:41.0337 0x06fc [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\Windows\system32\sysmain.dll
09:28:41.0371 0x06fc SysMain - ok
09:28:41.0381 0x06fc [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
09:28:41.0399 0x06fc SystemEventsBroker - ok
09:28:41.0405 0x06fc [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:28:41.0419 0x06fc TabletInputService - ok
09:28:41.0429 0x06fc [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\Windows\System32\tapisrv.dll
09:28:41.0446 0x06fc TapiSrv - ok
09:28:41.0495 0x06fc [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:28:41.0557 0x06fc Tcpip - ok
09:28:41.0611 0x06fc [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:28:41.0673 0x06fc TCPIP6 - ok
09:28:41.0683 0x06fc [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:28:41.0694 0x06fc tcpipreg - ok
09:28:41.0701 0x06fc [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:28:41.0715 0x06fc tdx - ok
09:28:41.0720 0x06fc [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys
09:28:41.0729 0x06fc terminpt - ok
09:28:41.0753 0x06fc [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\Windows\System32\termsrv.dll
09:28:41.0785 0x06fc TermService - ok
09:28:41.0791 0x06fc [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\Windows\system32\themeservice.dll
09:28:41.0804 0x06fc Themes - ok
09:28:41.0809 0x06fc [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\Windows\system32\mmcss.dll
09:28:41.0821 0x06fc THREADORDER - ok
09:28:41.0829 0x06fc [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
09:28:41.0846 0x06fc TimeBroker - ok
09:28:41.0854 0x06fc [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\Windows\system32\drivers\tpm.sys
09:28:41.0865 0x06fc TPM - ok
09:28:41.0871 0x06fc [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\Windows\System32\trkwks.dll
09:28:41.0885 0x06fc TrkWks - ok
09:28:41.0890 0x06fc [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:28:41.0902 0x06fc TrustedInstaller - ok
09:28:41.0912 0x06fc [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:28:41.0924 0x06fc TsUsbFlt - ok
09:28:41.0928 0x06fc [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
09:28:41.0939 0x06fc TsUsbGD - ok
09:28:41.0946 0x06fc [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:28:41.0962 0x06fc tunnel - ok
09:28:41.0967 0x06fc [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:28:41.0977 0x06fc uagp35 - ok
09:28:41.0983 0x06fc [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
09:28:41.0993 0x06fc UASPStor - ok
09:28:42.0001 0x06fc [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
09:28:42.0014 0x06fc UCX01000 - ok
09:28:42.0023 0x06fc [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:28:42.0040 0x06fc udfs - ok
09:28:42.0044 0x06fc [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys
09:28:42.0053 0x06fc UEFI - ok
09:28:42.0060 0x06fc [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:28:42.0073 0x06fc UI0Detect - ok
09:28:42.0078 0x06fc [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:28:42.0087 0x06fc uliagpkx - ok
09:28:42.0092 0x06fc [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys
09:28:42.0104 0x06fc umbus - ok
09:28:42.0108 0x06fc [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys
09:28:42.0119 0x06fc UmPass - ok
09:28:42.0128 0x06fc [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\Windows\System32\umrdp.dll
09:28:42.0147 0x06fc UmRdpService - ok
09:28:42.0159 0x06fc [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\Windows\System32\upnphost.dll
09:28:42.0181 0x06fc upnphost - ok
09:28:42.0188 0x06fc [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:28:42.0201 0x06fc usbaudio - ok
09:28:42.0209 0x06fc [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
09:28:42.0221 0x06fc usbccgp - ok
09:28:42.0226 0x06fc [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\Windows\System32\drivers\usbcir.sys
09:28:42.0238 0x06fc usbcir - ok
09:28:42.0244 0x06fc [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\Windows\System32\drivers\usbehci.sys
09:28:42.0255 0x06fc usbehci - ok
09:28:42.0269 0x06fc [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\Windows\System32\drivers\usbhub.sys
09:28:42.0288 0x06fc usbhub - ok
09:28:42.0303 0x06fc [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
09:28:42.0321 0x06fc USBHUB3 - ok
09:28:42.0327 0x06fc [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\Windows\System32\drivers\usbohci.sys
09:28:42.0339 0x06fc usbohci - ok
09:28:42.0344 0x06fc [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys
09:28:42.0356 0x06fc usbprint - ok
09:28:42.0365 0x06fc [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
09:28:42.0378 0x06fc USBSTOR - ok
09:28:42.0383 0x06fc [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
09:28:42.0395 0x06fc usbuhci - ok
09:28:42.0406 0x06fc [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
09:28:42.0421 0x06fc USBXHCI - ok
09:28:42.0426 0x06fc [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\Windows\system32\lsass.exe
09:28:42.0437 0x06fc VaultSvc - ok
09:28:42.0441 0x06fc [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:28:42.0451 0x06fc vdrvroot - ok
09:28:42.0479 0x06fc [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\Windows\System32\vds.exe
09:28:42.0515 0x06fc vds - ok
09:28:42.0524 0x06fc [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
09:28:42.0537 0x06fc VerifierExt - ok
09:28:42.0554 0x06fc [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
09:28:42.0574 0x06fc vhdmp - ok
09:28:42.0580 0x06fc [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys
09:28:42.0588 0x06fc viaide - ok
09:28:42.0594 0x06fc [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:28:42.0604 0x06fc vmbus - ok
09:28:42.0608 0x06fc [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
09:28:42.0619 0x06fc VMBusHID - ok
09:28:42.0633 0x06fc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
09:28:42.0655 0x06fc vmicguestinterface - ok
09:28:42.0667 0x06fc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
09:28:42.0688 0x06fc vmicheartbeat - ok
09:28:42.0700 0x06fc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
09:28:42.0722 0x06fc vmickvpexchange - ok
09:28:42.0735 0x06fc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\Windows\System32\ICSvc.dll
09:28:42.0755 0x06fc vmicrdv - ok
09:28:42.0768 0x06fc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\Windows\System32\ICSvc.dll
09:28:42.0789 0x06fc vmicshutdown - ok
09:28:42.0802 0x06fc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\Windows\System32\ICSvc.dll
09:28:42.0822 0x06fc vmictimesync - ok
09:28:42.0835 0x06fc [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\Windows\System32\ICSvc.dll
09:28:42.0859 0x06fc vmicvss - ok
09:28:42.0866 0x06fc [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:28:42.0876 0x06fc volmgr - ok
09:28:42.0887 0x06fc [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:28:42.0904 0x06fc volmgrx - ok
09:28:42.0916 0x06fc [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:28:42.0931 0x06fc volsnap - ok
09:28:42.0939 0x06fc [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\Windows\System32\drivers\vpci.sys
09:28:42.0949 0x06fc vpci - ok
09:28:42.0956 0x06fc [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:28:42.0968 0x06fc vsmraid - ok
09:28:42.0998 0x06fc [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\Windows\system32\vssvc.exe
09:28:43.0037 0x06fc VSS - ok
09:28:43.0048 0x06fc [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
09:28:43.0063 0x06fc VSTXRAID - ok
09:28:43.0068 0x06fc [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:28:43.0079 0x06fc vwifibus - ok
09:28:43.0091 0x06fc [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\Windows\system32\w32time.dll
09:28:43.0109 0x06fc W32Time - ok
09:28:43.0115 0x06fc [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
09:28:43.0126 0x06fc WacomPen - ok
09:28:43.0160 0x06fc [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\Windows\system32\wbengine.exe
09:28:43.0200 0x06fc wbengine - ok
09:28:43.0214 0x06fc [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:28:43.0235 0x06fc WbioSrvc - ok
09:28:43.0247 0x06fc [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
09:28:43.0266 0x06fc Wcmsvc - ok
09:28:43.0280 0x06fc [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:28:43.0300 0x06fc wcncsvc - ok
09:28:43.0305 0x06fc [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:28:43.0318 0x06fc WcsPlugInService - ok
09:28:43.0323 0x06fc [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
09:28:43.0333 0x06fc WdBoot - ok
09:28:43.0352 0x06fc [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:28:43.0375 0x06fc Wdf01000 - ok
09:28:43.0385 0x06fc [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
09:28:43.0399 0x06fc WdFilter - ok
09:28:43.0405 0x06fc [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:28:43.0420 0x06fc WdiServiceHost - ok
09:28:43.0425 0x06fc [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:28:43.0440 0x06fc WdiSystemHost - ok
09:28:43.0446 0x06fc [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
09:28:43.0458 0x06fc WdNisDrv - ok
09:28:43.0462 0x06fc WdNisSvc - ok
09:28:43.0471 0x06fc [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\Windows\System32\webclnt.dll
09:28:43.0487 0x06fc WebClient - ok
09:28:43.0495 0x06fc [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:28:43.0511 0x06fc Wecsvc - ok
09:28:43.0516 0x06fc [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
09:28:43.0529 0x06fc WEPHOSTSVC - ok
09:28:43.0534 0x06fc [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:28:43.0550 0x06fc wercplsupport - ok
09:28:43.0556 0x06fc [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\Windows\System32\WerSvc.dll
09:28:43.0571 0x06fc WerSvc - ok
09:28:43.0578 0x06fc [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
09:28:43.0589 0x06fc WFPLWFS - ok
09:28:43.0595 0x06fc [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\Windows\System32\wiarpc.dll
09:28:43.0607 0x06fc WiaRpc - ok
09:28:43.0612 0x06fc [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:28:43.0621 0x06fc WIMMount - ok
09:28:43.0623 0x06fc WinDefend - ok
09:28:43.0646 0x06fc [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
09:28:43.0673 0x06fc WinHttpAutoProxySvc - ok
09:28:43.0685 0x06fc [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:28:43.0700 0x06fc Winmgmt - ok
09:28:43.0753 0x06fc [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\Windows\system32\WsmSvc.dll
09:28:43.0813 0x06fc WinRM - ok
09:28:43.0827 0x06fc [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\Windows\System32\drivers\WinUsb.sys
09:28:43.0840 0x06fc WinUsb - ok
09:28:43.0872 0x06fc [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\Windows\System32\wlansvc.dll
09:28:43.0912 0x06fc WlanSvc - ok
09:28:43.0949 0x06fc [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\Windows\system32\wlidsvc.dll
09:28:43.0990 0x06fc wlidsvc - ok
09:28:43.0997 0x06fc [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
09:28:44.0008 0x06fc WmiAcpi - ok
09:28:44.0017 0x06fc [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:28:44.0032 0x06fc wmiApSrv - ok
09:28:44.0035 0x06fc WMPNetworkSvc - ok
09:28:44.0042 0x06fc [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys
09:28:44.0054 0x06fc Wof - ok
09:28:44.0089 0x06fc [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
09:28:44.0131 0x06fc workfolderssvc - ok
09:28:44.0138 0x06fc [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
09:28:44.0148 0x06fc wpcfltr - ok
09:28:44.0152 0x06fc [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:28:44.0165 0x06fc WPCSvc - ok
09:28:44.0170 0x06fc [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:28:44.0183 0x06fc WPDBusEnum - ok
09:28:44.0187 0x06fc [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
09:28:44.0196 0x06fc WpdUpFltr - ok
09:28:44.0201 0x06fc [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:28:44.0214 0x06fc ws2ifsl - ok
09:28:44.0221 0x06fc [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\Windows\System32\wscsvc.dll
09:28:44.0236 0x06fc wscsvc - ok
09:28:44.0239 0x06fc WSearch - ok
09:28:44.0307 0x06fc [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\Windows\System32\WSService.dll
09:28:44.0396 0x06fc WSService - ok
09:28:44.0472 0x06fc [ 50CEC061C6D6FD2B9C89BECD08991CCB, 31EB1601426223E712C4E4AA29410EDFC81E020996A402BD3E850A2EAF127286 ] wuauserv C:\Windows\system32\wuaueng.dll
09:28:44.0550 0x06fc wuauserv - ok
09:28:44.0563 0x06fc [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:28:44.0576 0x06fc WudfPf - ok
09:28:44.0585 0x06fc [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
09:28:44.0599 0x06fc WUDFRd - ok
09:28:44.0606 0x06fc [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\Windows\System32\drivers\WUDFRd.sys
09:28:44.0620 0x06fc WUDFSensorLP - ok
09:28:44.0626 0x06fc [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:28:44.0640 0x06fc wudfsvc - ok
09:28:44.0649 0x06fc [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\Windows\System32\drivers\WUDFRd.sys
09:28:44.0663 0x06fc WUDFWpdFs - ok
09:28:44.0670 0x06fc [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\Windows\System32\drivers\WUDFRd.sys
09:28:44.0684 0x06fc WUDFWpdMtp - ok
09:28:44.0698 0x06fc [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:28:44.0719 0x06fc WwanSvc - ok
09:28:44.0726 0x06fc ================ Scan global ===============================
09:28:44.0731 0x06fc [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\Windows\system32\basesrv.dll
09:28:44.0738 0x06fc [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
09:28:44.0746 0x06fc [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
09:28:44.0758 0x06fc [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
09:28:44.0765 0x06fc [ Global ] - ok
09:28:44.0766 0x06fc ================ Scan MBR ==================================
09:28:44.0768 0x06fc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:28:44.0787 0x06fc \Device\Harddisk0\DR0 - ok
09:28:44.0789 0x06fc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
09:28:44.0824 0x06fc \Device\Harddisk1\DR1 - ok
09:28:44.0825 0x06fc ================ Scan VBR ==================================
09:28:44.0826 0x06fc [ 9919289D6928AB5EE96FEA7218FCAE61 ] \Device\Harddisk0\DR0\Partition1
09:28:44.0828 0x06fc \Device\Harddisk0\DR0\Partition1 - ok
09:28:44.0830 0x06fc [ 1CEE5141BADAF2783BC95EE0ACEF6513 ] \Device\Harddisk0\DR0\Partition2
09:28:44.0831 0x06fc \Device\Harddisk0\DR0\Partition2 - ok
09:28:44.0833 0x06fc [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
09:28:44.0833 0x06fc \Device\Harddisk0\DR0\Partition3 - ok
09:28:44.0835 0x06fc [ 0B25417BCB550912E92233DE7D648CED ] \Device\Harddisk0\DR0\Partition4
09:28:44.0837 0x06fc \Device\Harddisk0\DR0\Partition4 - ok
09:28:44.0838 0x06fc [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
09:28:44.0838 0x06fc \Device\Harddisk1\DR1\Partition1 - ok
09:28:44.0841 0x06fc [ 8682DB2BFEA4B35464B719ABD0DF867F ] \Device\Harddisk1\DR1\Partition2
09:28:44.0884 0x06fc \Device\Harddisk1\DR1\Partition2 - ok
09:28:44.0886 0x06fc [ 06DF17D5EF1202F2B5879CA223F550B8 ] \Device\Harddisk1\DR1\Partition3
09:28:44.0887 0x06fc \Device\Harddisk1\DR1\Partition3 - ok
09:28:44.0887 0x06fc ================ Scan generic autorun ======================
09:28:45.0028 0x06fc [ E1026B2975D308D43E896A108C92F1BD, 562903C88BC3CBD86E9A813001C72576181F2470286040240BAC92E5BF1F1583 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
09:28:45.0164 0x06fc RTHDVCPL - ok
09:28:45.0233 0x06fc [ 2433692BFC2631DC28B0705C1B760FF2, BBDE902F984E0968A3062F3EEA624E804B03095C67C280CDA4E85D02F46B7CDC ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
09:28:45.0293 0x06fc EvtMgr6 - ok
09:28:45.0301 0x06fc [ 690EB331346D7ADFDA18E50042DEA4B4, 0C219D7A5FCD4E0252C815373E67F843DBD7356FAE7AB836C451068B51438FE7 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
09:28:45.0313 0x06fc Classic Start Menu - detected UnsignedFile.Multi.Generic ( 1 )
09:28:48.0913 0x06fc Detect skipped due to KSN trusted
09:28:48.0913 0x06fc Classic Start Menu - ok
09:28:48.0918 0x06fc [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
09:28:48.0926 0x06fc iTunesHelper - ok
09:28:48.0947 0x06fc [ 3CD5FD3FED5388DC01A072DB5D06C9CD, BED3D0CE4EF7A8D0FAB8B1E2E519D2B7F9BB81E62F5CBC6C968179FC20956165 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
09:28:48.0967 0x06fc StartCCC - ok
09:28:48.0988 0x06fc [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:28:49.0012 0x06fc Adobe ARM - ok
09:28:49.0020 0x06fc [ 1227EC13EB996C1016A577B87B4A5AEC, 072EA1BEF053726E22A804992237210E9D9F4A448A920A64D8CF94B7D210BA2E ] C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
09:28:49.0029 0x06fc RzWizard - detected UnsignedFile.Multi.Generic ( 1 )
09:28:52.0614 0x06fc Detect skipped due to KSN trusted
09:28:52.0614 0x06fc RzWizard - ok
09:28:52.0656 0x06fc [ EB2D7C483923060D6CD42B4A294833E6, 2B6498D92A4CA13B56F880BD34506AC6C0A27E055326248ED03D3EEB56C85C1B ] D:\Google\Chrome\Application\chrome.exe
09:28:52.0678 0x06fc GoogleChromeAutoLaunch_A752B9523338A8D2D47F144E00B0239D - ok
09:28:52.0681 0x06fc Skype - ok
09:28:52.0687 0x06fc [ 1F3B8FA4BB95CC4DEC61E04DD93F0E70, EED87D913CE951E2E2C24083A4487B2A7D8B34537BCF713F465CF29D13AEF50C ] C:\Users\Ibrahim\AppData\Roaming\Auto Clicker\AutoClicker.exe
09:28:52.0696 0x06fc MurGee.com Auto Clicker - ok
09:28:52.0703 0x06fc [ 8576EC783C671002D5CF21CADEF2CE31, 1EFA0CCF4C103AA198740C662FE473BB1456458DEE70BD04B16CACEB4CE94492 ] C:\Users\Ibrahim\AppData\Local\Apps\2.0\X4BO9JD3.19D\AQ5EN8BO.B6O\entr..tion_67e48c3a2893e7a3_0008.0003_6433b85113fc2172\Entropia Tracker Suite.exe
09:28:52.0711 0x06fc Entropia Tracker Suite - detected UnsignedFile.Multi.Generic ( 1 )
09:28:56.0489 0x06fc Entropia Tracker Suite ( UnsignedFile.Multi.Generic ) - warning
09:28:56.0489 0x06fc Force sending object to P2P due to detect: C:\Users\Ibrahim\AppData\Local\Apps\2.0\X4BO9JD3.19D\AQ5EN8BO.B6O\entr..tion_67e48c3a2893e7a3_0008.0003_6433b85113fc2172\Entropia Tracker Suite.exe
09:28:59.0942 0x06fc Object send P2P result: true
09:29:12.0459 0x06fc [ 47DBCC66CF9A3DCEF2D42051431160D3, 5E99CB8333471E80590AED8CA139EF859AD617D1C7BD9406913A86016DCA08F6 ] C:\Program Files\CCleaner\CCleaner64.exe
09:29:12.0615 0x06fc CCleaner Monitoring - ok
09:29:12.0630 0x06fc Waiting for KSN requests completion. In queue: 1
09:29:13.0646 0x06fc Waiting for KSN requests completion. In queue: 1
09:29:14.0646 0x06fc Waiting for KSN requests completion. In queue: 1
09:29:15.0647 0x06fc Waiting for KSN requests completion. In queue: 1
09:29:16.0772 0x06fc AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x61100 ( enabled : updated )
09:29:16.0772 0x06fc AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x40000 ( disabled : updated )
09:29:16.0772 0x06fc FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmifw.exe ( 14.0.0.4651 ), 0x40010 ( disabled )
09:29:16.0819 0x06fc Win FW state via NFP2: disabled ( trusted )
09:29:29.0164 0x06fc ============================================================
09:29:29.0164 0x06fc Scan finished
09:29:29.0164 0x06fc ============================================================
09:29:29.0164 0x18ec Detected object count: 1
09:29:29.0164 0x18ec Actual detected object count: 1
09:30:07.0152 0x18ec Entropia Tracker Suite ( UnsignedFile.Multi.Generic ) - skipped by user
09:30:07.0152 0x18ec Entropia Tracker Suite ( UnsignedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.08.04.01
rootkit: v2015.08.03.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17905
Ibrahim :: PC [administrator]
04.08.2015 09:26:33
mbar-log-2015-08-04 (09-26-33).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 396311
Time elapsed: 5 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
04.08.2015, 15:29
| #5 |
| /// the machine /// TB-Ausbilder | Windows 8.1 - Browser immer langsamer - Disconnects und stark schwankende Internetgeschwindigkeit Nee eigentlich nicht wirklich. Malware seh ich keine. http://support2.microsoft.com/kb/929135/de Bitte einen Clean Boot machen. Wenn das Problem dann weg ist, einzeln wieder Dienste aktivieren, dazwischen immer einen Reboot machen. Solange bis Du weißt welcher Dienst die Probleme macht. Diesen dann hier benennen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.08.2015, 15:57
| #6 |
| | Windows 8.1 - Browser immer langsamer - Disconnects und stark schwankende Internetgeschwindigkeit Ok. Ist jetzt ne komische Situation da mein Ping zwar noch immer sehr sehr hoch ist aber es im Moment nicht laggt. Werde versuchen es einzugrenzen! Vielen dank für die Hilfe |
|
05.08.2015, 06:34
| #7 |
| /// the machine /// TB-Ausbilder | Windows 8.1 - Browser immer langsamer - Disconnects und stark schwankende Internetgeschwindigkeit Ok 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8.1 - Browser immer langsamer - Disconnects und stark schwankende Internetgeschwindigkeit |
| .dll, adobe, bonjour, browser, ccsetup, defender, desktop, dnsapi.dll, down, ebanking, explorer, failed, firefox, flash player, homepage, hängen, internet, kaspersky, mozilla, realtek, registry, scan, security, services.exe, software, temp, tracker, usb, windows |
Linear-Darstellung
