Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Pc spinnt / Unknown MBR Code... Bootkit?

Pc spinnt / Unknown MBR Code... Bootkit?


Log-Analyse und Auswertung: Pc spinnt / Unknown MBR Code... Bootkit?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 21.10.2015, 19:21   #1
FrankW187
 
Pc spinnt / Unknown MBR Code... Bootkit? - Standard

Pc spinnt / Unknown MBR Code... Bootkit?


Hallo,

also teilweise spinnt das Internet an meinem Rechner. Der Seitenaufbau funktioniert dann teilweise und die Seiten laden dann endlos aber laden nur teilweise in Chrome und auch FF IE nutze ich nicht. Leitung 100Mbit und bei anderen Clients ist mir das Problem bisher noch nicht aufgefallen. Des Weiteren hatte ich das Gefühl, dass der PC teilweise ferngesteuert wird z.B. einfach aus dem Ruhezuhstand aufwacht und andere merkwüdige Sachen passieren deshalb auch mein Beitrag.

Gefunden habe ich bisher Unknown MBR code. Anstelle nur zu fixen würde mich auch eine Möglichkeit interessieren um den MBR code zu betrachten und zu sehen was oder eventuell auch wer oder wie der PC infiziert wurde.

Wie sieht es eigentlich aus mit UEFI Rootkits oder Rootkits in Grafikkarten? Auch wenn es noch nicht sehr häufig ist funktionieren tut es ja. Wie kann man Grafikkarte und UEFI überprüfen?

Anbei die Logfiles mir ist nichts besonderes aufgefallen außer GMER und da gab es auch 2 Fehlermeldungen "C:\windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird." und C:\users\Frank\ntuser.dat auch. Hab vorher auch schon Trojaner gefunden z.b. Katusha etc ist alles schon gelöscht aber leider läuft der PC noch nicht richtig. MBAM hat nur PUP gefunden.


Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:17 on 21/10/2015 (Frank)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FSRT.txt
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
durchgeführt von Frank (Administrator) auf Frank-PC (21-10-2015 14:22:18)
Gestartet von C:\scan
Geladene Profile: Frank & Gast (Verfügbare Profile: Frank & Gast)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avp.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avpui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Spotify Ltd) C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Valve Corporation) E:\Games\steam\Steam.exe
(Valve Corporation) E:\Games\steam\bin\steamwebhelper.exe
(Valve Corporation) E:\Games\steam\bin\steamwebhelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [976896 2012-12-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe [2918152 2014-08-18] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1137705209-1149081475-1850392428-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [242688 2013-07-12] (SteelSeries ApS)
HKU\S-1-5-21-1137705209-1149081475-1850392428-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1137705209-1149081475-1850392428-1000\...\Run: [Dropbox Update] => C:\Users\Frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-1137705209-1149081475-1850392428-1000\...\Run: [Spotify Web Helper] => C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-13] (Spotify Ltd)
HKU\S-1-5-21-1137705209-1149081475-1850392428-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [242688 2013-07-12] (SteelSeries ApS)
HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Run: [Spotify Web Helper] => C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-13] (Spotify Ltd)
HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Run: [Plex Media Server] => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-20] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-20] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-20] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-20] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-20] (TODO: <Company name>)
Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-06-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyServer: [S-1-5-21-1137705209-1149081475-1850392428-1000] => socks=localhost:5000
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{0D40A8AD-C772-4206-AB38-D0B0BACE1433}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{3CE39511-DE4F-4A30-B9C3-85902ED1EF3F}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{B6C2ADF6-5E8C-4D2E-9779-E615AE0AF4C9}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{E629FDD8-146A-491C-8B9C-620A1483C367}: [DhcpNameServer] 192.168.0.1 192.168.0.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1137705209-1149081475-1850392428-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1137705209-1149081475-1850392428-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1137705209-1149081475-1850392428-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Kein Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Keine Datei
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)

FireFox:
========
FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default
FF Homepage: hxxps://startpage.com/do/mypage.pl?prf=42d6615880469f9cf2f55006e95e1f5f
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 5000
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-14] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.746\npSurveillancePlugin_x86_64.dll [2015-07-31] (Synology)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [2013-05-30] (ESN Social Software AB)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-05-05] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-05-05] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-05-05] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2014-11-27] (Samsung Techwin)
FF Plugin-x32: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2014-11-27] (Samsung Techwin)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2014-08-17] (Samsung Techwin)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.746\npSurveillancePlugin.dll [2015-07-31] (Synology)
FF Plugin HKU\S-1-5-21-1137705209-1149081475-1850392428-1000: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2014-11-27] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-1137705209-1149081475-1850392428-1000: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2014-11-27] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-1137705209-1149081475-1850392428-1000: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2014-08-17] (Samsung Techwin)
FF user.js: detected! => C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\user.js [2015-10-05]
FF user.js: detected! => C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\n3xu4gt9.clear\user.js [2015-10-05]
FF user.js: detected! => C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\user.js [2015-10-05]
FF user.js: detected! => C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\6lrco4ln.1233213123123123\user.js [2015-10-05]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml [2014-01-20]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml [2013-08-06]
FF SearchPlugin: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml [2013-08-06]
FF Extension: German Dictionary - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2015-05-28] [ist nicht signiert]
FF Extension: Valence - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\fxdevtools-adapters@mozilla.org [2015-09-29]
FF Extension: HTTPS-Everywhere - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\https-everywhere@eff.org [2015-08-24]
FF Extension: YouTube Unblocker - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\youtubeunblocker__web@unblocker.yt [2015-09-01]
FF Extension: iMacros for Firefox - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-09-25]
FF Extension: Nightly Tester Tools - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2015-06-29]
FF Extension: WOT - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-10-21]
FF Extension: HttpRequester - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\{ea4637dc-e014-4c17-9c2c-879322d23268} [2015-10-06]
FF Extension: anonymoX - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\client@anonymox.net.xpi [2014-05-03]
FF Extension: Firebug - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\firebug@software.joehewitt.com.xpi [2013-08-28]
FF Extension: Ghostery - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\firefox@ghostery.com.xpi [2015-06-29]
FF Extension: MEGA - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\firefox@mega.co.nz.xpi [2014-11-16] [ist nicht signiert]
FF Extension: JS Deminifier - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\jsdeminifier@murphy.ben.name.xpi [2015-10-12]
FF Extension: JavaScript Deobfuscator - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\jsdeobfuscator@adblockplus.org.xpi [2015-10-12]
FF Extension: NoScript - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-24]
FF Extension: Tamper Data - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-06-26]
FF Extension: Video DownloadHelper - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-17]
FF Extension: Web Developer - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-09-01]
FF Extension: Adblock Plus - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-30]
FF Extension: User Agent Switcher - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\suyl9h7i.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-06-26]
FF Extension: Amazon-Icon - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\n3xu4gt9.clear\Extensions\amazon-icon@giga.de [2014-12-14] [ist nicht signiert]
FF Extension: HttpRequester - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\n3xu4gt9.clear\Extensions\{ea4637dc-e014-4c17-9c2c-879322d23268} [2015-10-05]
FF Extension: anonymoX - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\n3xu4gt9.clear\Extensions\client@anonymox.net.xpi [2015-10-05]
FF Extension: Kein Name - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\n3xu4gt9.clear\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-10-05] [ist nicht signiert]
FF Extension: Amazon-Icon - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\amazon-icon@giga.de [2014-12-14] [ist nicht signiert]
FF Extension: HTTPS-Everywhere - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-04-29] [ist nicht signiert]
FF Extension: Cookie Monster - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2014-04-29] [ist nicht signiert]
FF Extension: DownloadHelper - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-29] [ist nicht signiert]
FF Extension: Kein Name - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2014-04-29] [ist nicht signiert]
FF Extension: Kein Name - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-29] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-19] [ist nicht signiert]
FF Extension: Kein Name - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2014-03-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-05-05] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-05-05] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-05-05] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-05-05]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24]
CHR Extension: (Synology Web Clipper) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfbfimijgibligmbglggnbiobgjgmbk [2015-10-20]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

Opera: 
=======
OPR Extension: (Online Tvs 24/7) - C:\Users\Frank\AppData\Roaming\Opera Software\Opera Stable\Extensions\gpnolafbdbankibfhpmkgkalpiapmgme [2014-11-16]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
S4 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-07-28] ()
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Berlin)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avp.exe [194000 2015-06-23] (Kaspersky Lab ZAO)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Berlin)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [242664 2012-05-09] (CyberLink)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-07-27] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [Datei ist nicht signiert]
S4 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2013-07-30] (Creative Technology Ltd)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [Datei ist nicht signiert]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-02-27] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
S4 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138272 2014-09-05] ()
S4 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [219680 2014-09-05] ()
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2012-02-01] (Intel Corporation) [Datei ist nicht signiert]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-08-19] (MSI)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Berlin)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-15] (Electronic Arts)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-23] (Kaspersky Lab UK Ltd)
R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [112808 2014-08-15] (Corsair Components, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1049880 2013-07-30] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-07-30] (Creative Technology Ltd)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-08-15] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2014-07-29] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-23] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-23] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831672 2015-10-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-23] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-23] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-23] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-23] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-10-06] (Kaspersky Lab ZAO)
S3 lachesis35g; C:\Windows\System32\DRIVERS\lachesis35g.sys [11776 2012-12-10] (Razer USA Ltd) [Datei ist nicht signiert]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-06-01] (Riverbed Technology, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2011-07-05] (AVM Berlin)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-06-25] (SteelSeries Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 subvgaproduct64; C:\Windows\System32\DRIVERS\subvga64.sys [5120 2014-10-07] (Windows (R) Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [Datei ist nicht signiert]
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [Datei ist nicht signiert]
S1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [X]
S3 glavcam; system32\DRIVERS\glavcam.sys [X]
S3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [X]
S3 RTL8187; system32\DRIVERS\rtl8187.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-21 14:21 - 2015-10-21 14:22 - 00000000 ____D C:\FRST
2015-10-21 14:19 - 2015-10-21 14:22 - 00000000 ____D C:\scan
2015-10-21 14:17 - 2015-10-21 14:17 - 00000000 _____ C:\Users\Frank\defogger_reenable
2015-10-21 12:52 - 2015-10-21 13:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-21 12:23 - 2015-10-21 12:24 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-10-21 12:23 - 2015-10-21 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-10-21 12:23 - 2015-10-21 12:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-10-21 11:16 - 2015-10-21 11:16 - 00000021 _____ C:\Windows\S.dirmngr
2015-10-21 03:29 - 2015-10-21 03:29 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-21 03:29 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-10-21 03:20 - 2015-10-21 03:20 - 00001404 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-10-21 03:20 - 2015-10-21 03:20 - 00001392 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-10-21 03:20 - 2015-10-21 03:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-10-21 03:20 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-10-21 02:47 - 2015-10-21 02:47 - 00001215 _____ C:\Users\Frank\nas.lnk
2015-10-21 00:53 - 2015-10-21 00:53 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-20 22:42 - 2015-10-20 22:42 - 00002202 _____ C:\Users\Public\Desktop\Synology Photo Station Uploader.lnk
2015-10-20 22:42 - 2015-10-20 22:42 - 00000000 ____D C:\Users\Frank\AppData\Local\Synology
2015-10-20 22:39 - 2015-10-20 22:41 - 00000000 ____D C:\Users\Frank\AppData\Local\CloudStation
2015-10-20 22:39 - 2015-10-20 22:39 - 00002575 _____ C:\Users\Public\Desktop\Synology Cloud Station.lnk
2015-10-20 22:18 - 2015-10-20 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2015-10-20 22:18 - 2015-10-20 22:18 - 00001173 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2015-10-20 22:18 - 2015-10-20 22:18 - 00000000 ____D C:\ProgramData\Synology
2015-10-20 16:07 - 2015-10-20 16:07 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iReasoning
2015-10-20 16:07 - 2015-10-20 16:07 - 00000000 ____D C:\Program Files (x86)\ireasoning
2015-10-20 15:52 - 2015-10-20 15:52 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAgents MIB Browser
2015-10-20 15:52 - 2015-10-20 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAgents MIB Browser
2015-10-20 15:52 - 2015-10-20 15:52 - 00000000 ____D C:\Program Files (x86)\WinAgents
2015-10-18 22:12 - 2015-10-20 22:41 - 00000000 ____D C:\Program Files (x86)\Synology
2015-10-18 22:12 - 2015-10-18 22:12 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Synology
2015-10-18 18:30 - 2015-10-18 18:30 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-17 22:02 - 2015-10-21 11:16 - 00002688 _____ C:\Windows\PFRO.log
2015-10-17 20:28 - 2015-10-17 20:28 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-10-17 18:24 - 2015-10-17 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2015-10-17 18:24 - 2015-10-17 18:24 - 00000000 ____D C:\Program Files (x86)\HD Tune
2015-10-17 17:50 - 2015-10-17 17:50 - 00000125 _____ C:\Users\Frank\Synology Diskstation.url
2015-10-17 03:07 - 2015-10-21 11:16 - 00002127 _____ C:\Windows\setupact.log
2015-10-17 03:07 - 2015-10-17 16:04 - 00000000 _____ C:\Windows\setuperr.log
2015-10-16 18:07 - 2015-10-16 18:07 - 00000000 ____D C:\Program Files (x86)\Western Digital Corporation
2015-10-16 17:40 - 2015-10-16 18:03 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2015-10-16 17:12 - 2015-10-16 17:59 - 00000000 ____D C:\Users\Frank\AppData\Roaming\gsmartcontrol
2015-10-16 17:11 - 2015-10-16 17:59 - 00000000 ____D C:\Program Files (x86)\GSmartControl
2015-10-16 17:11 - 2015-10-16 17:11 - 00002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSmartControl.lnk
2015-10-16 12:41 - 2015-10-16 20:08 - 00000000 ____D C:\Program Files\ShrewSoft
2015-10-16 12:41 - 2015-10-16 12:41 - 00000036 ___SH C:\ProgramData\Shrew Soft VPN.dat
2015-10-16 12:41 - 2015-10-16 12:41 - 00000000 ____D C:\Users\Frank\AppData\Local\Shrew Soft VPN
2015-10-15 22:38 - 2015-10-15 22:38 - 00000000 ____D C:\Users\Frank\AppData\Roaming\AVM
2015-10-15 22:38 - 2015-10-15 22:38 - 00000000 ____D C:\Program Files (x86)\FRITZ!Fernzugang einrichten
2015-10-15 17:31 - 2015-10-03 07:06 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 22306936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 18359928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 16541040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 14832968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 13518496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 12032200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 11114616 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-10-15 17:31 - 2015-10-03 07:06 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 02489976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00689456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00512720 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00414000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-10-15 17:31 - 2015-10-03 07:06 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-10-15 17:31 - 2015-10-03 04:18 - 00102520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-10-15 17:29 - 2015-10-15 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
2015-10-15 15:49 - 2015-10-15 15:51 - 00000000 ____D C:\Users\Frank\AppData\Roaming\HandBrake
2015-10-15 15:48 - 2015-10-15 15:48 - 00000833 _____ C:\Users\Gast\Desktop\Handbrake.lnk
2015-10-15 15:48 - 2015-10-15 15:48 - 00000833 _____ C:\Users\Frank\Desktop\Handbrake.lnk
2015-10-15 15:48 - 2015-10-15 15:48 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-10-15 15:48 - 2015-10-15 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-10-15 15:48 - 2015-10-15 15:48 - 00000000 ____D C:\Program Files\Handbrake
2015-10-15 15:46 - 2015-10-15 15:46 - 00000000 ____D C:\Users\Frank\AppData\Local\Emicsoft Studio
2015-10-15 14:12 - 2015-10-15 14:12 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Brorsoft
2015-10-15 11:43 - 2015-09-18 21:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 11:43 - 2015-09-18 21:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 11:43 - 2015-09-18 21:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 11:43 - 2015-09-18 21:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 11:43 - 2015-09-18 21:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 11:43 - 2015-09-18 21:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 11:43 - 2015-09-18 21:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 13:54 - 2015-09-18 21:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 13:54 - 2015-09-18 20:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 13:54 - 2015-09-16 06:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 13:54 - 2015-09-16 06:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 13:54 - 2015-09-16 06:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 13:54 - 2015-09-16 06:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 13:54 - 2015-09-16 06:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 13:54 - 2015-09-16 06:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 13:54 - 2015-09-16 06:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 13:54 - 2015-09-16 06:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 13:54 - 2015-09-16 06:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 13:54 - 2015-09-16 06:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 13:54 - 2015-09-16 06:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 13:54 - 2015-09-16 06:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 13:54 - 2015-09-16 06:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 13:54 - 2015-09-16 06:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 13:54 - 2015-09-16 06:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 13:54 - 2015-09-16 06:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 13:54 - 2015-09-16 06:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 13:54 - 2015-09-16 06:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 13:54 - 2015-09-16 05:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 13:54 - 2015-09-16 05:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 13:54 - 2015-09-16 05:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 13:54 - 2015-09-16 05:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 13:54 - 2015-09-16 05:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 13:54 - 2015-09-16 05:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 13:54 - 2015-09-16 05:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 13:54 - 2015-09-16 05:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 13:54 - 2015-09-16 05:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 13:54 - 2015-09-16 05:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 13:54 - 2015-09-16 05:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 13:54 - 2015-09-16 05:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 13:54 - 2015-09-16 05:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 13:54 - 2015-09-16 05:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 13:54 - 2015-09-16 05:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 13:54 - 2015-09-16 05:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 13:54 - 2015-09-16 05:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 13:54 - 2015-09-16 05:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 13:54 - 2015-09-16 05:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 13:54 - 2015-09-16 05:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 13:54 - 2015-09-16 05:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 13:54 - 2015-09-16 05:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 13:54 - 2015-09-16 05:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 13:54 - 2015-09-16 05:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 13:54 - 2015-09-16 05:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 13:54 - 2015-09-16 05:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 13:54 - 2015-09-16 05:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 13:54 - 2015-09-16 05:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 13:54 - 2015-09-16 05:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 13:54 - 2015-09-16 05:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 13:54 - 2015-09-16 05:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 13:54 - 2015-09-16 05:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 13:54 - 2015-09-16 05:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 13:54 - 2015-09-16 05:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 13:54 - 2015-09-16 04:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 13:54 - 2015-09-16 04:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 13:54 - 2015-09-16 04:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 13:54 - 2015-09-16 04:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 13:54 - 2015-09-16 04:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 13:54 - 2015-09-16 04:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 13:54 - 2015-09-16 04:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 13:54 - 2015-09-16 04:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 13:54 - 2015-09-16 04:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 13:54 - 2015-09-16 04:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 13:54 - 2015-08-06 20:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 13:54 - 2015-08-06 20:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 13:54 - 2015-08-06 19:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 13:54 - 2015-08-06 19:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 13:53 - 2015-10-01 20:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 13:53 - 2015-10-01 20:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 13:53 - 2015-10-01 20:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 13:53 - 2015-10-01 20:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 13:53 - 2015-10-01 20:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 13:53 - 2015-10-01 20:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 13:53 - 2015-10-01 20:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 13:53 - 2015-10-01 19:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 13:53 - 2015-10-01 19:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 13:53 - 2015-09-29 05:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 13:53 - 2015-09-29 05:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 13:53 - 2015-09-29 05:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 13:53 - 2015-09-29 05:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 13:53 - 2015-09-29 05:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 13:53 - 2015-09-29 05:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 13:53 - 2015-09-29 05:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 13:53 - 2015-09-29 05:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 13:53 - 2015-09-29 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 13:53 - 2015-09-29 05:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 13:53 - 2015-09-29 05:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 13:53 - 2015-09-29 05:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 13:53 - 2015-09-29 05:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 13:53 - 2015-09-29 05:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 13:53 - 2015-09-29 05:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 13:53 - 2015-09-29 05:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 13:53 - 2015-09-29 05:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 13:53 - 2015-09-29 05:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 13:53 - 2015-09-29 05:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 13:53 - 2015-09-29 05:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 13:53 - 2015-09-29 05:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 13:53 - 2015-09-29 05:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 13:53 - 2015-09-29 05:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 13:53 - 2015-09-29 05:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 13:53 - 2015-09-29 05:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 13:53 - 2015-09-29 05:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 13:53 - 2015-09-29 05:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 13:53 - 2015-09-29 05:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 13:53 - 2015-09-29 04:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 13:53 - 2015-09-29 04:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 13:53 - 2015-09-29 04:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 13:53 - 2015-09-29 04:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 13:53 - 2015-09-29 04:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 13:53 - 2015-09-29 04:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 13:53 - 2015-09-29 04:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 13:53 - 2015-09-29 04:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 13:53 - 2015-09-29 04:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 13:53 - 2015-09-29 04:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 13:53 - 2015-09-29 04:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 13:53 - 2015-09-29 04:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 13:53 - 2015-09-29 04:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 13:53 - 2015-09-29 04:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 13:53 - 2015-09-29 04:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 03:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 13:53 - 2015-09-29 03:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 13:53 - 2015-09-29 03:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 13:53 - 2015-09-29 03:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 13:53 - 2015-09-29 03:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 13:53 - 2015-09-29 03:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 03:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 03:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:53 - 2015-09-29 03:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:53 - 2015-09-25 20:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 13:53 - 2015-09-25 20:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 13:53 - 2015-09-25 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 13:53 - 2015-09-25 20:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 13:53 - 2015-09-25 20:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 13:53 - 2015-09-25 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 13:53 - 2015-09-25 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 13:53 - 2015-09-25 20:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 13:53 - 2015-09-25 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 13:53 - 2015-09-25 20:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 13:53 - 2015-09-25 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 13:53 - 2015-09-25 19:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 13:53 - 2015-09-25 19:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 13:53 - 2015-09-25 19:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 13:53 - 2015-09-25 19:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 13:53 - 2015-09-25 19:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 13:53 - 2015-09-15 20:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 13:53 - 2015-09-15 20:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 13:53 - 2015-09-15 20:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 13:53 - 2015-09-15 20:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 13:53 - 2015-09-15 20:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 13:53 - 2015-09-15 20:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 13:53 - 2015-09-15 20:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 13:53 - 2015-09-15 20:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 13:53 - 2015-09-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 13:53 - 2015-09-15 19:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 13:53 - 2015-09-15 19:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 13:53 - 2015-09-15 19:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 13:53 - 2015-09-15 19:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:53 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-12 17:36 - 2015-10-12 17:40 - 00000000 ____D C:\Users\Frank\AppData\Roaming\npm-cache
2015-10-12 17:36 - 2015-10-12 17:39 - 00000000 ____D C:\Users\Frank\grunt
2015-10-12 17:35 - 2015-10-12 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-10-12 17:35 - 2015-10-12 17:35 - 00000000 ____D C:\ProgramData\Git
2015-10-12 17:34 - 2015-10-12 17:35 - 00000000 ____D C:\Program Files\Git
2015-10-12 17:32 - 2015-10-12 17:37 - 00000000 ____D C:\Users\Frank\AppData\Roaming\npm
2015-10-05 18:35 - 2015-10-05 18:35 - 00000000 ____D C:\Users\Frank\AppData\Local\CrashRpt
2015-10-02 10:19 - 2015-10-02 10:19 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015.lnk
2015-10-01 18:03 - 2015-10-13 21:51 - 00001456 _____ C:\Users\Frank\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-10-01 16:33 - 2015-10-01 16:33 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-10-01 16:32 - 2015-10-02 10:19 - 00000000 ____D C:\Program Files\Adobe
2015-10-01 16:32 - 2015-10-01 16:36 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-01 16:27 - 2015-10-21 11:17 - 00000000 ___RD C:\Users\Frank\Creative Cloud Files
2015-10-01 16:15 - 2015-10-01 16:15 - 00001209 _____ C:\Users\Public\Desktop\Light Image Resizer 4.lnk
2015-09-27 12:18 - 2015-09-14 02:29 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435598.dll
2015-09-27 12:18 - 2015-09-14 02:29 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435598.dll
2015-09-22 12:39 - 2015-09-22 12:39 - 00000000 ____D C:\Users\Frank\AppData\LocalLow\Oracle

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-21 14:17 - 2013-07-27 20:43 - 00000000 ____D C:\Users\Frank
2015-10-21 13:52 - 2015-06-23 19:41 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1137705209-1149081475-1850392428-1000UA.job
2015-10-21 13:36 - 2015-08-17 22:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-21 13:36 - 2014-02-24 08:05 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-21 13:15 - 2014-01-09 21:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-21 12:52 - 2015-05-29 00:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-21 12:26 - 2015-05-29 00:49 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-21 11:25 - 2013-07-31 19:32 - 00000000 ____D C:\Users\Frank\AppData\Roaming\FileZilla
2015-10-21 11:25 - 2009-07-14 06:45 - 00032144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-21 11:25 - 2009-07-14 06:45 - 00032144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-21 11:23 - 2011-04-12 09:43 - 00702348 _____ C:\Windows\system32\perfh007.dat
2015-10-21 11:23 - 2011-04-12 09:43 - 00150746 _____ C:\Windows\system32\perfc007.dat
2015-10-21 11:23 - 2009-07-14 07:13 - 01624034 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-21 11:19 - 2015-09-14 01:47 - 01767369 _____ C:\Windows\WindowsUpdate.log
2015-10-21 11:17 - 2014-12-21 19:14 - 00000000 ___RD C:\Users\Frank\Dropbox
2015-10-21 11:17 - 2014-12-21 19:13 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Dropbox
2015-10-21 11:17 - 2013-12-01 14:52 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-21 11:17 - 2013-07-31 23:00 - 00000000 ____D C:\Users\Frank\AppData\Local\Adobe
2015-10-21 11:16 - 2015-01-26 19:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-21 11:16 - 2014-02-24 08:05 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-21 11:16 - 2013-07-27 22:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-21 11:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-21 03:28 - 2014-06-14 00:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-10-21 03:20 - 2014-06-14 00:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-21 03:01 - 2015-05-29 00:49 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-21 03:01 - 2015-05-29 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-10-21 03:01 - 2015-05-29 00:49 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-10-20 20:10 - 2013-07-27 21:57 - 00000000 ____D C:\Users\Frank\AppData\Roaming\TS3Client
2015-10-20 18:36 - 2014-08-17 17:50 - 00000000 ____D C:\Users\Frank\.VirtualBox
2015-10-20 17:42 - 2015-07-09 20:24 - 00000000 ____D C:\Users\Frank\VirtualBox VMs
2015-10-20 16:06 - 2015-06-23 19:41 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1137705209-1149081475-1850392428-1000Core.job
2015-10-19 12:16 - 2015-04-11 16:30 - 00000000 ____D C:\Users\Frank\AppData\Local\CrashDumps
2015-10-19 11:59 - 2013-07-31 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-10-19 11:59 - 2013-07-31 19:31 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2015-10-18 16:17 - 2013-07-28 00:32 - 00000000 ____D C:\Users\Frank\AppData\Roaming\vlc
2015-10-18 14:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-17 21:58 - 2013-11-26 01:31 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-10-17 21:57 - 2013-07-27 21:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-17 21:56 - 2014-11-06 00:55 - 00000000 ____D C:\Program Files\TAP-Windows
2015-10-17 21:56 - 2014-11-06 00:55 - 00000000 ____D C:\Program Files\OpenVPN
2015-10-17 21:52 - 2015-06-27 05:53 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-10-17 20:28 - 2014-01-19 14:29 - 00000000 ____D C:\Users\Frank\AppData\Local\Downloaded Installations
2015-10-17 16:18 - 2014-12-29 15:26 - 00144896 ___SH C:\Users\Frank\Thumbs.db
2015-10-17 16:09 - 2014-09-05 21:17 - 00002562 _____ C:\Windows\diagwrn.xml
2015-10-17 16:09 - 2014-09-05 21:17 - 00001908 _____ C:\Windows\diagerr.xml
2015-10-17 15:13 - 2013-08-24 15:20 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-17 02:44 - 2013-11-25 23:03 - 00000000 ____D C:\Windows\Minidump
2015-10-17 00:44 - 2013-08-29 14:57 - 00000000 ____D C:\Program Files (x86)\Groovy
2015-10-17 00:31 - 2013-10-28 20:34 - 00000000 ____D C:\Users\Frank\AppData\Roaming\DVDVideoSoft
2015-10-16 23:53 - 2013-11-25 18:11 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Bitcoin
2015-10-16 23:52 - 2015-06-29 01:34 - 00000000 ____D C:\Program Files (x86)\Nmap
2015-10-16 23:51 - 2013-07-28 04:38 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-16 23:49 - 2015-05-04 22:45 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Litecoin
2015-10-16 23:43 - 2013-08-22 22:28 - 00000000 ____D C:\ProgramData\Origin
2015-10-16 20:11 - 2013-12-20 00:15 - 00000000 ____D C:\Users\Frank\AppData\Roaming\DogeCoin
2015-10-16 18:16 - 2014-02-21 03:14 - 00000000 ____D C:\ProgramData\VMware
2015-10-16 18:02 - 2015-06-29 20:39 - 00000000 ____D C:\Users\Frank\AppData\Roaming\.purple
2015-10-16 16:31 - 2014-02-21 03:28 - 00000000 ____D C:\Users\Frank\AppData\Local\VMware
2015-10-16 16:31 - 2014-02-21 03:27 - 00000000 ____D C:\Users\Frank\AppData\Roaming\VMware
2015-10-16 15:24 - 2015-02-23 21:33 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-16 15:15 - 2014-08-17 16:05 - 00000000 ____D C:\Users\Frank\AppData\Roaming\gnupg
2015-10-16 15:15 - 2014-08-17 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2015-10-16 15:06 - 2015-02-08 14:00 - 00000000 ___RD C:\Users\Frank\Virtual Machines
2015-10-15 17:32 - 2013-11-28 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-10-15 17:32 - 2013-07-27 20:58 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-15 17:29 - 2015-07-09 09:14 - 00000000 ____D C:\Program Files\FRITZ!Fernzugang
2015-10-15 17:19 - 2015-08-15 12:20 - 00001390 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-10-15 17:08 - 2014-12-12 00:27 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 17:08 - 2014-04-23 23:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 16:49 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-15 16:48 - 2013-07-28 02:39 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-10-15 16:00 - 2013-08-22 22:28 - 00000000 ____D C:\Program Files (x86)\Origin
2015-10-15 15:56 - 2013-07-28 01:45 - 00000000 ____D C:\Program Files (x86)\Uplay
2015-10-15 15:04 - 2015-02-20 18:39 - 00000000 ____D C:\Users\Frank\AppData\Local\Steam
2015-10-15 14:59 - 2013-07-27 21:26 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-15 02:39 - 2014-02-24 08:08 - 00002184 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-15 01:11 - 2015-06-28 23:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-15 01:11 - 2014-12-26 13:15 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-14 15:36 - 2015-08-17 22:31 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-14 15:36 - 2015-08-17 22:31 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 15:36 - 2015-08-17 22:31 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-14 14:05 - 2013-07-27 22:36 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 14:01 - 2013-07-27 22:05 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 02:27 - 2013-10-23 16:41 - 00000000 ____D C:\Users\Frank\AppData\Local\Battle.net
2015-10-14 01:20 - 2013-07-28 00:39 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Spotify
2015-10-13 20:30 - 2013-07-28 00:39 - 00000000 ____D C:\Users\Frank\AppData\Local\Spotify
2015-10-12 05:05 - 2015-08-15 12:19 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-10-12 05:05 - 2015-08-15 12:19 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-10-12 05:04 - 2015-08-15 12:19 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-10-12 05:04 - 2015-08-15 12:19 - 01710752 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-10-11 14:36 - 2013-07-27 21:57 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-10-10 16:28 - 2015-08-10 19:14 - 00000000 ____D C:\Program Files (x86)\StarCraft II - Legacy of the Void Beta
2015-10-09 03:06 - 2015-04-05 10:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-09 03:00 - 2015-04-05 10:42 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-08 17:31 - 2015-09-16 10:14 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-10-07 16:58 - 2013-08-26 13:28 - 00000000 ____D C:\Users\Frank\AppData\Roaming\TeamViewer
2015-10-06 10:31 - 2014-12-13 18:21 - 00831672 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-10-06 10:31 - 2014-11-10 17:48 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-10-05 14:15 - 2013-07-27 20:54 - 01656012 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-05 11:02 - 2015-01-15 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-10-05 09:50 - 2015-05-29 00:49 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-05-29 00:49 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-03 07:06 - 2015-08-15 12:18 - 15002304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-10-03 07:06 - 2015-08-15 12:18 - 03573832 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-10-03 07:06 - 2015-08-15 12:18 - 03154104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-10-03 07:06 - 2015-02-23 21:31 - 17395512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-10-03 07:06 - 2015-02-23 21:31 - 15716648 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-10-03 07:06 - 2015-02-23 21:31 - 12769408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-10-03 07:06 - 2014-06-10 19:31 - 00033507 _____ C:\Windows\system32\nvinfo.pb
2015-10-03 04:49 - 2015-02-23 21:24 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-10-03 04:49 - 2015-02-23 21:24 - 02982520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-10-03 04:49 - 2015-02-23 21:24 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-10-03 04:49 - 2015-02-23 21:24 - 00938800 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-10-03 04:49 - 2015-02-23 21:24 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-10-03 04:49 - 2015-02-23 21:24 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-10-02 21:56 - 2013-07-27 20:55 - 00071280 _____ C:\Users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-02 21:55 - 2009-07-14 06:45 - 00313928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-02 10:20 - 2013-07-31 23:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-02 10:19 - 2013-07-27 22:33 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Adobe
2015-10-01 16:32 - 2013-07-31 23:01 - 00000000 ____D C:\ProgramData\Adobe
2015-10-01 16:27 - 2014-01-12 01:49 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-10-01 16:27 - 2014-01-12 01:49 - 00001222 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-10-01 16:17 - 2013-08-04 14:10 - 00000000 ____D C:\Users\Frank\AppData\Roaming\ObviousIdea
2015-10-01 11:33 - 2015-02-23 21:24 - 05284082 _____ C:\Windows\system32\nvcoproc.bin
2015-10-01 10:23 - 2014-12-07 03:35 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1377350407

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-10-01 18:03 - 2015-10-13 21:51 - 0001456 _____ () C:\Users\Frank\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-12-21 21:45 - 2014-03-26 05:11 - 0000600 _____ () C:\Users\Frank\AppData\Local\PUTTY.RND
2015-06-20 12:27 - 2015-06-20 12:27 - 0000707 _____ () C:\Users\Frank\AppData\Local\recently-used.xbel
2014-01-15 20:39 - 2014-01-15 20:39 - 0000017 _____ () C:\Users\Frank\AppData\Local\resmon.resmoncfg
2014-12-13 22:26 - 2014-12-13 22:27 - 0014774 _____ () C:\Users\Frank\AppData\Local\WiDiSetupLog.20141213.212642.wdl
2014-12-14 00:12 - 2014-12-14 00:12 - 0015451 _____ () C:\Users\Frank\AppData\Local\WiDiSetupLog.20141213.231231.wdl
2013-07-27 21:15 - 2013-07-27 21:15 - 0477056 _____ () C:\ProgramData\1374952381.bdinstall.bin
2013-08-27 17:04 - 2013-08-27 17:04 - 0243048 _____ () C:\ProgramData\1377615743.bdinstall.bin
2015-10-16 12:41 - 2015-10-16 12:41 - 0000036 ___SH () C:\ProgramData\Shrew Soft VPN.dat

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\Shrew Soft VPN.dat


Einige Dateien in TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgrrgo9.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-21 01:03

==================== Ende von FRST.txt ============================

Alt 21.10.2015, 19:24   #2
FrankW187
 
Pc spinnt / Unknown MBR Code... Bootkit? - Standard

Pc spinnt / Unknown MBR Code... Bootkit?


Addition.txt
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-10-2015
durchgeführt von Frank (2015-10-21 14:22:37)
Gestartet von C:\scan
Windows 7 Professional Service Pack 1 (X64) (2013-07-27 18:43:49)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1137705209-1149081475-1850392428-500 - Administrator - Disabled)
Frank (S-1-5-21-1137705209-1149081475-1850392428-1000 - Administrator - Enabled) => C:\Users\Frank
Gast (S-1-5-21-1137705209-1149081475-1850392428-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1137705209-1149081475-1850392428-1009 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Small Office Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Small Office Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Small Office Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\uTorrent) (Version: 3.4.2.32891 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image HD (HKLM-x32\...\{A7D5787B-3A91-4433-A753-CFE520671683}) (Version: 13.0.12095 - Acronis)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.1 - Adobe Systems Incorporated)
Adobe Edge Animate CC (HKLM-x32\...\{00603DFF-6EC5-4E9E-AB3A-AD4C7D61FF13}) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Edge Code CC (HKLM-x32\...\{55D49B2B-6211-A705-FFDF-2F65E664EA0B}) (Version: 0.95 - Adobe Systems Incorporated)
Adobe Edge Inspect CC (HKLM-x32\...\{67D22EA0-4601-4450-9C99-042DABB0A315}) (Version: 1.0.408 - Adobe Systems Incorporated)
Adobe Edge Reflow CC Preview (HKLM-x32\...\{3EF53B20-D3C1-44B1-8DD9-CD51654EB20A}) (Version: 0.27.12254 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
Bitcoin (HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Bitcoin) (Version: 0.8.6 - Bitcoin project)
Bitcoin Core (64-bit) (HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Bitcoin Core (64-bit)) (Version: 0.9.0 - Bitcoin Core project)
Blender (HKLM\...\{428D5180-D956-45A6-BF06-68764A69097E}) (Version: 2.76.0 - Blender Foundation)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.116 - MSI)
Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version:  - EA Los Angeles)
ControlCenter (HKLM-x32\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Corsair Gaming Headset Software (HKLM-x32\...\{E7AB6875-782B-47B9-A969-7D4E3BB0C19A}) (Version: 2.0.35 - Corsair)
CPUID CPU-Z 1.65.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerProducer 5.5 (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.4118 - CyberLink Corp.)
DayZ Commander (HKLM-x32\...\{99C28455-E285-4639-B4C6-9F747C0C3D4C}) (Version: 0.92.90 - Dotjosh Studios)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Debugging Tools for Windows (x86) (HKLM-x32\...\{48F95CE7-69D9-4967-81F7-D763CABFBD53}) (Version: 6.10.3.233 - Microsoft Corporation)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
DiRT 2 (HKLM-x32\...\Steam App 12840) (Version:  - Codemasters Racing Studio)
Dogecoin (HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Dogecoin) (Version: 1.6.0.0 - Dogecoin)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
DriverTools 1.0 (HKLM-x32\...\DriverTools) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Dropbox (HKU\S-1-5-21-1137705209-1149081475-1850392428-1000\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.3.1 - AVM Berlin)
Ghost Recon Phantoms - EU (HKU\S-1-5-21-1137705209-1149081475-1850392428-1000\...\d8be6c3f847d7d92) (Version: 1.35.9425.2 - Ubisoft)
Ghost Recon Phantoms - EU (HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\d8be6c3f847d7d92) (Version: 1.35.9425.2 - Ubisoft)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.46.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.46.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Git version 2.6.1 (HKLM\...\Git_is1) (Version: 2.6.1 - The Git Development Community)
GoldCoin (GLD) (HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\GoldCoin (GLD)) (Version: 00.07.01.01 - GoldCoin (GLD))
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.28.00.06 - Huawei Technologies Co.,Ltd)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Infinity Wars - Animated Trading Card Game (HKLM-x32\...\Steam App 257730) (Version:  - Lightmare Studios)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Tools for UPnP(TM) Technologies (HKLM-x32\...\{616406E6-C8E1-4AFE-A625-A2F2F4531787}) (Version: 1.0.0 - Intel)
iReasoning MIB Browser (remove only) (HKU\S-1-5-21-1137705209-1149081475-1850392428-1000\...\ireasoning) (Version:  - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JonDo (HKLM-x32\...\JonDoUninstall) (Version:  - )
Kane & Lynch 2: Dog Days (HKLM-x32\...\Steam App 28000) (Version:  - IO Interactive)
Kaspersky Small Office Security (HKLM-x32\...\InstallWIX_{33F9240D-1887-4FF9-8A6E-35F32A05A277}) (Version: 15.0.2.396 - Kaspersky Lab)
Kaspersky Small Office Security (x32 Version: 15.0.2.396 - Kaspersky Lab) Hidden
K-Lite Mega Codec Pack 10.8.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.5 - )
Kodi (HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Light Image Resizer 4.7.4.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.7.4.0 - ObviousIdea)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
Litecoin (HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Litecoin) (Version: 0.8.6.2 - Litecoin project)
Live Update 5 (HKLM-x32\...\{E8BAA541-D161-4C9B-85BF-01F05A56BD7F}}_is1) (Version: 5.0.111 - MSI)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Medal of Honor(TM) Multiplayer (HKLM-x32\...\Steam App 47830) (Version:  - Electronic Arts)
Medal of Honor(TM) Single Player (HKLM-x32\...\Steam App 47790) (Version:  - Electronic Arts)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{D8D25854-D7F0-45C5-8702-D650A5A23E21}) (Version: 2.3.2208 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Test Professional 2013 (HKLM-x32\...\{3002812a-da7c-48a7-b3dc-52f420d234d9}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.3.0 (x86 de)) (Version: 38.3.0 - Mozilla)
My Game Long Name (HKLM\...\UDK-189f07ab-62b1-47bf-a5f0-c4a7001ec41e) (Version:  - Epic Games, Inc.)
NetBeans IDE 7.3.1 (HKLM\...\nbi-nb-base-7.3.1.0.201306052037) (Version: 7.3.1 - NetBeans.org)
NetworkGenie (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.00.0000 - MSI)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 150223.102780 - Square Enix Ltd)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA CUDA Documentation 5.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADocumentation_5.5) (Version: 5.5 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Grafiktreiber 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 32.0.1948.69 (HKLM-x32\...\Opera 32.0.1948.69) (Version: 32.0.1948.69 - Opera Software)
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Photo Station Uploader (remove only) (HKLM-x32\...\Photo Station Uploader) (Version:  - Synology)
Populous (HKLM-x32\...\{476CD9DE-C45F-4443-BFA7-E51C58B7E455}) (Version: 1.0.0.0 - Electronic Arts)
Process Hacker 2.35 (r5898) (HKLM\...\Process_Hacker2_is1) (Version: 2.35.0.5898 - wj32)
ProjectLibre (HKLM-x32\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
Quick Checksum Verifier (64-Bit) (HKLM-x32\...\QCV) (Version: 1.1.6.2 - Bitdreamers)
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Rapture3D 2.3.26 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Sound Blaster Recon3D PCIe (HKLM-x32\...\{CA0A90CB-F659-4E0B-B2A2-C8CF4B752AEC}) (Version: 1.01.26 - Creative Technology Limited)
Sound Blaster Recon3D PCIe Extras (HKLM-x32\...\{204FCF73-1450-407D-BCF9-1233EC5F5787}) (Version: 1.0 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-1137705209-1149081475-1850392428-1000\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
Spotify (HKU\S-1-5-21-1137705209-1149081475-1850392428-501\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarCraft II - Legacy of the Void Beta (HKLM-x32\...\StarCraft II - Legacy of the Void Beta) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.59.30483 - SteelSeries)
Street Fighter X Tekken (x32 Version: 1.0.0004.130 - CAPCOM U.S.A., INC) Hidden
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.019 - MSI)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
SurveillancePlugin (HKLM-x32\...\{DF215815-ECF4-4670-89D2-7A2B590810B0}) (Version: 1.0.0.746 - Synology)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
Synology Cloud Station (HKLM-x32\...\{8051713F-C932-4D20-8E03-406BDD5681A7}) (Version: 3.2.3487 - Synology)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VNC Viewer 5.0.6 (HKLM\...\RealVNCViewer_is1) (Version: 5.0.6 - RealVNC Ltd)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
WebViewer Plugin (HKLM-x32\...\InstallShield_{2DEF112F-847B-4DC4-9FC9-97EB52E2D7FC}) (Version: 2.1.0.03 - Samsung Techwin Co., Ltd.)
WebViewer Plugin (x32 Version: 2.1.0.03 - Samsung Techwin Co., Ltd.) Hidden
WinAgents MIB Browser (HKLM-x32\...\WinAgents MIB Browser) (Version: 1.0 - WinAgents Software Group)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wireshark 1.12.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.7 - The Wireshark developer community, hxxp://www.wireshark.org)
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1137705209-1149081475-1850392428-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-10-17 15:38 - 00450836 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 gc.kis.scr.kaspersky-labs.com ff.kis.scr.kaspersky-labs.com ie.kis.scr.kaspersky-labs.com
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com

Da befinden sich 15470 zusätzliche Einträge.


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1C428CF9-8D59-476F-AE6E-6F60515F05AD} - System32\Tasks\Opera scheduled Autoupdate 1377350407 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-25] (Opera Software)
Task: {1F323ADB-D982-49C5-8148-7414244EA060} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {273C0568-4BD2-4E1B-8FD8-7CA10C4CD2FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2ADE4B5D-87E0-407B-91FE-95B8C9250862} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {422646F1-D9CF-4BCC-96ED-F140110FDEF9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {4C0351CE-85B7-49E1-97D8-B329103FADF3} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-11-14] ()
Task: {5B8043E9-EA67-43A1-8689-CC8FC3EFFA1C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1137705209-1149081475-1850392428-1000Core => C:\Users\Frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {648DCAB9-F92B-441F-A153-40C1678FD2CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {928D9084-2B06-4E42-A40D-BD03973E4B26} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [2012-01-05] (Realtek Semiconductor)
Task: {96084995-081E-4E06-92F1-3A7383118803} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {9661F005-1C9A-44E1-9FCE-3C4ECEBCD8B9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1137705209-1149081475-1850392428-1000UA => C:\Users\Frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {A0965C4F-84B0-4358-A27A-F7AD1A3D6AA2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B1FFAA6A-E256-49BF-ADCC-D2768E10653E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D30ECDB5-C060-4CA8-8F36-FFB4F41BC460} - System32\Tasks\AdobeAAMUpdater-1.0-Frank-PC-Frank => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {D63783C2-16EF-4724-8FD7-4ED825001E29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-14] (Adobe Systems Incorporated)
Task: {D6608547-69B9-4898-98EE-B21E2D3F7DFD} - System32\Tasks\{2A32FE65-E048-439C-9AB9-A02A6673A7A6} => pcalua.exe -a "E:\save\--==Install==-\treiber\wlan adapter alfa\036_Win7_PWRC\setup.exe" -d "E:\save\--==Install==-\treiber\wlan adapter alfa\036_Win7_PWRC"
Task: {E9F8189F-46A8-4B5B-A66A-06305DD0A995} - System32\Tasks\{871785C9-684E-4141-83C0-21D58A7BBEC1} => pcalua.exe -a D:\Frank\Downloads\openvpn-package\system\tapinstall.exe -d D:\Frank\Downloads\openvpn-package -c remove tap0801

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1137705209-1149081475-1850392428-1000Core.job => C:\Users\Frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1137705209-1149081475-1850392428-1000UA.job => C:\Users\Frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-02-23 21:24 - 2015-10-03 04:49 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-07 16:54 - 2013-10-07 16:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-05-11 09:12 - 2015-05-11 09:12 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2015-09-11 19:02 - 2015-09-11 19:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-16 12:02 - 2015-10-16 12:02 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-11-25 05:22 - 2014-11-25 05:22 - 00035328 _____ () C:\Program Files (x86)\Synology\Photo Station Uploader\ShellExtHandler.dll
2015-10-20 22:39 - 2015-10-20 22:39 - 01047552 _____ () C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\ContextMenu.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-07-12 16:57 - 2013-07-12 16:57 - 00665088 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2013-07-12 16:57 - 2013-07-12 16:57 - 00175104 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2015-08-23 01:01 - 2015-08-23 01:01 - 00089915 ____N () C:\Users\Frank\AppData\Local\Temp\70aeaca4-098f-4bcc-b0fa-e2544fb40678\CliSecureRT64.dll
2013-07-12 16:57 - 2013-07-12 16:57 - 00278528 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2013-07-12 16:57 - 2013-07-12 16:57 - 00139776 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2013-07-12 16:57 - 2013-07-12 16:57 - 00148480 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2013-07-12 16:57 - 2013-07-12 16:57 - 00145408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2013-01-10 07:46 - 2013-01-10 07:46 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2013-07-12 16:57 - 2013-07-12 16:57 - 09519104 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2013-01-10 07:46 - 2013-01-10 07:46 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2013-07-12 16:57 - 2013-07-12 16:57 - 00209408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CustomWPFColorPicker.dll
2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-09-11 19:01 - 2015-09-11 19:01 - 31958688 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\kpcengine.2.3.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 16:47 - 2013-10-07 16:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 16:44 - 2013-10-07 16:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2015-10-21 03:20 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-21 03:20 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-21 03:20 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-21 03:20 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-21 03:20 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-08-15 12:19 - 2015-10-12 05:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-21 11:16 - 2015-10-21 11:16 - 00071168 _____ () c:\users\Frank\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgrrgo9.dll
2015-09-05 09:48 - 2015-09-24 01:07 - 00012800 _____ () C:\Users\Frank\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-09-05 09:48 - 2015-09-24 01:07 - 00779776 _____ () C:\Users\Frank\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-05 09:48 - 2015-09-24 01:07 - 00056320 _____ () C:\Users\Frank\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-09-05 09:48 - 2015-09-24 01:07 - 00012288 _____ () C:\Users\Frank\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-12-19 10:58 - 2012-12-19 10:58 - 00741376 _____ () C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\de-DE\SBRnPCIe.resources.dll
2015-09-15 08:08 - 2015-09-15 08:08 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-09-15 08:08 - 2015-09-15 08:08 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-09-15 08:08 - 2015-09-15 08:08 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2015-10-16 12:02 - 2015-10-16 12:02 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-09-11 16:39 - 2015-09-11 16:39 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00121856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ref\build\Release\binding.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00122880 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ffi\build\Release\ffi_bindings.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00085504 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00086016 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2013-12-11 10:10 - 2015-09-26 17:56 - 02812928 _____ () C:\Program Files (x86)\Notepad++\plugins\JSLintNpp.dll
2011-07-18 23:07 - 2011-07-18 23:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-07 01:42 - 2014-01-07 01:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2013-03-12 18:10 - 2015-10-05 18:18 - 00778752 _____ () E:\Games\steam\SDL2.dll
2015-02-03 22:49 - 2015-07-03 18:12 - 04962816 _____ () E:\Games\steam\v8.dll
2015-02-03 22:49 - 2015-07-03 18:12 - 01556992 _____ () E:\Games\steam\icui18n.dll
2015-02-03 22:49 - 2015-07-03 18:12 - 01187840 _____ () E:\Games\steam\icuuc.dll
2014-05-21 19:56 - 2015-10-14 22:56 - 02423376 _____ () E:\Games\steam\video.dll
2014-11-02 11:37 - 2015-09-24 02:33 - 02549248 _____ () E:\Games\steam\libavcodec-56.dll
2014-11-02 11:37 - 2015-09-24 02:33 - 00442880 _____ () E:\Games\steam\libavutil-54.dll
2014-11-02 11:37 - 2015-09-24 02:33 - 00491008 _____ () E:\Games\steam\libavformat-56.dll
2014-11-02 11:37 - 2015-09-24 02:33 - 00332800 _____ () E:\Games\steam\libavresample-2.dll
2014-11-02 11:37 - 2015-09-24 02:33 - 00485888 _____ () E:\Games\steam\libswscale-3.dll
2013-07-28 03:10 - 2015-10-14 22:56 - 00705104 _____ () E:\Games\steam\bin\chromehtml.DLL
2015-08-01 12:57 - 2015-10-09 20:13 - 00193024 _____ () E:\Games\steam\bin\openvr_api.dll
2013-07-28 03:10 - 2015-10-09 00:20 - 45010208 _____ () E:\Games\steam\bin\libcef.dll
2015-02-03 22:49 - 2015-09-25 01:56 - 00119208 _____ () E:\Games\steam\winh264.dll
2015-10-21 03:20 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00338216 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00502056 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00608040 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2015-10-15 02:39 - 2015-10-09 02:53 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll
2015-10-15 02:39 - 2015-10-09 02:53 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Frank\umsätze lexware.ods:com.dropbox.attributes
AlternateDataStreams: C:\Users\Frank\umsätze.ods:com.dropbox.attributes

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 15749 mehr eingeschränkte Seiten.

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1137705209-1149081475-1850392428-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1137705209-1149081475-1850392428-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: CLKMSVC10_38F51D56 => 2
MSCONFIG\Services: CSObjectsSrv => 2
MSCONFIG\Services: CtHdaSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiSuiteOuc64.exe => 3
MSCONFIG\Services: HuaweiHiSuiteService64.exe => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSI_SuperCharger => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: RadioRage_4jService => 2
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RalinkRegistryWriter64 => 2
MSCONFIG\Services: RaMediaServer => 3
MSCONFIG\Services: Realtek87B => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: spiceworks => 2
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk => C:\Windows\pss\GIGABYTE OC_GURU.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\Windows\pss\Ralink Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Frank^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Badoo Desktop => C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ControlCenterCount => C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: GLSystray => C:\Program Files (x86)\GLPCCamera\monitorpad.exe
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Live Update 5 => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: RadioRage EPM Support => "C:\PROGRA~2\RADIOR~1\bar\1.bin\4jmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: RadioRage Home Page Guard 64 bit => "C:\PROGRA~2\RADIOR~1\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: RadioRage Search Scope Monitor => "C:\PROGRA~2\RADIOR~1\bar\1.bin\4jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{6911C1DE-CEEF-4552-B18D-97F09CD3E070}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{EB3858EE-25D2-43A3-B560-06E6F3F90181}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [TCP Query User{13451CB4-CEDB-4B3B-9C4B-A7A300770A56}C:\users\Frank\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Frank\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B52A7BD4-285E-411F-A860-57AD4A1E10B3}C:\users\Frank\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Frank\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1B883314-63D0-4EC4-9CC5-EDBE6B5F7066}] => (Block) C:\users\Frank\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C62C9509-AF2C-43C4-AD9D-8655DF593543}] => (Block) C:\users\Frank\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E56750C1-719F-46A7-AE71-6ED05254A40D}] => (Allow) E:\Games\steam\Steam.exe
FirewallRules: [{94FA83A9-6834-4623-A88B-349F6A27EEB4}] => (Allow) E:\Games\steam\Steam.exe
FirewallRules: [{7FF72D30-0A0A-4C01-B0F5-66F2DE84F902}] => (Allow) E:\Games\steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{489BB777-33BF-4FCC-A38E-E1704881EFA6}] => (Allow) E:\Games\steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B20246CF-DB1B-4032-9491-8E53416B37CA}] => (Allow) E:\Games\steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{98B81843-A1AB-44E3-9D13-7D3539BC6EE8}] => (Allow) E:\Games\steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{ED244336-0842-453B-8C65-29969EFB65E5}] => (Allow) E:\Games\steam\SteamApps\common\InfinityWars\Infinity Wars TCG.exe
FirewallRules: [{DB6D6639-D30C-4216-931A-B04D8EEE47D8}] => (Allow) E:\Games\steam\SteamApps\common\InfinityWars\Infinity Wars TCG.exe
FirewallRules: [{9FD33206-5E82-4BFE-9F66-B33AC48B33FD}] => (Allow) E:\Games\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B3FE81BB-B4CB-4F65-8389-4CB7E53B310C}] => (Allow) E:\Games\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4C23E333-CD5A-4582-9A5F-DD22C9E252D9}] => (Allow) E:\Games\steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{54FEA1E7-7DA6-4A92-A8B5-FA1746AE26AD}] => (Allow) E:\Games\steam\SteamApps\common\Wolfenstein.The.New.Order\WolfNewOrder_x64.exe
FirewallRules: [{E9E19335-03E5-4540-B9DA-4FB7A0527517}] => (Allow) E:\Games\steam\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{912E0F51-9AFF-420F-ACDE-9EA5B8CF98E7}] => (Allow) E:\Games\steam\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{447F83FC-68C8-4712-9DD3-3E2BEACA6677}] => (Allow) E:\Games\steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{28031A64-4FF3-428C-861E-ED3B4116C578}] => (Allow) E:\Games\steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{45A6770A-4AC3-49F1-8D14-5D9FB3425E59}] => (Allow) E:\Games\Origin\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{2D4CC406-08B9-42BA-B61F-2C1DBF06C9E2}] => (Allow) E:\Games\Origin\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{BD489350-A3CF-4BF4-B7E1-3C8AAC9403B3}] => (Allow) E:\Games\steam\SteamApps\common\super street fighter iv - arcade edition\SSFIV.exe
FirewallRules: [{082AC8EE-C3D1-4A8B-BE0A-AB47AB1B1223}] => (Allow) E:\Games\steam\SteamApps\common\super street fighter iv - arcade edition\SSFIV.exe
FirewallRules: [TCP Query User{A586096C-4E6B-4AA6-8562-FDB091F76C59}C:\users\Frank\appdata\local\apps\2.0\qrzcdxx3.527\cy94kae8.t4r\laun...app_59711684aa47878d_0001.0023_b6f7e29e26be9250\launcher.exe] => (Allow) C:\users\Frank\appdata\local\apps\2.0\qrzcdxx3.527\cy94kae8.t4r\laun...app_59711684aa47878d_0001.0023_b6f7e29e26be9250\launcher.exe
FirewallRules: [UDP Query User{1A4826BB-0C4F-4531-B2DF-1147AFFAC9E4}C:\users\Frank\appdata\local\apps\2.0\qrzcdxx3.527\cy94kae8.t4r\laun...app_59711684aa47878d_0001.0023_b6f7e29e26be9250\launcher.exe] => (Allow) C:\users\Frank\appdata\local\apps\2.0\qrzcdxx3.527\cy94kae8.t4r\laun...app_59711684aa47878d_0001.0023_b6f7e29e26be9250\launcher.exe
FirewallRules: [TCP Query User{B1C6B99F-7363-4FC0-B0CB-63D8A1EDC465}D:\games\ghost recon phantoms\pdc-live\ghostreconphantoms.exe] => (Allow) D:\games\ghost recon phantoms\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{96B8A2AB-36D1-4E9D-B564-92965EEC99DC}D:\games\ghost recon phantoms\pdc-live\ghostreconphantoms.exe] => (Allow) D:\games\ghost recon phantoms\pdc-live\ghostreconphantoms.exe
FirewallRules: [{8A77D2C2-5A52-4A2B-818B-3199D588C083}] => (Allow) E:\Games\steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{BCFB3C1C-E161-4819-8233-9A3FF3D4DD20}] => (Allow) E:\Games\steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{87301397-60D7-4417-9500-5B4C4B0D29CA}] => (Allow) E:\Games\steam\SteamApps\common\Dirt 2\dirt2.exe
FirewallRules: [{D1D6F2C2-1252-4DD7-A314-75C0A8C30E05}] => (Allow) E:\Games\steam\SteamApps\common\Dirt 2\dirt2.exe
FirewallRules: [TCP Query User{14B538EC-676E-473D-9B43-668E2DDC55BD}E:\games\steam\steamapps\common\dirt 2\dirt2_game.exe] => (Allow) E:\games\steam\steamapps\common\dirt 2\dirt2_game.exe
FirewallRules: [UDP Query User{6812CCE2-E821-42BC-ABF7-F40FF6924FD3}E:\games\steam\steamapps\common\dirt 2\dirt2_game.exe] => (Allow) E:\games\steam\steamapps\common\dirt 2\dirt2_game.exe
FirewallRules: [TCP Query User{68513B92-B5FD-4312-8690-F3CAB57AE4B9}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{1D321492-7B50-4279-AA37-93C7517D36E1}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [{BE852F92-9935-4DD2-AD99-CFC12B99A782}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Kane & Lynch 2 - Dog Days\kl2.exe
FirewallRules: [{3245925E-15DF-454C-8172-14F452CF494C}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Kane & Lynch 2 - Dog Days\kl2.exe
FirewallRules: [TCP Query User{F949F2DD-7A77-455D-A4E4-D1ABA1CE5555}C:\users\Frank\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\Frank\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [UDP Query User{74CA5756-94BA-4C24-B9DD-3B7DB4670AD6}C:\users\Frank\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\Frank\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [{4709684E-743C-478C-9835-076E3A47FCB4}] => (Allow) C:\Users\Frank\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7024A1A9-4F4D-4DF1-AEF0-A09B9B1069F7}] => (Allow) C:\Users\Frank\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{49F44E75-D95C-4F6A-AC52-036F42789C30}] => (Allow) E:\Games\steam\bin\steamwebhelper.exe
FirewallRules: [{A282533E-4C72-44AC-953E-DA1C3D152496}] => (Allow) E:\Games\steam\bin\steamwebhelper.exe
FirewallRules: [{941EED1D-17F2-4AA6-8FE3-9A5471323BA3}] => (Allow) E:\Games\Origin\Wing Commander III\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{FB7D9FF9-3C91-43A7-8913-E7B7DE7C1B83}] => (Allow) E:\Games\Origin\Wing Commander III\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{EB329881-CF9F-4022-BF5E-2249B7592E2C}] => (Allow) LPort=1542
FirewallRules: [{6913247E-1246-4AC8-9450-51894EEDB88B}] => (Allow) LPort=1542
FirewallRules: [{393A89AF-5462-46D7-B941-D8CF9A99078F}] => (Allow) LPort=53
FirewallRules: [{E13BD31E-D7DF-4ADE-B63D-80D2230CDE18}] => (Allow) LPort=1542
FirewallRules: [{48A987A4-6C2F-41F1-84A7-A8C4F86EF216}] => (Allow) LPort=1542
FirewallRules: [{24693BBC-E05A-410C-B5F5-FFBF0B7BD617}] => (Allow) LPort=53
FirewallRules: [{C204737C-F231-4C87-80DE-CC2971B77A6A}] => (Allow) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
FirewallRules: [{BC8219A6-8F0B-4AF5-B7BF-FB8655D97E09}] => (Allow) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
FirewallRules: [TCP Query User{91CAD5E9-A0F1-4CF2-A703-99F3DF6B25CB}E:\games\origin\fifa 14\game\fifa14.exe] => (Allow) E:\games\origin\fifa 14\game\fifa14.exe
FirewallRules: [UDP Query User{D86267E0-DB48-4F3E-8B57-B6BEF7AE8EA7}E:\games\origin\fifa 14\game\fifa14.exe] => (Allow) E:\games\origin\fifa 14\game\fifa14.exe
FirewallRules: [{6A532355-83E3-4058-BF45-71C486842458}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{FF8496CE-A553-4FAC-929F-581C4415A4DB}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{A8B4AAE0-B6FA-4918-B04C-2C4524C04E62}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{BF84EF89-7E2B-49DB-8D48-BE669FD601C8}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [TCP Query User{F3EEF87D-0E5B-4DE3-9BF6-1D83EFD7C121}C:\spiele\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\spiele\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{76EA740C-EA77-4096-89B8-8FF863A80B64}C:\spiele\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\spiele\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{7B6A8B8C-22E1-436E-877E-B7C5B2DBC179}] => (Allow) E:\Games\steam\SteamApps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{533BCC89-E5E5-408E-8910-E84A116CB32F}] => (Allow) E:\Games\steam\SteamApps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{485287EE-EE49-497F-BBF6-8379ADF06498}] => (Allow) E:\Games\steam\SteamApps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{79B632F0-CF6B-44F7-B880-820E530B09CC}] => (Allow) E:\Games\steam\SteamApps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [TCP Query User{E32045DE-F09A-42C9-9A20-74AC80250C11}D:\Frank\downloads\openvpn-package\system\openvpn.exe] => (Allow) D:\Frank\downloads\openvpn-package\system\openvpn.exe
FirewallRules: [UDP Query User{8BC811D4-0DDD-4BA9-BE9F-0CCD0FD063F3}D:\Frank\downloads\openvpn-package\system\openvpn.exe] => (Allow) D:\Frank\downloads\openvpn-package\system\openvpn.exe
FirewallRules: [{8A0F8112-89F9-444D-BDA9-0A157205E017}] => (Block) D:\Frank\downloads\openvpn-package\system\openvpn.exe
FirewallRules: [{96FD1E06-6E1C-41FD-A7E9-0B7EA99929C7}] => (Block) D:\Frank\downloads\openvpn-package\system\openvpn.exe
FirewallRules: [{AE4A8B5B-4CDA-4C57-8ABA-F2E9C99195AB}] => (Allow) C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C89A736B-C94A-41B5-8063-D1B1D262C7B3}] => (Allow) C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BA43CC7B-5CD8-4B93-A6FF-2036D3208DDF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C5B719B7-A791-4C59-964E-A4861DEE4F4B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1BB6A5A-A051-4921-B555-8A331F685FA6}] => (Allow) E:\Games\steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{94451834-1DF1-4291-A89B-45891297028C}] => (Allow) E:\Games\steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [TCP Query User{468B742B-A5A2-46ED-8266-AA806DE9255E}E:\games\steam\steamapps\common\war thunder\launcher.exe] => (Allow) E:\games\steam\steamapps\common\war thunder\launcher.exe
FirewallRules: [UDP Query User{61748C69-2845-4A0D-B45C-F619A4C664FA}E:\games\steam\steamapps\common\war thunder\launcher.exe] => (Allow) E:\games\steam\steamapps\common\war thunder\launcher.exe
FirewallRules: [TCP Query User{9A5E29DE-4804-4B74-BC09-E0A81026D53C}E:\games\steam\steamapps\common\war thunder\aces.exe] => (Allow) E:\games\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{62E70325-9DC6-426E-8B5A-AA72F7DD6FA6}E:\games\steam\steamapps\common\war thunder\aces.exe] => (Allow) E:\games\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{B74ADC7B-6D27-4B76-A00C-FDE463759E5D}] => (Allow) E:\Games\steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{B3C4F148-AF4E-4052-8AA2-5840F1AE099B}] => (Allow) E:\Games\steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{5D961960-3BBA-428B-AA2A-AF53210F895A}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{91E8D4D8-6EC6-47BC-AFED-F2387FA048AF}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{FE2B235C-66F9-4F1E-91B5-6E066FF0F0BB}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{D12242A4-DA50-4464-9209-15927D4DAA8D}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{FFA91C76-8371-4094-92E4-0054ACAA2D2D}] => (Allow) E:\Games\steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{05914CD7-E500-4162-85EA-D15F44837225}] => (Allow) E:\Games\steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{EDAF7FFD-AD68-4329-B1E6-47B03988C617}] => (Allow) E:\Games\steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{72E26A36-56CF-4F38-AE4F-9107FB022196}] => (Allow) E:\Games\steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{818BE380-CACD-42E5-85E8-7772CFEAF87C}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{AE4EFAC9-E972-4150-8D13-AD9F27DCC261}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{0DB1AD9A-ACB7-4782-B07A-BC8664BDD3BD}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{439054F7-A2E0-4299-9FEE-ACD27EC17CB1}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Supreme Commander 2\bin\SupremeCommander2.exe
FirewallRules: [{4275F270-E7AE-4486-86DB-AE403933A544}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{A450EE08-5810-4B74-9C69-AFDB32941A27}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{05BD3FD4-F092-4BB7-8FF1-A75B1571F84E}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{8CAA2CE8-F4E6-44D8-8E5D-565D58C8467A}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [TCP Query User{45884BDC-8FBD-4721-815A-8C8575396AAB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0F16A6CB-37BF-4368-A654-AA7002DC20C1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{27841DEB-897A-455F-89A4-B0383B83BC20}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [UDP Query User{558E788A-84C1-4FDC-8B56-B7FF477265CC}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [TCP Query User{894F2009-10C1-40F2-B1BB-791B5E47F591}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{3B12CCFB-3B95-4A3B-9D84-EF23214F0149}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{4FAD680B-B3D0-4C85-A618-AC1FD5B2D7C5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D4A05FFF-7EDD-4DE4-9209-E47C51AE5886}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{3F6DE09A-D3CC-42AA-8608-B3275BF73921}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{D46EB5AE-7B72-4EF6-AF05-7D7681BACBDB}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{4E446230-0C7D-4722-A3FD-2118D6D5802E}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{822C9F7A-B5D0-41C0-80D4-C7EC75A9F923}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{1CF9B1F8-2034-4B1E-9536-0C175ED62A7A}D:\litecoin\litecoin-qt.exe] => (Allow) D:\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{A7619D01-7B41-42F2-BA8E-0F30225FFB66}D:\litecoin\litecoin-qt.exe] => (Allow) D:\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{453C18E7-7CFB-448F-9667-9D316BC1DC2A}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{4057778D-B9AA-4728-B640-31EF2F08D505}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe
FirewallRules: [{43B966C0-1254-4A1C-AEF3-BBF550F465DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{50DAB843-8A95-48AB-961A-7856170B36C6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{55A38B8E-4E2C-42AB-B79A-6FC653C7A8C1}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Infinite Crisis Steam\TurbineLauncher.exe
FirewallRules: [{6213BC15-05FC-4584-B6A2-930C7538353A}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\Infinite Crisis Steam\TurbineLauncher.exe
FirewallRules: [{4D0CA756-04EA-4AFF-B4A9-4FCF5CCC5A9A}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{98F24AFD-E17B-42E3-9615-DA6B771509DD}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{A1AAD3EC-721A-4C49-82C0-878C879E9683}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{DBEB91A0-4496-45D8-84CA-EF43E0D4CE38}] => (Allow) D:\Games\SteamLibrary\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{8E5777A3-048D-4187-B790-DF53F54C17A8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CA954CC2-1219-4E2C-B15C-9095EA776B7B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{08FEB142-BCD7-4A73-B4E1-15669AA022B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8D9DBEB0-0A00-4E80-B4A2-3FD9FDC9D56C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CEFCB100-C8F5-46B0-A030-445C79E79BBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{18E80BE7-BF73-44E3-9E4B-95FE68146602}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{31DB8AA9-F6BB-4CEF-AFC4-E57FCA71C437}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E7543B95-0BF0-40EB-9E44-A31C0259ED57}] => (Allow) E:\Games\Origin\FIFA 14\Game\fifa14.exe
FirewallRules: [{0F197C0C-2C33-4AC7-86C9-3DCD3D7AFA40}] => (Allow) E:\Games\Origin\FIFA 14\Game\fifa14.exe
FirewallRules: [TCP Query User{7A1EFCDC-6186-4B3D-A99D-6FBD0D24DE4F}D:\xampp\mysql\bin\mysqld.exe] => (Allow) D:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{67E5EBEA-3064-4710-B0AA-799DA2D955E7}D:\xampp\mysql\bin\mysqld.exe] => (Allow) D:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{650D96CB-9F64-49FD-B6CA-F231AD920373}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: BitDefender Firewall NDIS 6 Filter Driver
Description: BitDefender Firewall NDIS 6 Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BdfNdisf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: AVM VPN Miniport #8
Description: AVM VPN Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: AVM Berlin
Service: NWIM
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: AVM VPN Miniport #12
Description: AVM VPN Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: AVM Berlin
Service: NWIM
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/21/2015 12:07:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDRootAlyzer.exe, Version 2.4.40.116 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b4c

Startzeit: 01d10be1d4448fa6

Endzeit: 1

Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe

Berichts-ID: 833ee617-77db-11e5-88ca-080027002c8d

Error: (10/21/2015 11:31:41 AM) (Source: MsiInstaller) (EventID: 1024) (User: Frank-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6700}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/21/2015 11:16:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2015 03:07:38 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/21/2015 02:00:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: prl_stat.exe, Version: 16.0.0.6514, Zeitstempel: 0x51535cce
Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3
Ausnahmecode: 0x40000015
Fehleroffset: 0x000046b4
ID des fehlerhaften Prozesses: 0x31f4
Startzeit der fehlerhaften Anwendung: 0xprl_stat.exe0
Pfad der fehlerhaften Anwendung: prl_stat.exe1
Pfad des fehlerhaften Moduls: prl_stat.exe2
Berichtskennung: prl_stat.exe3

Error: (10/20/2015 10:03:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/20/2015 05:41:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/20/2015 02:00:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: prl_stat.exe, Version: 16.0.0.6514, Zeitstempel: 0x51535cce
Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3
Ausnahmecode: 0x40000015
Fehleroffset: 0x000046b4
ID des fehlerhaften Prozesses: 0x12f8
Startzeit der fehlerhaften Anwendung: 0xprl_stat.exe0
Pfad der fehlerhaften Anwendung: prl_stat.exe1
Pfad des fehlerhaften Moduls: prl_stat.exe2
Berichtskennung: prl_stat.exe3

Error: (10/20/2015 12:39:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/20/2015 12:39:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


Systemfehler:
=============
Error: (10/21/2015 11:16:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
BdfNdisf

Error: (10/21/2015 11:16:42 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Routing und RAS" wurde mit folgendem dienstspezifischem Fehler beendet: %%31.

Error: (10/21/2015 11:16:40 AM) (Source: RemoteAccess) (EventID: 20103) (User: )
Description: C:\Windows\System32\iprtrmgr.dll kann nicht geladen werden.

Error: (10/21/2015 11:16:06 AM) (Source: iScsiPrt) (EventID: 70) (User: )
Description: Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.

Error: (10/21/2015 11:16:06 AM) (Source: iScsiPrt) (EventID: 1) (User: )
Description: Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden. Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.

Error: (10/21/2015 11:16:04 AM) (Source: iScsiPrt) (EventID: 1) (User: )
Description: Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden. Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.

Error: (10/21/2015 09:16:36 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/21/2015 09:16:33 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/21/2015 09:16:29 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/21/2015 09:16:27 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.


CodeIntegrity:
===================================
  Date: 2014-10-15 21:00:25.091
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 21:00:25.090
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 21:00:25.089
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 21:00:25.086
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 3\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 21:00:25.085
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 3\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 21:00:25.084
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 3\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:53:29.568
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:53:29.568
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:53:29.568
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:53:29.568
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 3\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 28%
Installierter physikalischer RAM: 16333.1 MB
Verfügbarer physikalischer RAM: 11639.41 MB
Summe virtueller Speicher: 32664.41 MB
Verfügbarer virtueller Speicher: 27423.04 MB

==================== Laufwerke ================================

Drive c: (SSD 256GB) (Fixed) (Total:238.25 GB) (Free:53.9 GB) NTFS
Drive d: (Win) (Fixed) (Total:1708.98 GB) (Free:359.49 GB) NTFS
Drive e: (Daten) (Fixed) (Total:1085.41 GB) (Free:398.23 GB) NTFS
Drive f: (Reparaturdatenträger Windows 7 6) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive h: (Filme) (Fixed) (Total:596.05 GB) (Free:595.91 GB) NTFS
Drive i: (Musik) (Fixed) (Total:232.76 GB) (Free:232.63 GB) NTFS
Drive j: (Volume) (Fixed) (Total:4.97 GB) (Free:4.88 GB) NTFS
Drive t: (Images) (Network) (Total:2746.13 GB) (Free:2033.14 GB) NTFS
Drive u: (Programme) (Network) (Total:2746.13 GB) (Free:2033.14 GB) NTFS
Drive v: (Frank) (Network) (Total:2746.13 GB) (Free:2033.14 GB) NTFS
Drive w: (music) (Network) (Total:2746.13 GB) (Free:2033.14 GB) NTFS
Drive x: (home) (Network) (Total:2746.13 GB) (Free:2033.14 GB) NTFS
Drive y: (video) (Network) (Total:2746.13 GB) (Free:2033.14 GB) NTFS
Drive z: (photo) (Network) (Total:2746.13 GB) (Free:2033.14 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 1A6CF102)

Partition: GPT.

========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 3ECA9A6B)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================
Code:
ATTFilter
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-10-21 16:06:32
-----------------------------
16:06:32.297    OS Version: Windows x64 6.1.7601 Service Pack 1
16:06:32.297    Number of processors: 8 586 0x3A09
16:06:32.298    ComputerName: Frank-PC  UserName: Frank
16:06:32.720    Initialize success
16:06:32.739    VM: initialized successfully
16:06:32.740    VM: Intel CPU supported 
16:06:38.187    VM: disk I/O iaStorA.sys
16:08:33.857    AVAST engine defs: 15102100
16:15:08.519    Disk 0  \Device\Harddisk0\DR0 -> \Device\0000008c
16:15:08.522    Disk 0 Vendor: WDC_____ 80.0 Size: 2861588MB BusType: 

11
16:15:08.523    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device

\0000008d
16:15:08.525    Disk 1 Vendor: ADATA___ 5.0. Size: 244198MB BusType: 

11
16:15:08.526    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000008e
16:15:08.527    Disk 2 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 

11
16:15:08.529    Disk 3  \Device\Harddisk3\DR3 -> \Device\0000008f
16:15:08.530    Disk 3 Vendor: SAMSUNG_ VT10 Size: 238475MB BusType: 

11
16:15:08.532    Disk 4  \Device\Harddisk4\DR4 -> \Device\000000be
16:15:08.534    Disk 4 Vendor: SYNOLOGY 3.1 Size: 5120MB BusType: 9
16:15:08.542    Disk 1 MBR read successfully
16:15:08.544    Disk 1 MBR scan
16:15:08.547    Disk 1 unknown MBR code
16:15:08.550    Disk 1 Partition 1 00     EE          GPT           

2097151 MB offset 1
16:15:08.558    Disk 1 scanning C:\Windows\system32\drivers
16:15:10.899    Service scanning
16:15:17.063    Modules scanning
16:15:17.066    Disk 1 trace - called modules:
16:15:17.071    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys 

storport.sys hal.dll iaStorA.sys 
16:15:17.074    1 nt!IofCallDriver -> \Device\Harddisk1\DR1

[0xfffffa800f354790]
16:15:17.077    3 CLASSPNP.SYS[fffff88001f7843f] -> nt!IofCallDriver 

-> [0xfffffa800f282c50]
16:15:17.080    5 iaStorF.sys[fffff880025dfa84] -> nt!IofCallDriver -> 

\Device\0000008d[0xfffffa800caa39c0]
16:15:17.509    AVAST engine scan C:\Windows
16:15:17.933    AVAST engine scan C:\Windows\system32
16:16:21.100    AVAST engine scan C:\Windows\system32\drivers
16:16:25.051    AVAST engine scan C:\Users\Frank
16:18:47.910    AVAST engine scan C:\ProgramData
16:20:06.453    Disk 1 statistics 5453002/0/0 @ 27,45 MB/s
16:20:06.457    Scan finished successfully
16:31:18.805    Disk 1 MBR has been saved successfully to "C:\scan

\MBR.dat"
16:31:18.808    The log file has been saved successfully to "C:\scan

\aswMBR.txt"
Bootkit remover
Code:
ATTFilter
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7  Service Pack 1 (build 7601), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`0e500000
Boot sector MD5 is: 023fb285bf9850ccc10287a3a8db3603

     Size  Device Name          MBR Status
 --------------------------------------------
   238 GB  \\.\PhysicalDrive1   Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
__________________

Geändert von FrankW187 (21.10.2015 um 19:33 Uhr) Grund: CODE Tags

Alt 21.10.2015, 19:31   #3
FrankW187
 
Pc spinnt / Unknown MBR Code... Bootkit? - Standard

Pc spinnt / Unknown MBR Code... Bootkit?


GMER Teil1
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-10-21 16:58:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\0000008d ADATA___ rev.5.0. 238,47GB
Running: 5c8nd3vo.exe; Driver: C:\Users\Frank\AppData\Local\Temp\kxldapog.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                       0000000077661401 2 bytes JMP 771bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                         0000000077661419 2 bytes JMP 771bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                       0000000077661431 2 bytes JMP 77238fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                       000000007766144a 2 bytes CALL 7719489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                               * 9
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                          00000000776614dd 2 bytes JMP 772388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                   00000000776614f5 2 bytes JMP 77238aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                          000000007766150d 2 bytes JMP 772387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                   0000000077661525 2 bytes JMP 77238b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                         000000007766153d 2 bytes JMP 771afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                              0000000077661555 2 bytes JMP 771b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                       000000007766156d 2 bytes JMP 77239089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                         0000000077661585 2 bytes JMP 77238bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                            000000007766159d 2 bytes JMP 7723877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                         00000000776615b5 2 bytes JMP 771afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                       00000000776615cd 2 bytes JMP 771bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                   00000000776616b2 2 bytes JMP 77238f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                   00000000776616bd 2 bytes JMP 77238713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                  0000000077661401 2 bytes JMP 771bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                    0000000077661419 2 bytes JMP 771bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                  0000000077661431 2 bytes JMP 77238fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                  000000007766144a 2 bytes CALL 7719489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                               * 9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                     00000000776614dd 2 bytes JMP 772388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                              00000000776614f5 2 bytes JMP 77238aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                     000000007766150d 2 bytes JMP 772387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                              0000000077661525 2 bytes JMP 77238b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                    000000007766153d 2 bytes JMP 771afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                         0000000077661555 2 bytes JMP 771b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                  000000007766156d 2 bytes JMP 77239089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                    0000000077661585 2 bytes JMP 77238bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                       000000007766159d 2 bytes JMP 7723877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                    00000000776615b5 2 bytes JMP 771afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                  00000000776615cd 2 bytes JMP 771bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                              00000000776616b2 2 bytes JMP 77238f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                              00000000776616bd 2 bytes JMP 77238713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                      0000000077661401 2 bytes JMP 771bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                        0000000077661419 2 bytes JMP 771bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                      0000000077661431 2 bytes JMP 77238fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                      000000007766144a 2 bytes CALL 7719489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                               * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                         00000000776614dd 2 bytes JMP 772388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                  00000000776614f5 2 bytes JMP 77238aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                         000000007766150d 2 bytes JMP 772387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                  0000000077661525 2 bytes JMP 77238b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                        000000007766153d 2 bytes JMP 771afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                             0000000077661555 2 bytes JMP 771b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                      000000007766156d 2 bytes JMP 77239089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                        0000000077661585 2 bytes JMP 77238bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                           000000007766159d 2 bytes JMP 7723877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                        00000000776615b5 2 bytes JMP 771afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                      00000000776615cd 2 bytes JMP 771bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                  00000000776616b2 2 bytes JMP 77238f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2616] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                  00000000776616bd 2 bytes JMP 77238713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                        00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                       00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                          00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                              00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                            00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                                00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                            00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                    00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                  00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                        00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                      00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                          00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                          00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                        00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                        00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                      0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                      0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                   0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                          0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                       00000000770e2ab1 5 bytes JMP 0000000100c8fa56
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                 0000000077661401 2 bytes JMP 771bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                   0000000077661419 2 bytes JMP 771bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                 0000000077661431 2 bytes JMP 77238fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                 000000007766144a 2 bytes CALL 7719489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                               * 9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                    00000000776614dd 2 bytes JMP 772388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                             00000000776614f5 2 bytes JMP 77238aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                    000000007766150d 2 bytes JMP 772387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                             0000000077661525 2 bytes JMP 77238b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                   000000007766153d 2 bytes JMP 771afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                        0000000077661555 2 bytes JMP 771b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                 000000007766156d 2 bytes JMP 77239089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                   0000000077661585 2 bytes JMP 77238bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                      000000007766159d 2 bytes JMP 7723877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                   00000000776615b5 2 bytes JMP 771afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                 00000000776615cd 2 bytes JMP 771bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                             00000000776616b2 2 bytes JMP 77238f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                             00000000776616bd 2 bytes JMP 77238713 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[4900] C:\Windows\SYSTEM32\ntdll.dll!DbgBreakPoint                                                                                           00000000774fcc90 3 bytes [8B, 40, 30]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                         00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                         00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                 00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                   00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                       00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                     00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                                         00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                     00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                             00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                           00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                 00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                               00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                   00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                   00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                 00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                 00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                               0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                               0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                            0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                         0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                         0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                   0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                 00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                 00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                         00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                        00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                           00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                               00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                             00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                 00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                             00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                     00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                   00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                         00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                       00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                           00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                           00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                         00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                         00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                       0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                       0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                    0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                 0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                 0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[4628] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                           0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                 00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                 00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                         00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                        00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                           00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                               00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                             00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                 00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                             00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                     00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                   00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                         00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                       00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                           00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                           00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                         00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                         00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                       0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                       0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                    0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                 0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                 0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4620] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                           0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                   00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                   00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                           00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                          00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                             00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                 00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                               00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                   00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                               00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                       00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                     00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                           00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                         00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                             00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                             00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                           00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                           00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                         0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                         0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                      0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                   0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                   0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe[4716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                             0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                          00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                          00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                  00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                 00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                    00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                        00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                      00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                                          00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                      00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                              00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                            00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                  00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                    00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                    00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                  00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                  00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                             0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                          0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                          0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe[2512] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                    0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                        00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                        00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                               00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                  00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                      00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                    00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                        00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                    00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                            00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                          00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                              00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                  00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                  00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                              0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                              0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                           0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                        0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                        0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[5136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                  0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                       00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                       00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                               00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                              00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                 00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                     00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                   00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                       00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                   00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                           00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                         00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                               00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                             00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                 00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                 00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                               00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                               00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                             0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                             0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                          0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                       0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                       0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                 0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                        0000000077661401 2 bytes JMP 771bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                          0000000077661419 2 bytes JMP 771bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                        0000000077661431 2 bytes JMP 77238fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                        000000007766144a 2 bytes CALL 7719489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                               * 9
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                           00000000776614dd 2 bytes JMP 772388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                    00000000776614f5 2 bytes JMP 77238aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                           000000007766150d 2 bytes JMP 772387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                    0000000077661525 2 bytes JMP 77238b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                          000000007766153d 2 bytes JMP 771afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                               0000000077661555 2 bytes JMP 771b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                        000000007766156d 2 bytes JMP 77239089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                          0000000077661585 2 bytes JMP 77238bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                             000000007766159d 2 bytes JMP 7723877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                          00000000776615b5 2 bytes JMP 771afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                        00000000776615cd 2 bytes JMP 771bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                    00000000776616b2 2 bytes JMP 77238f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                    00000000776616bd 2 bytes JMP 77238713 C:\Windows\syswow64\kernel32.dll
?        C:\Windows\system32\mssprxy.dll [6080] entry point in ".rdata" section                                                                                                                                            00000000737071e6
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                            00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                            00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                    00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                   00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                      00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                          00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                        00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                            00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                        00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                              00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                    00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                      00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                    00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                  0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                  0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                               0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                            0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                            0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                      0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                             0000000077661401 2 bytes JMP 771bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                               0000000077661419 2 bytes JMP 771bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                             0000000077661431 2 bytes JMP 77238fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                             000000007766144a 2 bytes CALL 7719489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                               * 9
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                00000000776614dd 2 bytes JMP 772388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                         00000000776614f5 2 bytes JMP 77238aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                000000007766150d 2 bytes JMP 772387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                         0000000077661525 2 bytes JMP 77238b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                               000000007766153d 2 bytes JMP 771afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                    0000000077661555 2 bytes JMP 771b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                             000000007766156d 2 bytes JMP 77239089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                               0000000077661585 2 bytes JMP 77238bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                  000000007766159d 2 bytes JMP 7723877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                               00000000776615b5 2 bytes JMP 771afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                             00000000776615cd 2 bytes JMP 771bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                         00000000776616b2 2 bytes JMP 77238f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                         00000000776616bd 2 bytes JMP 77238713 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                              00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                                              00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                      00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                                     00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                        00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                            00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                                          00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                                                              00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                          00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                  00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                      00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                    00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                        00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                        00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                      00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                      00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                    0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                    0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                 0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                              0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                              0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\sysWOW64\wbem\wmiprvse.exe[6980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                        0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                          00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                          00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                  00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                 00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                    00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                        00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                      00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                          00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                      00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                              00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                            00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                  00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                    00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                    00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                  00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                  00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                             0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                          0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                          0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe[6952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                    0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                          00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                          00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                  00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                 00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                    00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                        00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                      00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                          00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                      00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                              00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                            00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                  00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                    00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                    00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                  00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                  00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                             0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                          0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                          0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                    0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                           0000000077661401 2 bytes JMP 771bb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                             0000000077661419 2 bytes JMP 771bb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                           0000000077661431 2 bytes JMP 77238fd1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                           000000007766144a 2 bytes CALL 7719489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                               * 9
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                              00000000776614dd 2 bytes JMP 772388c4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                       00000000776614f5 2 bytes JMP 77238aa0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                              000000007766150d 2 bytes JMP 772387ba C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                       0000000077661525 2 bytes JMP 77238b8a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                             000000007766153d 2 bytes JMP 771afca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                  0000000077661555 2 bytes JMP 771b68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                           000000007766156d 2 bytes JMP 77239089 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                             0000000077661585 2 bytes JMP 77238bea C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                000000007766159d 2 bytes JMP 7723877e C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                             00000000776615b5 2 bytes JMP 771afd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                           00000000776615cd 2 bytes JMP 771bb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                       00000000776616b2 2 bytes JMP 77238f4c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe[6712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                       00000000776616bd 2 bytes JMP 77238713 C:\Windows\syswow64\kernel32.dll
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                               00000000774b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                                                               00000000774b1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                                       00000000774b18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                                                      00000000774b1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                                         00000000774b1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                             00000000774b1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                                                           00000000774b1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                                                                               00000000774b2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                                           00000000774b26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                   00000000774fda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                                 00000000774fdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                       00000000774fdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                     00000000774fdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                         00000000774fde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                         00000000774fe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                       00000000774fe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                       00000000774feee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                                     0000000074e513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                                     0000000074e5146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                                  0000000074e516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                               0000000074e519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23
__________________
Alt 21.10.2015, 19:31   #4
FrankW187
 
Pc spinnt / Unknown MBR Code... Bootkit? - Standard

Pc spinnt / Unknown MBR Code... Bootkit?


GMER Teil2
Code:
ATTFilter
        0000000074e519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\scan\5c8nd3vo.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                                         0000000074e51a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Processes - GMER 2.1 ----

Library  C:\Users\Frank\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\ContextMenu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [4720](2015-10-20 20:39:48)                                          000007fee6990000
Library  C:\Users\Frank\AppData\Local\Temp\70aeaca4-098f-4bcc-b0fa-e2544fb40678\CliSecureRT64.dll (*** suspicious ***) @ C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [4900](2015-08-22 23:01:31)  0000000180000000
Process  \\?\C:\Windows\system32\wbem\WMIADAP.EXE (*** suspicious ***) @ \\?\C:\Windows\system32\wbem\WMIADAP.EXE [2760] (WMI Reverse Performance Adapter Maintenance Utility/Microsoft Corporation)(2009-07-13 23:47:22)  00000000ff0d0000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk1\DR1                                                                                                                                                                                             unknown MBR code

---- EOF - GMER 2.1 ----

Alt 23.10.2015, 09:58   #5
schrauber
/// the machine
/// TB-Ausbilder
 
Pc spinnt / Unknown MBR Code... Bootkit? - Standard

Pc spinnt / Unknown MBR Code... Bootkit?


hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.10.2015, 12:09   #6
FrankW187
 
Pc spinnt / Unknown MBR Code... Bootkit? - Standard

Pc spinnt / Unknown MBR Code... Bootkit?


Hi schrauber,

leider nichts gefunden. Unknown MBR könnte auch falsch positiv sein?
AswMBR, GMER und BootkitRemover sagen ja Unknown MBR.
Bin aber trotzdem davon überzeugt, dass hier irgendwas nicht stimmt.
Gibt es denn irgendeine Möglichkeit GPU oder UEFI zu prüfen?

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.10.23.02
  rootkit: v2015.10.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18059
Frank :: Frank-PC [administrator]

23.10.2015 12:35:42
mbar-log-2015-10-23 (12-35-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 419502
Time elapsed: 9 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Code:
ATTFilter
12:51:08.0362 0x0d6c  ============================================================
12:51:08.0362 0x0d6c  Scan started
12:51:08.0362 0x0d6c  Mode: Manual; SigCheck; TDLFS; 
12:51:08.0362 0x0d6c  ============================================================
12:51:08.0362 0x0d6c  KSN ping started
12:51:22.0088 0x0d6c  KSN ping finished: true
12:51:23.0014 0x0d6c  ================ Scan system memory ========================
12:51:23.0014 0x0d6c  System memory - ok
12:51:23.0015 0x0d6c  ================ Scan services =============================
12:51:23.0050 0x0d6c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:51:23.0064 0x0d6c  1394ohci - ok
12:51:23.0071 0x0d6c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:51:23.0080 0x0d6c  ACPI - ok
12:51:23.0083 0x0d6c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:51:23.0090 0x0d6c  AcpiPmi - ok
12:51:23.0109 0x0d6c  [ 8054C6835F89CA2367798396423608F1, 086B19922CA9DA1BD45BB1CE5E9303A137A09EC6D5971F59341A612CE3BB50BC ] AcrSch2Svc      c:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
12:51:23.0128 0x0d6c  AcrSch2Svc - ok
12:51:23.0133 0x0d6c  [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:51:23.0138 0x0d6c  AdobeARMservice - ok
12:51:23.0150 0x0d6c  [ 0D19026AB5812D3A7B9DBB386F8334D8, 3FF22476D621ECFC2C80EF63D1A90C45F672CE299DC92A874E049779EF96AB4A ] AdobeUpdateService C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
12:51:23.0163 0x0d6c  AdobeUpdateService - ok
12:51:23.0172 0x0d6c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:51:23.0183 0x0d6c  adp94xx - ok
12:51:23.0190 0x0d6c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:51:23.0199 0x0d6c  adpahci - ok
12:51:23.0204 0x0d6c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:51:23.0211 0x0d6c  adpu320 - ok
12:51:23.0215 0x0d6c  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:51:23.0222 0x0d6c  AeLookupSvc - ok
12:51:23.0228 0x0d6c  [ ABCF9C80EAACE03021BB7F450EB8993F, 8E38726C423E82954CA85266D6F38B605D010A659420A4EF99D29035A9474BFB ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
12:51:23.0238 0x0d6c  afcdp - ok
12:51:23.0289 0x0d6c  [ 3625E0DEAE06134C3B6FD4CC90329912, B2DD2931C9CD6B6C1D8BB26D78ABD095723EBEA82B2DF26DB99605B3E106CD10 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
12:51:23.0341 0x0d6c  afcdpsrv - ok
12:51:23.0354 0x0d6c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
12:51:23.0366 0x0d6c  AFD - ok
12:51:23.0369 0x0d6c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:51:23.0375 0x0d6c  agp440 - ok
12:51:23.0376 0x0d6c  AGSService - ok
12:51:23.0380 0x0d6c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:51:23.0387 0x0d6c  ALG - ok
12:51:23.0389 0x0d6c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:51:23.0395 0x0d6c  aliide - ok
12:51:23.0398 0x0d6c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:51:23.0403 0x0d6c  amdide - ok
12:51:23.0406 0x0d6c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:51:23.0413 0x0d6c  AmdK8 - ok
12:51:23.0415 0x0d6c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:51:23.0422 0x0d6c  AmdPPM - ok
12:51:23.0425 0x0d6c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:51:23.0432 0x0d6c  amdsata - ok
12:51:23.0436 0x0d6c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:51:23.0443 0x0d6c  amdsbs - ok
12:51:23.0446 0x0d6c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:51:23.0451 0x0d6c  amdxata - ok
12:51:23.0454 0x0d6c  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
12:51:23.0460 0x0d6c  AppID - ok
12:51:23.0462 0x0d6c  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:51:23.0468 0x0d6c  AppIDSvc - ok
12:51:23.0471 0x0d6c  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
12:51:23.0477 0x0d6c  Appinfo - ok
12:51:23.0481 0x0d6c  [ 1399314E38F9CF0E97ACB9352F5951EE, 13B12BAD514428028D7CAC12328EC1813E00510B44BC3388AA5E68C6056B7F4C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe
12:51:23.0486 0x0d6c  Apple Mobile Device - ok
12:51:23.0491 0x0d6c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:51:23.0499 0x0d6c  AppMgmt - ok
12:51:23.0502 0x0d6c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
12:51:23.0508 0x0d6c  arc - ok
12:51:23.0511 0x0d6c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:51:23.0517 0x0d6c  arcsas - ok
12:51:23.0527 0x0d6c  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:51:23.0534 0x0d6c  aspnet_state - ok
12:51:23.0536 0x0d6c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:51:23.0553 0x0d6c  AsyncMac - ok
12:51:23.0556 0x0d6c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:51:23.0561 0x0d6c  atapi - ok
12:51:23.0572 0x0d6c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:51:23.0586 0x0d6c  AudioEndpointBuilder - ok
12:51:23.0597 0x0d6c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:51:23.0610 0x0d6c  AudioSrv - ok
12:51:23.0619 0x0d6c  [ 81862C2A991036C85FDA23FFDC140F92, 32E6671729A9FFB4A187A4E22F69EB44BCF35AD4BBD5003E046914AACFD58557 ] avmike          C:\Program Files\FRITZ!Fernzugang\avmike.exe
12:51:23.0627 0x0d6c  avmike - ok
12:51:23.0635 0x0d6c  [ 9C7C876ACB9B707ECD08BD434C46A4D3, 4135E95C0E531854268D2009ACD6F932D8ADC4D31E72D3B942F731C60ECCDF1D ] AVP15.0.2       C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avp.exe
12:51:23.0643 0x0d6c  AVP15.0.2 - ok
12:51:23.0647 0x0d6c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:51:23.0656 0x0d6c  AxInstSV - ok
12:51:23.0665 0x0d6c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:51:23.0676 0x0d6c  b06bdrv - ok
12:51:23.0682 0x0d6c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:51:23.0691 0x0d6c  b57nd60a - ok
12:51:23.0695 0x0d6c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:51:23.0701 0x0d6c  BDESVC - ok
12:51:23.0703 0x0d6c  BdfNdisf - ok
12:51:23.0705 0x0d6c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:51:23.0722 0x0d6c  Beep - ok
12:51:23.0734 0x0d6c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:51:23.0749 0x0d6c  BFE - ok
12:51:23.0762 0x0d6c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
12:51:23.0790 0x0d6c  BITS - ok
12:51:23.0793 0x0d6c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:51:23.0799 0x0d6c  blbdrive - ok
12:51:23.0803 0x0d6c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:51:23.0809 0x0d6c  bowser - ok
12:51:23.0811 0x0d6c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:51:23.0818 0x0d6c  BrFiltLo - ok
12:51:23.0820 0x0d6c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:51:23.0827 0x0d6c  BrFiltUp - ok
12:51:23.0831 0x0d6c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:51:23.0838 0x0d6c  Browser - ok
12:51:23.0844 0x0d6c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:51:23.0853 0x0d6c  Brserid - ok
12:51:23.0855 0x0d6c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:51:23.0863 0x0d6c  BrSerWdm - ok
12:51:23.0865 0x0d6c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:51:23.0872 0x0d6c  BrUsbMdm - ok
12:51:23.0874 0x0d6c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:51:23.0879 0x0d6c  BrUsbSer - ok
12:51:23.0882 0x0d6c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
12:51:23.0888 0x0d6c  BthEnum - ok
12:51:23.0890 0x0d6c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:51:23.0898 0x0d6c  BTHMODEM - ok
12:51:23.0902 0x0d6c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:51:23.0910 0x0d6c  BthPan - ok
12:51:23.0919 0x0d6c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
12:51:23.0931 0x0d6c  BTHPORT - ok
12:51:23.0935 0x0d6c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:51:23.0953 0x0d6c  bthserv - ok
12:51:23.0956 0x0d6c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
12:51:23.0962 0x0d6c  BTHUSB - ok
12:51:23.0965 0x0d6c  [ 32B94975BF6F101C27C43E90FF8ABBEB, B5475D9A705894CBFA583D6E9DAF969527A75800E98D0288182BAB2F10136642 ] busenum         C:\Windows\system32\DRIVERS\busenum.sys
12:51:23.0970 0x0d6c  busenum - ok
12:51:23.0974 0x0d6c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:51:23.0991 0x0d6c  cdfs - ok
12:51:23.0995 0x0d6c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:51:24.0002 0x0d6c  cdrom - ok
12:51:24.0006 0x0d6c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:51:24.0022 0x0d6c  CertPropSvc - ok
12:51:24.0026 0x0d6c  [ 75A561F505EA4D0A13EEFBB8CBDB1C35, C422F9E3D5122BA9E3BDB556A9DA1A357AB0CFBD84DC01A612B253D79EFA0DA6 ] certsrv         C:\Program Files\FRITZ!Fernzugang\certsrv.exe
12:51:24.0031 0x0d6c  certsrv - ok
12:51:24.0034 0x0d6c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:51:24.0041 0x0d6c  circlass - ok
12:51:24.0048 0x0d6c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
12:51:24.0057 0x0d6c  CLFS - ok
12:51:24.0065 0x0d6c  [ CB7140527636EE97CAD55C999FBCF636, BD41101B377193D7E7B3106B8B3CB426389844EF445650DDE375961B5C56F9EE ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
12:51:24.0072 0x0d6c  CLKMSVC10_38F51D56 - ok
12:51:24.0078 0x0d6c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:51:24.0084 0x0d6c  clr_optimization_v2.0.50727_32 - ok
12:51:24.0089 0x0d6c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:51:24.0095 0x0d6c  clr_optimization_v2.0.50727_64 - ok
12:51:24.0104 0x0d6c  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:51:24.0111 0x0d6c  clr_optimization_v4.0.30319_32 - ok
12:51:24.0115 0x0d6c  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:51:24.0122 0x0d6c  clr_optimization_v4.0.30319_64 - ok
12:51:24.0124 0x0d6c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:51:24.0130 0x0d6c  CmBatt - ok
12:51:24.0132 0x0d6c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:51:24.0137 0x0d6c  cmdide - ok
12:51:24.0142 0x0d6c  [ 429B31D047CFAD3CA5DD38120A2CE455, 5CC1459CBBBF2E6788635D4C277B116D90AE01DBE7AD561EB41A668F64801E80 ] cm_km_w         C:\Windows\system32\DRIVERS\cm_km_w.sys
12:51:24.0150 0x0d6c  cm_km_w - ok
12:51:24.0159 0x0d6c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
12:51:24.0172 0x0d6c  CNG - ok
12:51:24.0174 0x0d6c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:51:24.0179 0x0d6c  Compbatt - ok
12:51:24.0182 0x0d6c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:51:24.0189 0x0d6c  CompositeBus - ok
12:51:24.0191 0x0d6c  COMSysApp - ok
12:51:24.0194 0x0d6c  [ E17C723F90864CDBA3346BF613601BDB, E21644B2BC26F0843DB5D517B9200BACB0EA6127522992AC82DEB6791B176F12 ] CorsairAudioFilter C:\Windows\system32\DRIVERS\corsveng2kamd64.sys
12:51:24.0200 0x0d6c  CorsairAudioFilter - ok
12:51:24.0202 0x0d6c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:51:24.0207 0x0d6c  crcdisk - ok
12:51:24.0210 0x0d6c  [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
12:51:24.0213 0x0d6c  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
12:51:24.0213 0x0d6c  Detect skipped due to KSN trusted
12:51:24.0213 0x0d6c  Creative ALchemy AL6 Licensing Service - ok
12:51:24.0219 0x0d6c  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:51:24.0227 0x0d6c  CryptSvc - ok
12:51:24.0236 0x0d6c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
12:51:24.0247 0x0d6c  CSC - ok
12:51:24.0259 0x0d6c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
12:51:24.0274 0x0d6c  CscService - ok
12:51:24.0282 0x0d6c  [ 51D43B57EA8EFFE5CB1E27E01C100A2F, 68995F291422F2C5A2C9C4C673272754E3AC49ED53D6197675EB9E19028163C5 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
12:51:24.0290 0x0d6c  CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
12:51:24.0290 0x0d6c  Detect skipped due to KSN trusted
12:51:24.0290 0x0d6c  CTAudSvcService - ok
12:51:24.0307 0x0d6c  [ 5EEE837B6C7AADD5542D70964416997D, D97104DACEB8F3C65A4EB8E82F29306B9B2269F43D3F5583BAD258A67996EAFB ] cthda           C:\Windows\system32\drivers\cthda.sys
12:51:24.0325 0x0d6c  cthda - ok
12:51:24.0346 0x0d6c  [ 209733B2757CD9A2A2B67EF53655D0F9, E705A2CA35CB9DF3D08F2D8C964900319B15991420488703EB8C0EBFBABB2C5A ] CtHdaSvc        C:\Windows\sysWow64\CtHdaSvc.exe
12:51:24.0354 0x0d6c  CtHdaSvc - ok
12:51:24.0356 0x0d6c  [ 1F6A682DC74C90F8FE5F1EF039AFCF7B, 9D3F491D215451B09ABBE66C7E276EC016EE4E3848A92CC12CD59F270570170F ] cthdb           C:\Windows\system32\DRIVERS\cthdb.sys
12:51:24.0361 0x0d6c  cthdb - ok
12:51:24.0372 0x0d6c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:51:24.0395 0x0d6c  DcomLaunch - ok
12:51:24.0402 0x0d6c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:51:24.0422 0x0d6c  defragsvc - ok
12:51:24.0426 0x0d6c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:51:24.0443 0x0d6c  DfsC - ok
12:51:24.0450 0x0d6c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:51:24.0459 0x0d6c  Dhcp - ok
12:51:24.0479 0x0d6c  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
12:51:24.0502 0x0d6c  DiagTrack - ok
12:51:24.0511 0x0d6c  [ 05F99DFF3A8D705F9AA6B87224F7BEB1, DDE133A44A330A07A0EB961559C840BBFC9D9E0CCA27DE0B4284C76BCAD31EDE ] DirMngr         C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
12:51:24.0516 0x0d6c  DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
12:51:24.0516 0x0d6c  Detect skipped due to KSN trusted
12:51:24.0516 0x0d6c  DirMngr - ok
12:51:24.0518 0x0d6c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:51:24.0536 0x0d6c  discache - ok
12:51:24.0539 0x0d6c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
12:51:24.0544 0x0d6c  Disk - ok
12:51:24.0547 0x0d6c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
12:51:24.0553 0x0d6c  dmvsc - ok
12:51:24.0558 0x0d6c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:51:24.0566 0x0d6c  Dnscache - ok
12:51:24.0571 0x0d6c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:51:24.0590 0x0d6c  dot3svc - ok
12:51:24.0595 0x0d6c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:51:24.0614 0x0d6c  DPS - ok
12:51:24.0616 0x0d6c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:51:24.0621 0x0d6c  drmkaud - ok
12:51:24.0624 0x0d6c  [ 496C3C6BC3D930D0960C9E75AA30F4A7, 3FE0E86DA8C2C6A990BB2F1B92C22BD3483882B8D69FF8025BB68A199362C234 ] dtlitescsibus   C:\Windows\system32\DRIVERS\dtlitescsibus.sys
12:51:24.0630 0x0d6c  dtlitescsibus - ok
12:51:24.0645 0x0d6c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:51:24.0663 0x0d6c  DXGKrnl - ok
12:51:24.0667 0x0d6c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:51:24.0686 0x0d6c  EapHost - ok
12:51:24.0687 0x0d6c  EasyAntiCheat - ok
12:51:24.0737 0x0d6c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:51:24.0784 0x0d6c  ebdrv - ok
12:51:24.0790 0x0d6c  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] EFS             C:\Windows\System32\lsass.exe
12:51:24.0797 0x0d6c  EFS - ok
12:51:24.0809 0x0d6c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:51:24.0824 0x0d6c  ehRecvr - ok
12:51:24.0828 0x0d6c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:51:24.0835 0x0d6c  ehSched - ok
12:51:24.0845 0x0d6c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:51:24.0856 0x0d6c  elxstor - ok
12:51:24.0859 0x0d6c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:51:24.0864 0x0d6c  ErrDev - ok
12:51:24.0869 0x0d6c  [ DDF090A1D27D496BA6BFBF7C59693A7F, 4EEB8970B11A64FA2DAE216574C7637541DE9435AD063DB3157ECF0D09D4A94C ] ESProtectionDriver C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
12:51:24.0875 0x0d6c  ESProtectionDriver - ok
12:51:24.0883 0x0d6c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:51:24.0905 0x0d6c  EventSystem - ok
12:51:24.0910 0x0d6c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:51:24.0930 0x0d6c  exfat - ok
12:51:24.0934 0x0d6c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:51:24.0954 0x0d6c  fastfat - ok
12:51:24.0973 0x0d6c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:51:24.0987 0x0d6c  Fax - ok
12:51:24.0990 0x0d6c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
12:51:24.0997 0x0d6c  fdc - ok
12:51:24.0999 0x0d6c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:51:25.0016 0x0d6c  fdPHost - ok
12:51:25.0019 0x0d6c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:51:25.0037 0x0d6c  FDResPub - ok
12:51:25.0041 0x0d6c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:51:25.0047 0x0d6c  FileInfo - ok
12:51:25.0049 0x0d6c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:51:25.0067 0x0d6c  Filetrace - ok
12:51:25.0069 0x0d6c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:51:25.0075 0x0d6c  flpydisk - ok
12:51:25.0081 0x0d6c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:51:25.0089 0x0d6c  FltMgr - ok
12:51:25.0108 0x0d6c  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
12:51:25.0129 0x0d6c  FontCache - ok
12:51:25.0132 0x0d6c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:51:25.0138 0x0d6c  FontCache3.0.0.0 - ok
12:51:25.0140 0x0d6c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:51:25.0145 0x0d6c  FsDepends - ok
12:51:25.0148 0x0d6c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:51:25.0153 0x0d6c  Fs_Rec - ok
12:51:25.0158 0x0d6c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:51:25.0167 0x0d6c  fvevol - ok
12:51:25.0170 0x0d6c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:51:25.0176 0x0d6c  gagp30kx - ok
12:51:25.0178 0x0d6c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:51:25.0183 0x0d6c  GEARAspiWDM - ok
12:51:25.0202 0x0d6c  [ B17D0BDBDDF4BD4709D6CA3147D409C0, B83F0D9891190226D2D7D50DE27B61B5FC04B6942C37B78856C45B3309527D9B ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
12:51:25.0222 0x0d6c  GfExperienceService - ok
12:51:25.0225 0x0d6c  glavcam - ok
12:51:25.0237 0x0d6c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:51:25.0264 0x0d6c  gpsvc - ok
12:51:25.0269 0x0d6c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:51:25.0275 0x0d6c  gupdate - ok
12:51:25.0278 0x0d6c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:51:25.0283 0x0d6c  gupdatem - ok
12:51:25.0285 0x0d6c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:51:25.0291 0x0d6c  hcw85cir - ok
12:51:25.0298 0x0d6c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:51:25.0309 0x0d6c  HdAudAddService - ok
12:51:25.0313 0x0d6c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:51:25.0321 0x0d6c  HDAudBus - ok
12:51:25.0324 0x0d6c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:51:25.0330 0x0d6c  HidBatt - ok
12:51:25.0333 0x0d6c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:51:25.0341 0x0d6c  HidBth - ok
12:51:25.0344 0x0d6c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:51:25.0351 0x0d6c  HidIr - ok
12:51:25.0354 0x0d6c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
12:51:25.0372 0x0d6c  hidserv - ok
12:51:25.0374 0x0d6c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:51:25.0380 0x0d6c  HidUsb - ok
12:51:25.0385 0x0d6c  [ DD1257979C6D4627872455267A09FFD2, 3C63CFB678E139431F4A64B196BD7D2DEB76C4293D5E196114D56FFE74874D93 ] HiSuiteOuc64.exe C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
12:51:25.0391 0x0d6c  HiSuiteOuc64.exe - ok
12:51:25.0394 0x0d6c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:51:25.0412 0x0d6c  hkmsvc - ok
12:51:25.0417 0x0d6c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:51:25.0425 0x0d6c  HomeGroupListener - ok
12:51:25.0430 0x0d6c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:51:25.0438 0x0d6c  HomeGroupProvider - ok
12:51:25.0441 0x0d6c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:51:25.0447 0x0d6c  HpSAMD - ok
12:51:25.0459 0x0d6c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:51:25.0473 0x0d6c  HTTP - ok
12:51:25.0479 0x0d6c  [ 963CC1755FDA21878EB599DE93392C6E, 5E66A1D4387385980A7C3F5A9912CBF3433D1D4F1CA57B5E30D14B280DF49A1C ] HuaweiHiSuiteService64.exe C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
12:51:25.0486 0x0d6c  HuaweiHiSuiteService64.exe - ok
12:51:25.0489 0x0d6c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:51:25.0495 0x0d6c  hwpolicy - ok
12:51:25.0500 0x0d6c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:51:25.0507 0x0d6c  i8042prt - ok
12:51:25.0517 0x0d6c  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
12:51:25.0530 0x0d6c  iaStorA - ok
12:51:25.0534 0x0d6c  [ 20E83F4632E15A5E9E716FF2E8AC7FAE, 7CA1A4924F432AD30ED7FA6247C6513DA173EE31132AE115E85C0ED7E5971029 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:51:25.0539 0x0d6c  IAStorDataMgrSvc - ok
12:51:25.0541 0x0d6c  [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
12:51:25.0547 0x0d6c  iaStorF - ok
12:51:25.0554 0x0d6c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:51:25.0564 0x0d6c  iaStorV - ok
12:51:25.0568 0x0d6c  [ 5621E6C6E819502051966EE1A17E37CD, 4E62935057972BBF3EAE69676A6C9B09A551B4EB2D0717DBC090CC94DA44E03C ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
12:51:25.0572 0x0d6c  ICCS - detected UnsignedFile.Multi.Generic ( 1 )
12:51:25.0572 0x0d6c  Detect skipped due to KSN trusted
12:51:25.0572 0x0d6c  ICCS - ok
12:51:25.0575 0x0d6c  [ 55004F2386405B28471E09C2373ED0E0, 4B706A725EC17650CCFE0D0D944FC187B4C943D8241B847F2B8C65A3A1145885 ] ICCWDT          C:\Windows\system32\DRIVERS\ICCWDT.sys
12:51:25.0580 0x0d6c  ICCWDT - ok
12:51:25.0583 0x0d6c  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:51:25.0586 0x0d6c  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
12:51:25.0586 0x0d6c  Detect skipped due to KSN trusted
12:51:25.0586 0x0d6c  IDriverT - ok
12:51:25.0599 0x0d6c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:51:25.0615 0x0d6c  idsvc - ok
12:51:25.0618 0x0d6c  IEEtwCollectorService - ok
12:51:25.0621 0x0d6c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:51:25.0627 0x0d6c  iirsp - ok
12:51:25.0640 0x0d6c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:51:25.0658 0x0d6c  IKEEXT - ok
12:51:25.0663 0x0d6c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:51:25.0668 0x0d6c  intelide - ok
12:51:25.0672 0x0d6c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:51:25.0678 0x0d6c  intelppm - ok
12:51:25.0681 0x0d6c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:51:25.0699 0x0d6c  IPBusEnum - ok
12:51:25.0702 0x0d6c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:51:25.0719 0x0d6c  IpFilterDriver - ok
12:51:25.0729 0x0d6c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:51:25.0741 0x0d6c  iphlpsvc - ok
12:51:25.0745 0x0d6c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:51:25.0751 0x0d6c  IPMIDRV - ok
12:51:25.0755 0x0d6c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:51:25.0773 0x0d6c  IPNAT - ok
12:51:25.0775 0x0d6c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:51:25.0783 0x0d6c  IRENUM - ok
12:51:25.0786 0x0d6c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:51:25.0791 0x0d6c  isapnp - ok
12:51:25.0796 0x0d6c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:51:25.0804 0x0d6c  iScsiPrt - ok
12:51:25.0807 0x0d6c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:51:25.0813 0x0d6c  kbdclass - ok
12:51:25.0815 0x0d6c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:51:25.0822 0x0d6c  kbdhid - ok
12:51:25.0824 0x0d6c  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] KeyIso          C:\Windows\system32\lsass.exe
12:51:25.0829 0x0d6c  KeyIso - ok
12:51:25.0838 0x0d6c  [ 5781DA0CFB8833F5D8AEB433233C7294, 5EF52B532257E8CD34CEAFA405FF022CB1127B6A92BEE5578BC73B0380556D2A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
12:51:25.0850 0x0d6c  kl1 - ok
12:51:25.0853 0x0d6c  [ EE7A44540B65B6FF617DCB8929C9FDAE, E9FB0BEAA1692CEBE8F6E1DED6AE49EFE2679F606CD251AE2222095D37129CDA ] kldisk          C:\Windows\system32\DRIVERS\kldisk.sys
12:51:25.0860 0x0d6c  kldisk - ok
12:51:25.0864 0x0d6c  [ 119FC2FA9972458FF15BC17F2C36AB99, 6D45F8C9DC0CA7E8CA24E339B543E255C2A36349F9E510F20415FC4F6A1BD868 ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
12:51:25.0872 0x0d6c  klflt - ok
12:51:25.0877 0x0d6c  [ B96959CDDDEAE40F5B57C52AC6F94EC0, 207CA534DEACA83231FCE92E248ECFA95B8A12FA7FD3D711B730D76FD4A481DD ] klhk            C:\Windows\system32\DRIVERS\klhk.sys
12:51:25.0886 0x0d6c  klhk - ok
12:51:25.0899 0x0d6c  [ 61F6CCFE3D7B278E7F03DE7BC08DB694, 20D8BB1EEC95BDB11D91BF130D8BEE43048C950C274C8921D69B252A0C89BC7F ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
12:51:25.0916 0x0d6c  KLIF - ok
12:51:25.0919 0x0d6c  [ 3B360AA2710679C71E450745B96A801C, 2DDD55D838DA70D4834896AC70BEFB611488D894A79B14D5838401F5D9F93A84 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
12:51:25.0926 0x0d6c  KLIM6 - ok
12:51:25.0928 0x0d6c  [ 7DBA65D9D2974298B927287904EFF3D4, F69DDB0FF6CCEAE5EC7CD2A04A55E24D960DF4C6F935475C4AD466506D652255 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
12:51:25.0935 0x0d6c  klkbdflt - ok
12:51:25.0937 0x0d6c  [ 99EA6658E783A8D683BC3B72FD9FD235, 28163AE6503A30722497B5176AFDB139C21DC318622ABF867B65AB2C7D96EF59 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
12:51:25.0944 0x0d6c  klmouflt - ok
12:51:25.0946 0x0d6c  [ B33399BCA2034648520E34987CE2C0C9, F93B38D7DFAAE44B929BC2F739F03A9A67C6FA4AFC29B07DF96D2C7011DCB1AF ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
12:51:25.0952 0x0d6c  klpd - ok
12:51:25.0955 0x0d6c  [ B36DEE2A91F9388C4D3ED744592DE81D, 78D64539A375C80250FB9FA5E1DDA208B331A85916E19ED1353623DDF750EC58 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
12:51:25.0962 0x0d6c  kltdi - ok
12:51:25.0964 0x0d6c  [ 88D5EF6EE17C280167D42B53282AB4BD, CFFF8D7CE24FCE62FB2C21E1B09DF914612C1EF96876855537B207F7BD83E872 ] Klwtp           C:\Windows\system32\DRIVERS\klwtp.sys
12:51:25.0972 0x0d6c  Klwtp - ok
12:51:25.0976 0x0d6c  [ F9F8752748D6629EB8A5990F97D4346B, 833788E320F429BA25838F414F190C1D024D352F4F3CE050D593DCAEB2BAC2E8 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
12:51:25.0985 0x0d6c  kneps - ok
12:51:25.0988 0x0d6c  [ 3A8C03156C3E31E70EF84E48CA179B46, E25E43D53BB6EE1B5F34C95B4FAD111B37A36367B8D047B10FC614DEE13658E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:51:25.0994 0x0d6c  KSecDD - ok
12:51:25.0999 0x0d6c  [ C6330F7C2E92A00E6773E82F79078AFC, D8B851BF4FCE85F2A269F0B46BC7EC5A118FCFDACE8460E7B54C1A7CE306774A ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:51:26.0006 0x0d6c  KSecPkg - ok
12:51:26.0008 0x0d6c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:51:26.0025 0x0d6c  ksthunk - ok
12:51:26.0032 0x0d6c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:51:26.0054 0x0d6c  KtmRm - ok
12:51:26.0056 0x0d6c  [ A0BEBD2CCDFE1EAEA8231909B4891F54, 574AD180A90F35BBBC9C24397A358675C2219105A77B7189E6FEA73229C31794 ] lachesis35g     C:\Windows\system32\DRIVERS\lachesis35g.sys
12:51:26.0058 0x0d6c  lachesis35g - detected UnsignedFile.Multi.Generic ( 1 )
12:51:26.0058 0x0d6c  Detect skipped due to KSN trusted
12:51:26.0058 0x0d6c  lachesis35g - ok
12:51:26.0064 0x0d6c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:51:26.0084 0x0d6c  LanmanServer - ok
12:51:26.0088 0x0d6c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:51:26.0106 0x0d6c  LanmanWorkstation - ok
12:51:26.0110 0x0d6c  [ ADA0C09E8AEDC17F11D8E1731986A88A, 1B25D7137E89149BB61FF52BE0259F48E374FC4F7114FAF267AF7A19F3B89BD3 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:51:26.0113 0x0d6c  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
12:51:26.0113 0x0d6c  Detect skipped due to KSN trusted
12:51:26.0113 0x0d6c  LightScribeService - ok
12:51:26.0116 0x0d6c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:51:26.0133 0x0d6c  lltdio - ok
12:51:26.0139 0x0d6c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:51:26.0159 0x0d6c  lltdsvc - ok
12:51:26.0162 0x0d6c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:51:26.0179 0x0d6c  lmhosts - ok
12:51:26.0183 0x0d6c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:51:26.0189 0x0d6c  LSI_FC - ok
12:51:26.0193 0x0d6c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:51:26.0199 0x0d6c  LSI_SAS - ok
12:51:26.0202 0x0d6c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:51:26.0208 0x0d6c  LSI_SAS2 - ok
12:51:26.0212 0x0d6c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:51:26.0218 0x0d6c  LSI_SCSI - ok
12:51:26.0221 0x0d6c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:51:26.0240 0x0d6c  luafv - ok
12:51:26.0251 0x0d6c  [ B2E0C6FD6CA1B5EBC4E8DB8C674A661B, B0B7E41CB28482307CF4A3DD1909D277C661A73AA03E552DB6AAA71F017C9E19 ] MbaeSvc         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
12:51:26.0263 0x0d6c  MbaeSvc - ok
12:51:26.0266 0x0d6c  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:51:26.0272 0x0d6c  MBAMProtector - ok
12:51:26.0293 0x0d6c  [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
12:51:26.0316 0x0d6c  MBAMScheduler - ok
12:51:26.0334 0x0d6c  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
12:51:26.0352 0x0d6c  MBAMService - ok
12:51:26.0358 0x0d6c  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
12:51:26.0365 0x0d6c  MBAMSwissArmy - ok
12:51:26.0367 0x0d6c  [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:51:26.0373 0x0d6c  MBAMWebAccessControl - ok
12:51:26.0376 0x0d6c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:51:26.0383 0x0d6c  Mcx2Svc - ok
12:51:26.0386 0x0d6c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:51:26.0391 0x0d6c  megasas - ok
12:51:26.0396 0x0d6c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:51:26.0405 0x0d6c  MegaSR - ok
12:51:26.0408 0x0d6c  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
12:51:26.0413 0x0d6c  MEIx64 - ok
12:51:26.0416 0x0d6c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:51:26.0434 0x0d6c  MMCSS - ok
12:51:26.0436 0x0d6c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:51:26.0453 0x0d6c  Modem - ok
12:51:26.0456 0x0d6c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:51:26.0463 0x0d6c  monitor - ok
12:51:26.0466 0x0d6c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:51:26.0471 0x0d6c  mouclass - ok
12:51:26.0473 0x0d6c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:51:26.0479 0x0d6c  mouhid - ok
12:51:26.0482 0x0d6c  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:51:26.0488 0x0d6c  mountmgr - ok
12:51:26.0492 0x0d6c  [ C34AB4280614658903BE848CE79ACDB5, 9A943D9B3CF941DAE4EA4E2771B5EC5DA37AB16AD43095EF092B4259D62FF810 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:51:26.0498 0x0d6c  MozillaMaintenance - ok
12:51:26.0503 0x0d6c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:51:26.0510 0x0d6c  mpio - ok
12:51:26.0512 0x0d6c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:51:26.0530 0x0d6c  mpsdrv - ok
12:51:26.0543 0x0d6c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:51:26.0570 0x0d6c  MpsSvc - ok
12:51:26.0574 0x0d6c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:51:26.0582 0x0d6c  MRxDAV - ok
12:51:26.0586 0x0d6c  [ ACB6782973BD93760D597FC7BB37E692, 9B6EC2858D236DCE61FD5E0247F4D947A5DC484C9C0AABFDAF8270ABA392E787 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:51:26.0593 0x0d6c  mrxsmb - ok
12:51:26.0599 0x0d6c  [ 262BF7BB7D0E44CFAA9B12A1E0A6EDF1, CCC3A4CE929C7C8B07C1038BBE8425590CE14F5C37E1D5608978A3AD2F41519C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:51:26.0608 0x0d6c  mrxsmb10 - ok
12:51:26.0612 0x0d6c  [ 8C0376974AA28398FF501E78C04ACB30, 81CE67BE933F67F760A72BF9B581F33BC151D98970765FE4425450A2EF450409 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:51:26.0619 0x0d6c  mrxsmb20 - ok
12:51:26.0621 0x0d6c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:51:26.0626 0x0d6c  msahci - ok
12:51:26.0631 0x0d6c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:51:26.0637 0x0d6c  msdsm - ok
12:51:26.0641 0x0d6c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:51:26.0649 0x0d6c  MSDTC - ok
12:51:26.0653 0x0d6c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:51:26.0670 0x0d6c  Msfs - ok
12:51:26.0672 0x0d6c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:51:26.0689 0x0d6c  mshidkmdf - ok
12:51:26.0691 0x0d6c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:51:26.0696 0x0d6c  msisadrv - ok
12:51:26.0700 0x0d6c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:51:26.0719 0x0d6c  MSiSCSI - ok
12:51:26.0721 0x0d6c  msiserver - ok
12:51:26.0726 0x0d6c  [ C92F541E27885AF79DA641418E74672D, FDC4543A3DA3394DEAB8D8A5FF9298427CF06E8E385294BB8D25216DD1887EBD ] MSI_SuperCharger C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
12:51:26.0733 0x0d6c  MSI_SuperCharger - ok
12:51:26.0735 0x0d6c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:51:26.0752 0x0d6c  MSKSSRV - ok
12:51:26.0755 0x0d6c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:51:26.0772 0x0d6c  MSPCLOCK - ok
12:51:26.0774 0x0d6c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:51:26.0791 0x0d6c  MSPQM - ok
12:51:26.0797 0x0d6c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:51:26.0807 0x0d6c  MsRPC - ok
12:51:26.0810 0x0d6c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:51:26.0815 0x0d6c  mssmbios - ok
12:51:26.0817 0x0d6c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:51:26.0834 0x0d6c  MSTEE - ok
12:51:26.0836 0x0d6c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:51:26.0842 0x0d6c  MTConfig - ok
12:51:26.0844 0x0d6c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:51:26.0850 0x0d6c  Mup - ok
12:51:26.0859 0x0d6c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:51:26.0882 0x0d6c  napagent - ok
12:51:26.0888 0x0d6c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:51:26.0900 0x0d6c  NativeWifiP - ok
12:51:26.0915 0x0d6c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:51:26.0932 0x0d6c  NDIS - ok
12:51:26.0935 0x0d6c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:51:26.0952 0x0d6c  NdisCap - ok
12:51:26.0955 0x0d6c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:51:26.0972 0x0d6c  NdisTapi - ok
12:51:26.0974 0x0d6c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:51:26.0991 0x0d6c  Ndisuio - ok
12:51:26.0995 0x0d6c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:51:27.0013 0x0d6c  NdisWan - ok
12:51:27.0017 0x0d6c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:51:27.0033 0x0d6c  NDProxy - ok
12:51:27.0036 0x0d6c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:51:27.0053 0x0d6c  NetBIOS - ok
12:51:27.0059 0x0d6c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:51:27.0079 0x0d6c  NetBT - ok
12:51:27.0081 0x0d6c  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] Netlogon        C:\Windows\system32\lsass.exe
12:51:27.0087 0x0d6c  Netlogon - ok
12:51:27.0094 0x0d6c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:51:27.0116 0x0d6c  Netman - ok
12:51:27.0126 0x0d6c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:51:27.0133 0x0d6c  NetMsmqActivator - ok
12:51:27.0136 0x0d6c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:51:27.0143 0x0d6c  NetPipeActivator - ok
12:51:27.0152 0x0d6c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:51:27.0175 0x0d6c  netprofm - ok
12:51:27.0200 0x0d6c  [ B72079F1ACA97F72DB1B1C5D1EFBC874, BC6B37A522C7DE0B09C7F654977CD025178215192D958599F9AA016824E71D77 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
12:51:27.0227 0x0d6c  netr28ux - ok
12:51:27.0231 0x0d6c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:51:27.0238 0x0d6c  NetTcpActivator - ok
12:51:27.0242 0x0d6c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:51:27.0249 0x0d6c  NetTcpPortSharing - ok
12:51:27.0251 0x0d6c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:51:27.0257 0x0d6c  nfrd960 - ok
12:51:27.0263 0x0d6c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:51:27.0272 0x0d6c  NlaSvc - ok
12:51:27.0275 0x0d6c  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] npf             C:\Windows\system32\drivers\npf.sys
12:51:27.0281 0x0d6c  npf - ok
12:51:27.0283 0x0d6c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:51:27.0301 0x0d6c  Npfs - ok
12:51:27.0303 0x0d6c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:51:27.0321 0x0d6c  nsi - ok
12:51:27.0323 0x0d6c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:51:27.0340 0x0d6c  nsiproxy - ok
12:51:27.0365 0x0d6c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:51:27.0391 0x0d6c  Ntfs - ok
12:51:27.0394 0x0d6c  [ 23CF3DA010497EB2BF39A5C5A57E437C, 39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E ] NTIOLib_1_0_3   C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys
12:51:27.0399 0x0d6c  NTIOLib_1_0_3 - ok
12:51:27.0401 0x0d6c  [ 1B32C54B95121AB1683C7B83B2DB4B96, 99F4994A0E5BD1BF6E3F637D3225C69FF4CD620557E23637533E7F18D7D6CBA1 ] NTIOLib_1_0_4   C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
12:51:27.0406 0x0d6c  NTIOLib_1_0_4 - ok
12:51:27.0409 0x0d6c  [ 2DA209DDE8188076A9579BD256DC90D0, 984A77E5424C6D099051441005F2938AE92B31B5AD8F6521C6B001932862ADD7 ] NTIOLib_MSISMB_CC C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys
12:51:27.0413 0x0d6c  NTIOLib_MSISMB_CC - ok
12:51:27.0415 0x0d6c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:51:27.0432 0x0d6c  Null - ok
12:51:27.0435 0x0d6c  [ 0EBC9D13CD96C15B1B18D8678A609E4B, B10896DE16B0C102DFB3E73A6C11A1982C5B428015DAE1F8776BCEF94A0F75C6 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
12:51:27.0440 0x0d6c  nusb3hub - ok
12:51:27.0445 0x0d6c  [ 7BDEC000D56D485021D9C1E63C2F81CA, 7F1303FD0371AF8715BFC38433B730C797170AEF10C7DB845B7B547DA8DBB5D5 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:51:27.0452 0x0d6c  nusb3xhc - ok
12:51:27.0456 0x0d6c  [ B9E5A80F646DDFEF158773722A466EA3, 028979FE600D17DA70445F44D81FAE4EDA3478FCC81FA5506133CCAC37C4E2BF ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
12:51:27.0465 0x0d6c  NVHDA - ok
12:51:27.0612 0x0d6c  [ 36BAB895547EA82892292F05FA02142E, 224D165CE3ECB0EF35C18D09507AB43ADC4A7AD12E507F31230012943C83BEDB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:51:27.0756 0x0d6c  nvlddmkm - ok
12:51:27.0794 0x0d6c  [ C2909BD26906E1D05D77B1D48B48E94A, 5642571FFDBDC63F0E3B1477337103517ABF7C50EBEDA63EF8E162E44C7B2538 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
12:51:27.0823 0x0d6c  NvNetworkService - ok
12:51:27.0828 0x0d6c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:51:27.0835 0x0d6c  nvraid - ok
12:51:27.0839 0x0d6c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:51:27.0845 0x0d6c  nvstor - ok
12:51:27.0848 0x0d6c  [ 60C9EC53F9CFBFBE38E9C79B88A6B19F, D89D6C62AB0A3224D850B639E4D7D7265BF183BEE0C60F27FEDDF0194504B078 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
12:51:27.0853 0x0d6c  NvStreamKms - ok
12:51:27.0927 0x0d6c  [ 5A773713C332F8760ABB915C24675E8F, DA453D341529B34188D5B235B17BD0FDAE84129539FC212F34B9FCC42DC0549C ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
12:51:28.0002 0x0d6c  NvStreamSvc - ok
12:51:28.0021 0x0d6c  [ 6B245B7F96F901891636814B5A7A9088, BC6DF13929AEBA2CF5DC8449FF9D5F73497DF8E9760AFA93B56543D86BE940C3 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:51:28.0038 0x0d6c  nvsvc - ok
12:51:28.0039 0x0d6c  Object required for P2P: [ 6B245B7F96F901891636814B5A7A9088 ] nvsvc
12:51:30.0767 0x0d6c  Object send P2P result: true
12:51:30.0772 0x0d6c  [ 35DFC12FD7E44B7CB8CCD7E5A2B3975A, 36E0E39646636F6E027691E5C3903C51479B3F707BDEA40F460FD27E357DA14E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
12:51:30.0779 0x0d6c  nvvad_WaveExtensible - ok
12:51:30.0783 0x0d6c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:51:30.0789 0x0d6c  nv_agp - ok
12:51:30.0797 0x0d6c  [ 9ED2D6751813F5589710A8122CD227B2, 6CC824DFF403E0C43FE036E40EFDD0FD4B95D908EF3C687E21D9AD54491DFE81 ] NWIM            C:\Windows\system32\DRIVERS\avmnwim.sys
12:51:30.0806 0x0d6c  NWIM - ok
12:51:30.0810 0x0d6c  [ 18D041C4E99653D5C782AD2B3E4AAE04, B991AF5CFCF9174E050D5034FAB044C0FB01CBC0C0FB01F0ACF2C52B227BF33D ] nwtsrv          C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
12:51:30.0817 0x0d6c  nwtsrv - ok
12:51:30.0820 0x0d6c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:51:30.0826 0x0d6c  ohci1394 - ok
12:51:30.0857 0x0d6c  [ 7C77BE6B074F774355B582B4C8E8C850, 046208210A9BD4AE9D20A2EE1C886F740C5BC1ECACEA2F55D6627F7FDD013D21 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
12:51:30.0888 0x0d6c  Origin Client Service - ok
12:51:30.0898 0x0d6c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:51:30.0908 0x0d6c  p2pimsvc - ok
12:51:30.0915 0x0d6c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:51:30.0927 0x0d6c  p2psvc - ok
12:51:30.0930 0x0d6c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
12:51:30.0937 0x0d6c  Parport - ok
12:51:30.0940 0x0d6c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:51:30.0945 0x0d6c  partmgr - ok
12:51:30.0950 0x0d6c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:51:30.0958 0x0d6c  PcaSvc - ok
12:51:30.0962 0x0d6c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:51:30.0969 0x0d6c  pci - ok
12:51:30.0972 0x0d6c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:51:30.0977 0x0d6c  pciide - ok
12:51:30.0981 0x0d6c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:51:30.0989 0x0d6c  pcmcia - ok
12:51:30.0991 0x0d6c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:51:30.0997 0x0d6c  pcw - ok
12:51:31.0007 0x0d6c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:51:31.0021 0x0d6c  PEAUTH - ok
12:51:31.0041 0x0d6c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:51:31.0064 0x0d6c  PeerDistSvc - ok
12:51:31.0086 0x0d6c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:51:31.0092 0x0d6c  PerfHost - ok
12:51:31.0115 0x0d6c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:51:31.0150 0x0d6c  pla - ok
12:51:31.0158 0x0d6c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:51:31.0170 0x0d6c  PlugPlay - ok
12:51:31.0172 0x0d6c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:51:31.0178 0x0d6c  PNRPAutoReg - ok
12:51:31.0184 0x0d6c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:51:31.0194 0x0d6c  PNRPsvc - ok
12:51:31.0203 0x0d6c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:51:31.0226 0x0d6c  PolicyAgent - ok
12:51:31.0233 0x0d6c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:51:31.0252 0x0d6c  Power - ok
12:51:31.0256 0x0d6c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:51:31.0273 0x0d6c  PptpMiniport - ok
12:51:31.0276 0x0d6c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
12:51:31.0283 0x0d6c  Processor - ok
12:51:31.0284 0x0d6c  PROCEXP151 - ok
12:51:31.0290 0x0d6c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:51:31.0298 0x0d6c  ProfSvc - ok
12:51:31.0301 0x0d6c  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:51:31.0307 0x0d6c  ProtectedStorage - ok
12:51:31.0310 0x0d6c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:51:31.0328 0x0d6c  Psched - ok
12:51:31.0350 0x0d6c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:51:31.0374 0x0d6c  ql2300 - ok
12:51:31.0378 0x0d6c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:51:31.0385 0x0d6c  ql40xx - ok
12:51:31.0390 0x0d6c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:51:31.0401 0x0d6c  QWAVE - ok
12:51:31.0404 0x0d6c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:51:31.0412 0x0d6c  QWAVEdrv - ok
12:51:31.0414 0x0d6c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:51:31.0431 0x0d6c  RasAcd - ok
12:51:31.0435 0x0d6c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:51:31.0452 0x0d6c  RasAgileVpn - ok
12:51:31.0455 0x0d6c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:51:31.0474 0x0d6c  RasAuto - ok
12:51:31.0477 0x0d6c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:51:31.0495 0x0d6c  Rasl2tp - ok
12:51:31.0501 0x0d6c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:51:31.0522 0x0d6c  RasMan - ok
12:51:31.0525 0x0d6c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:51:31.0543 0x0d6c  RasPppoe - ok
12:51:31.0546 0x0d6c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:51:31.0564 0x0d6c  RasSstp - ok
12:51:31.0570 0x0d6c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:51:31.0590 0x0d6c  rdbss - ok
12:51:31.0592 0x0d6c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:51:31.0599 0x0d6c  rdpbus - ok
12:51:31.0601 0x0d6c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:51:31.0618 0x0d6c  RDPCDD - ok
12:51:31.0623 0x0d6c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:51:31.0630 0x0d6c  RDPDR - ok
12:51:31.0632 0x0d6c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:51:31.0649 0x0d6c  RDPENCDD - ok
12:51:31.0652 0x0d6c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:51:31.0668 0x0d6c  RDPREFMP - ok
12:51:31.0672 0x0d6c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:51:31.0678 0x0d6c  RdpVideoMiniport - ok
12:51:31.0682 0x0d6c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:51:31.0690 0x0d6c  RDPWD - ok
12:51:31.0695 0x0d6c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:51:31.0703 0x0d6c  rdyboost - ok
12:51:31.0706 0x0d6c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:51:31.0724 0x0d6c  RemoteAccess - ok
12:51:31.0729 0x0d6c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:51:31.0748 0x0d6c  RemoteRegistry - ok
12:51:31.0752 0x0d6c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:51:31.0761 0x0d6c  RFCOMM - ok
12:51:31.0764 0x0d6c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:51:31.0782 0x0d6c  RpcEptMapper - ok
12:51:31.0784 0x0d6c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:51:31.0791 0x0d6c  RpcLocator - ok
12:51:31.0800 0x0d6c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
12:51:31.0823 0x0d6c  RpcSs - ok
12:51:31.0827 0x0d6c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:51:31.0845 0x0d6c  rspndr - ok
12:51:31.0858 0x0d6c  [ 130DD683DCC902F47A4AC35201D07E2F, A1E7082D93C170CF5855007B26F96E8F8183B15126D34A9DB16CBF190BD8EF53 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:51:31.0874 0x0d6c  RTL8167 - ok
12:51:31.0876 0x0d6c  RTL8187 - ok
12:51:31.0879 0x0d6c  [ A29F3787FEA005C8355F62321BE9E065, A1BE2758EE21CBFB00E6F32D3C62323D890BD9AD177E880390CFAD9F5326A9B3 ] rusb3hub        C:\Windows\system32\DRIVERS\rusb3hub.sys
12:51:31.0886 0x0d6c  rusb3hub - ok
12:51:31.0891 0x0d6c  [ 0FE1DB20DA9863CD5B397717FF07738B, 3BCA3269A6ECA501508F2BAC56DB9C0B2DAD3DDA853C5FB168E4C628A94E1C83 ] rusb3xhc        C:\Windows\system32\DRIVERS\rusb3xhc.sys
12:51:31.0898 0x0d6c  rusb3xhc - ok
12:51:31.0901 0x0d6c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:51:31.0906 0x0d6c  s3cap - ok
12:51:31.0908 0x0d6c  [ 86873AA9867CA9D78850EE9DC1C6AE5B, DD00FC709305599C6E94269318C5D8D34215723151ADFB6A066A2EEA3210A160 ] SAlphamHid      C:\Windows\system32\DRIVERS\SAlpham64.sys
12:51:31.0914 0x0d6c  SAlphamHid - ok
12:51:31.0916 0x0d6c  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] SamSs           C:\Windows\system32\lsass.exe
12:51:31.0922 0x0d6c  SamSs - ok
12:51:31.0928 0x0d6c  [ E20128053F3F4641A2627ECFA7149ECA, CE5620BC170E76E53FEDCCEE12BBFBEE7C67B96E53E5D9C63FA7773C36699DC6 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
12:51:31.0936 0x0d6c  SbieDrv - ok
12:51:31.0941 0x0d6c  [ 0FA1025D7AC725EEA5EA3076965EEA6B, 80AFCFD77BCE07F34C1276F5F416A156ABB9FEDC2AAF7AE68CEA500A4468D125 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
12:51:31.0947 0x0d6c  SbieSvc - ok
12:51:31.0950 0x0d6c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:51:31.0956 0x0d6c  sbp2port - ok
12:51:31.0961 0x0d6c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:51:31.0981 0x0d6c  SCardSvr - ok
12:51:31.0983 0x0d6c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:51:31.0999 0x0d6c  scfilter - ok
12:51:32.0016 0x0d6c  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
12:51:32.0036 0x0d6c  Schedule - ok
12:51:32.0040 0x0d6c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:51:32.0057 0x0d6c  SCPolicySvc - ok
12:51:32.0061 0x0d6c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:51:32.0069 0x0d6c  SDRSVC - ok
12:51:32.0096 0x0d6c  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
12:51:32.0122 0x0d6c  SDScannerService - ok
12:51:32.0152 0x0d6c  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
12:51:32.0182 0x0d6c  SDUpdateService - ok
12:51:32.0189 0x0d6c  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
12:51:32.0196 0x0d6c  SDWSCService - ok
12:51:32.0199 0x0d6c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:51:32.0205 0x0d6c  secdrv - ok
12:51:32.0207 0x0d6c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:51:32.0224 0x0d6c  seclogon - ok
12:51:32.0227 0x0d6c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
12:51:32.0245 0x0d6c  SENS - ok
12:51:32.0247 0x0d6c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:51:32.0253 0x0d6c  SensrSvc - ok
12:51:32.0256 0x0d6c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:51:32.0262 0x0d6c  Serenum - ok
12:51:32.0265 0x0d6c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
12:51:32.0271 0x0d6c  Serial - ok
12:51:32.0274 0x0d6c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:51:32.0280 0x0d6c  sermouse - ok
12:51:32.0285 0x0d6c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:51:32.0304 0x0d6c  SessionEnv - ok
12:51:32.0306 0x0d6c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:51:32.0313 0x0d6c  sffdisk - ok
12:51:32.0315 0x0d6c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:51:32.0322 0x0d6c  sffp_mmc - ok
12:51:32.0325 0x0d6c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:51:32.0331 0x0d6c  sffp_sd - ok
12:51:32.0333 0x0d6c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:51:32.0339 0x0d6c  sfloppy - ok
12:51:32.0347 0x0d6c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:51:32.0368 0x0d6c  SharedAccess - ok
12:51:32.0375 0x0d6c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:51:32.0397 0x0d6c  ShellHWDetection - ok
12:51:32.0399 0x0d6c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:51:32.0405 0x0d6c  SiSRaid2 - ok
12:51:32.0408 0x0d6c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:51:32.0414 0x0d6c  SiSRaid4 - ok
12:51:32.0417 0x0d6c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:51:32.0435 0x0d6c  Smb - ok
12:51:32.0443 0x0d6c  [ E3E56CAF0472163871B922FC7CBC9654, 1D7208519DB904E1B27F8D5214CA219BD52AB8C1AB64F22F8959DC4E8955AD37 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
12:51:32.0451 0x0d6c  snapman - ok
12:51:32.0453 0x0d6c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:51:32.0460 0x0d6c  SNMPTRAP - ok
12:51:32.0462 0x0d6c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:51:32.0468 0x0d6c  spldr - ok
12:51:32.0477 0x0d6c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:51:32.0491 0x0d6c  Spooler - ok
12:51:32.0543 0x0d6c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:51:32.0605 0x0d6c  sppsvc - ok
12:51:32.0612 0x0d6c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:51:32.0630 0x0d6c  sppuinotify - ok
12:51:32.0638 0x0d6c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:51:32.0649 0x0d6c  srv - ok
12:51:32.0656 0x0d6c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:51:32.0666 0x0d6c  srv2 - ok
12:51:32.0671 0x0d6c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:51:32.0677 0x0d6c  srvnet - ok
12:51:32.0682 0x0d6c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:51:32.0702 0x0d6c  SSDPSRV - ok
12:51:32.0705 0x0d6c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:51:32.0723 0x0d6c  SstpSvc - ok
12:51:32.0737 0x0d6c  [ 0398BF35F898BA77033E678609AAB64F, E48D2E1E1C8FD314340BA1AA69E8942F630139B1E7019C8828BA5525444320D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:51:32.0751 0x0d6c  Steam Client Service - ok
12:51:32.0760 0x0d6c  [ C368FAF3084E3978462159F1DDAFF54F, F7DD88038E002EF3D2BCA648FE7CF0F92347E901C5F495D8D8E4D24076E895CD ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:51:32.0769 0x0d6c  Stereo Service - ok
12:51:32.0772 0x0d6c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:51:32.0777 0x0d6c  stexstor - ok
12:51:32.0787 0x0d6c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:51:32.0803 0x0d6c  stisvc - ok
12:51:32.0806 0x0d6c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:51:32.0812 0x0d6c  storflt - ok
12:51:32.0814 0x0d6c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
12:51:32.0820 0x0d6c  StorSvc - ok
12:51:32.0822 0x0d6c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:51:32.0828 0x0d6c  storvsc - ok
12:51:32.0830 0x0d6c  [ FD1134B9DACF371240A6F9CD7AE8D488, 3563147CB448B9B7CF1EA594FD3C72BFA6F157B3A1B0F1F11868B36BCC960B88 ] subvgaproduct64 C:\Windows\system32\DRIVERS\subvga64.sys
12:51:32.0835 0x0d6c  subvgaproduct64 - ok
12:51:32.0837 0x0d6c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:51:32.0841 0x0d6c  swenum - ok
12:51:32.0851 0x0d6c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:51:32.0875 0x0d6c  swprv - ok
12:51:32.0882 0x0d6c  [ 1001FE2D332F7D82CBB62ABAF014948F, 3A9A5A9255DF876732D33126AF4579566C0CAF9BA2C5684E7D1D1F5F4F85A989 ] SynoDrService   C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
12:51:32.0891 0x0d6c  SynoDrService - ok
12:51:32.0917 0x0d6c  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
12:51:32.0944 0x0d6c  SysMain - ok
12:51:32.0949 0x0d6c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:51:32.0959 0x0d6c  TabletInputService - ok
12:51:32.0962 0x0d6c  [ 134B275751051C5D03F9ACCDC4F8CAAB, D50F96485AF6F26EA9A5A3A2ADEACC2DFD3B2ABCDAB88195B75CC72EAC543BE2 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
12:51:32.0967 0x0d6c  tap0901 - ok
12:51:32.0969 0x0d6c  taphss6 - ok
12:51:32.0976 0x0d6c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:51:32.0997 0x0d6c  TapiSrv - ok
12:51:33.0000 0x0d6c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:51:33.0018 0x0d6c  TBS - ok
12:51:33.0045 0x0d6c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:51:33.0073 0x0d6c  Tcpip - ok
12:51:33.0101 0x0d6c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:51:33.0130 0x0d6c  TCPIP6 - ok
12:51:33.0135 0x0d6c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:51:33.0141 0x0d6c  tcpipreg - ok
12:51:33.0144 0x0d6c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:51:33.0149 0x0d6c  TDPIPE - ok
12:51:33.0152 0x0d6c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:51:33.0157 0x0d6c  TDTCP - ok
12:51:33.0161 0x0d6c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:51:33.0167 0x0d6c  tdx - ok
12:51:33.0170 0x0d6c  [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
12:51:33.0174 0x0d6c  teamviewervpn - ok
12:51:33.0177 0x0d6c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:51:33.0182 0x0d6c  TermDD - ok
12:51:33.0193 0x0d6c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
12:51:33.0208 0x0d6c  TermService - ok
12:51:33.0211 0x0d6c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:51:33.0220 0x0d6c  Themes - ok
12:51:33.0223 0x0d6c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:51:33.0241 0x0d6c  THREADORDER - ok
12:51:33.0256 0x0d6c  [ FB4AE448F658FD45F9E2458E39B01B3C, A81BCE5734C1D38773E560AA7630E6A50DB8DA9F043033F99CBC46CB2F7D8484 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
12:51:33.0273 0x0d6c  timounter - ok
12:51:33.0278 0x0d6c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:51:33.0297 0x0d6c  TrkWks - ok
12:51:33.0301 0x0d6c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:51:33.0320 0x0d6c  TrustedInstaller - ok
12:51:33.0323 0x0d6c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:51:33.0329 0x0d6c  tssecsrv - ok
12:51:33.0332 0x0d6c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:51:33.0338 0x0d6c  TsUsbFlt - ok
12:51:33.0341 0x0d6c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:51:33.0346 0x0d6c  TsUsbGD - ok
12:51:33.0350 0x0d6c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:51:33.0368 0x0d6c  tunnel - ok
12:51:33.0371 0x0d6c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:51:33.0376 0x0d6c  uagp35 - ok
12:51:33.0382 0x0d6c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:51:33.0403 0x0d6c  udfs - ok
12:51:33.0407 0x0d6c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:51:33.0414 0x0d6c  UI0Detect - ok
12:51:33.0417 0x0d6c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:51:33.0422 0x0d6c  uliagpkx - ok
12:51:33.0425 0x0d6c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:51:33.0431 0x0d6c  umbus - ok
12:51:33.0433 0x0d6c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:51:33.0439 0x0d6c  UmPass - ok
12:51:33.0443 0x0d6c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:51:33.0452 0x0d6c  UmRdpService - ok
12:51:33.0459 0x0d6c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:51:33.0481 0x0d6c  upnphost - ok
12:51:33.0486 0x0d6c  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:51:33.0488 0x0d6c  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
12:51:33.0488 0x0d6c  Detect skipped due to KSN trusted
12:51:33.0488 0x0d6c  USBAAPL64 - ok
12:51:33.0492 0x0d6c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:51:33.0498 0x0d6c  usbaudio - ok
12:51:33.0501 0x0d6c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:51:33.0508 0x0d6c  usbccgp - ok
12:51:33.0511 0x0d6c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:51:33.0518 0x0d6c  usbcir - ok
12:51:33.0520 0x0d6c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:51:33.0526 0x0d6c  usbehci - ok
12:51:33.0533 0x0d6c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:51:33.0542 0x0d6c  usbhub - ok
12:51:33.0545 0x0d6c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:51:33.0550 0x0d6c  usbohci - ok
12:51:33.0552 0x0d6c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
12:51:33.0559 0x0d6c  usbprint - ok
12:51:33.0562 0x0d6c  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\DRIVERS\USBSER.sys
12:51:33.0567 0x0d6c  usbser - ok
12:51:33.0571 0x0d6c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:51:33.0577 0x0d6c  USBSTOR - ok
12:51:33.0579 0x0d6c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:51:33.0585 0x0d6c  usbuhci - ok
12:51:33.0590 0x0d6c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
12:51:33.0598 0x0d6c  usbvideo - ok
12:51:33.0600 0x0d6c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:51:33.0618 0x0d6c  UxSms - ok
12:51:33.0620 0x0d6c  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] VaultSvc        C:\Windows\system32\lsass.exe
12:51:33.0626 0x0d6c  VaultSvc - ok
12:51:33.0631 0x0d6c  [ AD6D273E646B94BB6668C8CB439CFBD3, 0B9218E121280FA39932BF30B0B92D887EADFF6C42B56786A2BF133248B92A09 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
12:51:33.0640 0x0d6c  VBoxDrv - ok
12:51:33.0643 0x0d6c  [ B0A8C5BC95689A130F9E05492341833D, 8DDC6D77B0541813919B685D2DFCDFA4F752F8DD99400DA87523F8D2E9D72D27 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:51:33.0650 0x0d6c  VBoxNetAdp - ok
12:51:33.0652 0x0d6c  VBoxNetFlt - ok
12:51:33.0655 0x0d6c  [ E5C140160617B2B0545B4051AA9507FF, 3BC0A0CA1BD510FCFDD8222B05A370903B15DC06C4277A5F0BA95A6382970978 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
12:51:33.0661 0x0d6c  VBoxUSBMon - ok
12:51:33.0664 0x0d6c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:51:33.0669 0x0d6c  vdrvroot - ok
12:51:33.0678 0x0d6c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:51:33.0702 0x0d6c  vds - ok
12:51:33.0705 0x0d6c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:51:33.0712 0x0d6c  vga - ok
12:51:33.0714 0x0d6c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:51:33.0731 0x0d6c  VgaSave - ok
12:51:33.0736 0x0d6c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:51:33.0743 0x0d6c  vhdmp - ok
12:51:33.0746 0x0d6c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:51:33.0751 0x0d6c  viaide - ok
12:51:33.0755 0x0d6c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:51:33.0763 0x0d6c  vmbus - ok
12:51:33.0765 0x0d6c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:51:33.0771 0x0d6c  VMBusHID - ok
12:51:33.0772 0x0d6c  vmci - ok
12:51:33.0774 0x0d6c  VMnetAdapter - ok
12:51:33.0776 0x0d6c  [ A99CA064AD11266FE7067A79BF78BBB5, B5AFFBA1A9A6E51639A89B9F6C0678E70F73D2BF37D5F88F4AD45DFC6798597D ] vnet            C:\Windows\system32\DRIVERS\virtualnet.sys
12:51:33.0778 0x0d6c  vnet - detected UnsignedFile.Multi.Generic ( 1 )
12:51:33.0778 0x0d6c  Detect skipped due to KSN trusted
12:51:33.0778 0x0d6c  vnet - ok
12:51:33.0781 0x0d6c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:51:33.0787 0x0d6c  volmgr - ok
12:51:33.0794 0x0d6c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:51:33.0804 0x0d6c  volmgrx - ok
12:51:33.0810 0x0d6c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:51:33.0818 0x0d6c  volsnap - ok
12:51:33.0823 0x0d6c  [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
12:51:33.0831 0x0d6c  vpcbus - ok
12:51:33.0833 0x0d6c  [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:51:33.0839 0x0d6c  vpcnfltr - ok
12:51:33.0843 0x0d6c  [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
12:51:33.0849 0x0d6c  vpcusb - ok
12:51:33.0852 0x0d6c  [ 63F4E10873BEB4124028C6D1A66B0968, 57088A18CC4BD5A31F40E7118A5DDAA1731A06B91D3870471FBEA705B38E0A57 ] vpcuxd          C:\Windows\system32\DRIVERS\vpcuxd.sys
12:51:33.0857 0x0d6c  vpcuxd - ok
12:51:33.0864 0x0d6c  [ 207B6539799CC1C112661A9B620DD233, 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
12:51:33.0873 0x0d6c  vpcvmm - ok
12:51:33.0876 0x0d6c  [ 9B4F6978628D07FAEBF77FF6F8F2960D, FC36FE6BE77445D55E4E92CE3EAF172E253EC8CF8D2EBCA204969CF21FFA5600 ] VsEtwService120 C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe
12:51:33.0883 0x0d6c  VsEtwService120 - ok
12:51:33.0888 0x0d6c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:51:33.0894 0x0d6c  vsmraid - ok
12:51:33.0919 0x0d6c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:51:33.0956 0x0d6c  VSS - ok
12:51:33.0959 0x0d6c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:51:33.0966 0x0d6c  vwifibus - ok
12:51:33.0969 0x0d6c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:51:33.0977 0x0d6c  vwififlt - ok
12:51:33.0984 0x0d6c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:51:34.0007 0x0d6c  W32Time - ok
12:51:34.0010 0x0d6c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:51:34.0016 0x0d6c  WacomPen - ok
12:51:34.0019 0x0d6c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:51:34.0036 0x0d6c  WANARP - ok
12:51:34.0039 0x0d6c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:51:34.0056 0x0d6c  Wanarpv6 - ok
12:51:34.0075 0x0d6c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:51:34.0097 0x0d6c  WatAdminSvc - ok
12:51:34.0121 0x0d6c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:51:34.0146 0x0d6c  wbengine - ok
12:51:34.0152 0x0d6c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:51:34.0163 0x0d6c  WbioSrvc - ok
12:51:34.0171 0x0d6c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:51:34.0185 0x0d6c  wcncsvc - ok
12:51:34.0187 0x0d6c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:51:34.0194 0x0d6c  WcsPlugInService - ok
12:51:34.0197 0x0d6c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
12:51:34.0202 0x0d6c  Wd - ok
12:51:34.0215 0x0d6c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:51:34.0230 0x0d6c  Wdf01000 - ok
12:51:34.0234 0x0d6c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:51:34.0241 0x0d6c  WdiServiceHost - ok
12:51:34.0243 0x0d6c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:51:34.0250 0x0d6c  WdiSystemHost - ok
12:51:34.0256 0x0d6c  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
12:51:34.0265 0x0d6c  WebClient - ok
12:51:34.0271 0x0d6c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:51:34.0291 0x0d6c  Wecsvc - ok
12:51:34.0294 0x0d6c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:51:34.0313 0x0d6c  wercplsupport - ok
12:51:34.0316 0x0d6c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:51:34.0335 0x0d6c  WerSvc - ok
12:51:34.0337 0x0d6c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:51:34.0354 0x0d6c  WfpLwf - ok
12:51:34.0356 0x0d6c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:51:34.0361 0x0d6c  WIMMount - ok
12:51:34.0363 0x0d6c  WinDefend - ok
12:51:34.0366 0x0d6c  WinHttpAutoProxySvc - ok
12:51:34.0374 0x0d6c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:51:34.0394 0x0d6c  Winmgmt - ok
12:51:34.0423 0x0d6c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
12:51:34.0455 0x0d6c  WinRM - ok
12:51:34.0460 0x0d6c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
12:51:34.0468 0x0d6c  WinUsb - ok
12:51:34.0482 0x0d6c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:51:34.0503 0x0d6c  Wlansvc - ok
12:51:34.0537 0x0d6c  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:51:34.0570 0x0d6c  wlidsvc - ok
12:51:34.0576 0x0d6c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:51:34.0581 0x0d6c  WmiAcpi - ok
12:51:34.0587 0x0d6c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:51:34.0595 0x0d6c  wmiApSrv - ok
12:51:34.0597 0x0d6c  WMPNetworkSvc - ok
12:51:34.0599 0x0d6c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:51:34.0605 0x0d6c  WPCSvc - ok
12:51:34.0609 0x0d6c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:51:34.0617 0x0d6c  WPDBusEnum - ok
12:51:34.0619 0x0d6c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:51:34.0637 0x0d6c  ws2ifsl - ok
12:51:34.0640 0x0d6c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
12:51:34.0650 0x0d6c  wscsvc - ok
12:51:34.0651 0x0d6c  WSearch - ok
12:51:34.0689 0x0d6c  [ 291778E1A36716182AFBC1731B2DFEAB, C0B928CCCE8C496C90C42E0D294BAB51DC67C02B0D20CFB6A16B0AE1F51CC497 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:51:34.0728 0x0d6c  wuauserv - ok
12:51:34.0734 0x0d6c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:51:34.0741 0x0d6c  WudfPf - ok
12:51:34.0745 0x0d6c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:51:34.0753 0x0d6c  WUDFRd - ok
12:51:34.0756 0x0d6c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:51:34.0763 0x0d6c  wudfsvc - ok
12:51:34.0768 0x0d6c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:51:34.0777 0x0d6c  WwanSvc - ok
12:51:34.0781 0x0d6c  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
12:51:34.0787 0x0d6c  xusb21 - ok
12:51:34.0794 0x0d6c  ================ Scan global ===============================
12:51:34.0796 0x0d6c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
12:51:34.0801 0x0d6c  [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\Windows\system32\winsrv.dll
12:51:34.0808 0x0d6c  [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\Windows\system32\winsrv.dll
12:51:34.0813 0x0d6c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:51:34.0820 0x0d6c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
12:51:34.0824 0x0d6c  [ Global ] - ok
12:51:34.0824 0x0d6c  ================ Scan MBR ==================================
12:51:34.0825 0x0d6c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:51:34.0843 0x0d6c  \Device\Harddisk0\DR0 - ok
12:51:34.0844 0x0d6c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
12:51:34.0857 0x0d6c  \Device\Harddisk1\DR1 - ok
12:51:34.0858 0x0d6c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
12:51:34.0877 0x0d6c  \Device\Harddisk2\DR2 - ok
12:51:34.0879 0x0d6c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
12:51:34.0908 0x0d6c  \Device\Harddisk3\DR3 - ok
12:51:34.0912 0x0d6c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR4
12:51:35.0082 0x0d6c  \Device\Harddisk4\DR4 - ok
12:51:35.0082 0x0d6c  ================ Scan VBR ==================================
12:51:35.0083 0x0d6c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1
12:51:35.0083 0x0d6c  \Device\Harddisk0\DR0\Partition1 - ok
12:51:35.0085 0x0d6c  [ 40D0FA1E195A21D39BCC342F2A047359 ] \Device\Harddisk0\DR0\Partition2
12:51:35.0086 0x0d6c  \Device\Harddisk0\DR0\Partition2 - ok
12:51:35.0087 0x0d6c  [ A3C2B444187877409CABA685DD26E8FF ] \Device\Harddisk0\DR0\Partition3
12:51:35.0089 0x0d6c  \Device\Harddisk0\DR0\Partition3 - ok
12:51:35.0091 0x0d6c  [ CC54728AE2A7BDF60C989C4DF6FCB4B5 ] \Device\Harddisk1\DR1\Partition1
12:51:35.0092 0x0d6c  \Device\Harddisk1\DR1\Partition1 - ok
12:51:35.0093 0x0d6c  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk1\DR1\Partition2
12:51:35.0093 0x0d6c  \Device\Harddisk1\DR1\Partition2 - ok
12:51:35.0094 0x0d6c  [ 7C0F4D7D157563C533E74314FC64764B ] \Device\Harddisk1\DR1\Partition3
12:51:35.0095 0x0d6c  \Device\Harddisk1\DR1\Partition3 - ok
12:51:35.0097 0x0d6c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk2\DR2\Partition1
12:51:35.0097 0x0d6c  \Device\Harddisk2\DR2\Partition1 - ok
12:51:35.0098 0x0d6c  [ 54A3F59B164CEDC2DE1D98F3CC05EC95 ] \Device\Harddisk2\DR2\Partition2
12:51:35.0099 0x0d6c  \Device\Harddisk2\DR2\Partition2 - ok
12:51:35.0100 0x0d6c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk3\DR3\Partition1
12:51:35.0101 0x0d6c  \Device\Harddisk3\DR3\Partition1 - ok
12:51:35.0102 0x0d6c  [ E1B733F3CDAF2A80DE902A6949219013 ] \Device\Harddisk3\DR3\Partition2
12:51:35.0103 0x0d6c  \Device\Harddisk3\DR3\Partition2 - ok
12:51:35.0105 0x0d6c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk4\DR4\Partition1
12:51:35.0106 0x0d6c  \Device\Harddisk4\DR4\Partition1 - ok
12:51:35.0108 0x0d6c  [ E54F410B5BA1B68E978384488DCFAE9C ] \Device\Harddisk4\DR4\Partition2
12:51:35.0114 0x0d6c  \Device\Harddisk4\DR4\Partition2 - ok
12:51:35.0114 0x0d6c  ================ Scan generic autorun ======================

Alt 23.10.2015, 12:10   #7
FrankW187
 
Pc spinnt / Unknown MBR Code... Bootkit? - Standard

Pc spinnt / Unknown MBR Code... Bootkit?


Code:
ATTFilter
12:51:35.0150 0x0d6c  [ 6BE70A935DFD72F47C29757305B50B1E, 6E76D7CA8C417750C2AFAD45344F5863CEA7798A2993716E21DE1997789D1746 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
12:51:35.0188 0x0d6c  NvBackend - ok
12:51:35.0193 0x0d6c  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
12:51:35.0201 0x0d6c  ShadowPlay - ok
12:51:35.0253 0x0d6c  [ 5A9CDFF0CEDFA8061D0DE6B6C2547F51, 76CDEF7A94D90D79CFA105E492E53350F7545900FEF651CD0D18B3163B812AD2 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
12:51:35.0264 0x0d6c  AdobeAAMUpdater-1.0 - ok
12:51:35.0267 0x0d6c  [ 5A77E2A4DD76B0733CF30AAD21AB3587, 345C43F209CD29C7A1E8BD88C725D154C29F47B767CD3749EE61601EB4DDDC03 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
12:51:35.0274 0x0d6c  RUSB3MON - ok
12:51:35.0277 0x0d6c  [ 9D51EA92A612B37E76E5E4621650C50A, 00BD61C8527A80C0F684882379A0AC2E5A54E8BBECC797087B960CDC8454C373 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
12:51:35.0283 0x0d6c  NUSB3MON - ok
12:51:35.0298 0x0d6c  [ 6F98C7DA1AE54B3151358971336B7B46, 3FE79211467DCC020C3D284B2DFA286677375004E92A742030EAE29A49A0BF76 ] C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
12:51:35.0312 0x0d6c  Sound Blaster Recon3D PCIe Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
12:51:35.0312 0x0d6c  Detect skipped due to KSN trusted
12:51:35.0312 0x0d6c  Sound Blaster Recon3D PCIe Control Panel - ok
12:51:35.0352 0x0d6c  [ 618FE6488D7FA07504D45E4BED54A051, CD4987307245B79BBFEE85A91DF5372299EC8A49DE1BE53B27F58AC0F5587CDB ] C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
12:51:35.0392 0x0d6c  Corsair Gaming Headset Software - ok
12:51:35.0428 0x0d6c  [ 3D1D33DE714636AEAB4AC18291D254F6, 8C9ECD5818F48B90FAEFBEC896F795DDE45CCE73BB11901E90E035F179037117 ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
12:51:35.0460 0x0d6c  Adobe Creative Cloud - ok
12:51:35.0550 0x0d6c  [ F0C14288A8CBB4919919063F7B781483, 23BD6592035FAB1B222B151134D2504AC013F93768EAB91DF39EE9439AB11F4F ] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
12:51:35.0633 0x0d6c  TrueImageMonitor.exe - ok
12:51:35.0696 0x0d6c  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
12:51:35.0750 0x0d6c  SDTray - ok
12:51:35.0792 0x0d6c  [ 90F08C914B0492762B6A8A99703FFA2E, D3EDEF6E285E6FC63E06EA820C1D598AE3574A2AA1567809E1AA073919C82406 ] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
12:51:35.0828 0x0d6c  Malwarebytes Anti-Exploit - ok
12:51:35.0837 0x0d6c  [ 0ACAB7ED0899909AA7E383F7A27DCF7A, 4996791DD8C701C0B25A7F79E49D30A9C3FA3E219C017F3E852999FAEF835A64 ] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
12:51:35.0842 0x0d6c  SteelSeries Engine - detected UnsignedFile.Multi.Generic ( 1 )
12:51:35.0842 0x0d6c  Detect skipped due to KSN trusted
12:51:35.0842 0x0d6c  SteelSeries Engine - ok
12:51:35.0957 0x0d6c  [ C81F59B7D524FB462F73B27757084618, 6C7DF7257ED0D9C69A53B98F15EAF1B42D302659791EE80F48D06BCA11EA09D8 ] C:\Program Files\CCleaner\CCleaner64.exe
12:51:36.0062 0x0d6c  CCleaner Monitoring - ok
12:51:36.0075 0x0d6c  [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Frank\AppData\Local\Dropbox\Update\DropboxUpdate.exe
12:51:36.0081 0x0d6c  Dropbox Update - ok
12:51:36.0119 0x0d6c  [ 781DCED079ABD884DF8CA22B6FA30F05, 392C39D4E26AAE801786EE9A2671FDFFF18991A27046853B13ACA90E4B2D3998 ] C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe
12:51:36.0155 0x0d6c  Spotify Web Helper - ok
12:51:36.0156 0x0d6c  Object required for P2P: [ 781DCED079ABD884DF8CA22B6FA30F05 ] C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe
12:51:38.0899 0x0d6c  Object send P2P result: true
12:51:38.0916 0x0d6c  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
12:51:38.0931 0x0d6c  SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
12:51:38.0931 0x0d6c  Detect skipped due to KSN trusted
12:51:38.0931 0x0d6c  SpybotPostWindows10UpgradeReInstall - ok
12:51:38.0969 0x0d6c  [ 4AEE8446E8A922EC25C9300A766AC38A, C7E8A5A49811C0D1164043C490C9C4EDD554E348C88851ABDF5B13E27A86C8DB ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
12:51:39.0006 0x0d6c  LightScribe Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
12:51:39.0006 0x0d6c  Detect skipped due to KSN trusted
12:51:39.0006 0x0d6c  LightScribe Control Panel - ok
12:51:39.0015 0x0d6c  [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\system32\StikyNot.exe
12:51:39.0026 0x0d6c  RESTART_STICKY_NOTES - ok
12:51:39.0032 0x0d6c  [ 0ACAB7ED0899909AA7E383F7A27DCF7A, 4996791DD8C701C0B25A7F79E49D30A9C3FA3E219C017F3E852999FAEF835A64 ] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
12:51:39.0037 0x0d6c  SteelSeries Engine - detected UnsignedFile.Multi.Generic ( 1 )
12:51:39.0037 0x0d6c  Detect skipped due to KSN trusted
12:51:39.0037 0x0d6c  SteelSeries Engine - ok
12:51:39.0154 0x0d6c  [ C81F59B7D524FB462F73B27757084618, 6C7DF7257ED0D9C69A53B98F15EAF1B42D302659791EE80F48D06BCA11EA09D8 ] C:\Program Files\CCleaner\CCleaner64.exe
12:51:39.0259 0x0d6c  CCleaner Monitoring - ok
12:51:39.0301 0x0d6c  [ 781DCED079ABD884DF8CA22B6FA30F05, 392C39D4E26AAE801786EE9A2671FDFFF18991A27046853B13ACA90E4B2D3998 ] C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe
12:51:39.0337 0x0d6c  Spotify Web Helper - ok
12:51:39.0338 0x0d6c  Object required for P2P: [ 781DCED079ABD884DF8CA22B6FA30F05 ] C:\Users\Frank\AppData\Roaming\Spotify\SpotifyWebHelper.exe
12:51:42.0079 0x0d6c  Object send P2P result: true
12:51:42.0079 0x0d6c  Plex Media Server - ok
12:51:42.0083 0x0d6c  AV detected via SS2: Kaspersky Small Office Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\wmiav.exe ( 15.0.2.361 ), 0x41000 ( enabled : updated )
12:51:42.0084 0x0d6c  FW detected via SS2: Kaspersky Small Office Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\wmiav.exe ( 15.0.2.361 ), 0x41010 ( enabled )
12:51:44.0835 0x0d6c  ============================================================
12:51:44.0835 0x0d6c  Scan finished
12:51:44.0835 0x0d6c  ============================================================
12:51:44.0839 0x03ac  Detected object count: 0
12:51:44.0839 0x03ac  Actual detected object count: 0

Alt 24.10.2015, 09:41   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Pc spinnt / Unknown MBR Code... Bootkit? - Standard

Pc spinnt / Unknown MBR Code... Bootkit?


GPU? Nein. Sowas gibt es auch nicht. Nur in Laboren und schlechten Science-Fiction Filmen.

Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.10.2015, 16:42   #9
FrankW187
 
Pc spinnt / Unknown MBR Code... Bootkit? - Standard

Pc spinnt / Unknown MBR Code... Bootkit?


Code:
ATTFilter
Detected Windows version: 6.1 Build 7601 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x0000011C
5 valid drive(s) found.

Details for Disk 0 - WDC WD30EZRX-00MMMB0 Rev 80.0:
  Device name              : \\.\PhysicalDrive0
  Geometry (C/H/S)         : 364801/255/63
  Boot loader reputation   : Known Good (Windows 7)
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    MD5                    : A36C5E4F47E84449FF07ED3517B43A31


Details for Disk 1 - ADATA SP900 Rev 5.0.:
  Device name              : \\.\PhysicalDrive1
  Geometry (C/H/S)         : 31130/255/63
  Boot loader reputation   : Unknown
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : 639AC5CDF8A5CF3245975932C6A4215450A7B98F
    MD5                    : 5FB38429D5D77768867C76DCBDB35194


Details for Disk 2 - SAMSUNG HD642JJ Rev 1AA0:
  Device name              : \\.\PhysicalDrive2
  Geometry (C/H/S)         : 77825/255/63
  Boot loader reputation   : Known Good (Windows 7)
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    MD5                    : A36C5E4F47E84449FF07ED3517B43A31


Details for Disk 3 - SAMSUNG SP2504C Rev VT10:
  Device name              : \\.\PhysicalDrive3
  Geometry (C/H/S)         : 30401/255/63
  Boot loader reputation   : Known Good (Windows 7)
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    MD5                    : A36C5E4F47E84449FF07ED3517B43A31


Details for Disk 4 - SYNOLOGY iSCSI Storage Rev 3.1:
  Device name              : \\.\PhysicalDrive4
  Geometry (C/H/S)         : 652/255/63
  Boot loader reputation   : Known Good (Windows 7)
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    MD5                    : A36C5E4F47E84449FF07ED3517B43A31
"in schlechten Science-Fiction Filmen" oder auf GitHub https://github.com/x0r1/jellyfish . Also mir hätte auch ein einfaches "Nein gibt es nicht" als Antwort gereicht. Bzgl UEFI hab ich n Vortrag von der BlackHat gefunden schau ich mir den halt mal an war ja auch nur ne Frage .

Bei den Logs bisher war alles sauber? Die suspicious Files laut GMER sind auch normal nehme ich mal an. Vielleicht gibt ja die .zip Datei Aufschlüsse wenn nicht mache ich auch gerne weiter wenn es noch mehr Tools zum Scannen gibt.

Vielen Dank schonmal für die Hilfe.

Alt 26.10.2015, 18:19   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Pc spinnt / Unknown MBR Code... Bootkit? - Standard

Pc spinnt / Unknown MBR Code... Bootkit?


Zitat:
"in schlechten Science-Fiction Filmen" oder auf GitHub https://github.com/x0r1/jellyfish . Also mir hätte auch ein einfaches "Nein gibt es nicht" als Antwort gereicht. Bzgl UEFI hab ich n Vortrag von der BlackHat gefunden schau ich mir den halt mal an war ja auch nur ne Frage
Du hast von GPU geredet .
Und das, was Du dort verlinkt hast, wirste auch auf keinem Rechner eines Normalo-Menschen finden.

MBR ist auch sauber, Logs sind sauber
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.10.2015, 19:59   #11
FrankW187
 
Pc spinnt / Unknown MBR Code... Bootkit? - Standard

Pc spinnt / Unknown MBR Code... Bootkit?


Ja GPU genau. Der Link ist ein Proof of Concept eines GPU Rootkits für Linux. Als weitere Quelle zu meiner Aussage würde ich dann mal Heise präsentieren l+f: Der Keylogger in der GPU | heise Security

Es geht hier auch nicht darum funktionsfähigen Code zu präsentieren den jeder einsetzten kann, wir sind hier ja auch nicht in einem Hacker Forum .
Wenn es ein PoC gibt kann ich mir doch auch ziemlich sicher sein, dass jemand mit ausreichend Fähigkeit und Zeit sowas umsetzen kann und auch nicht direkt postet. Also theoretisch funktioniert das ganze schonmal, inwiefern es auch benutzt wird bzw. ob man das bei "Normalo-Menschen" findet ist natürlich schwer zu beurteilen wenn es nichtmal die Möglichkeit zur Überprüfung gibt oder? Was "Normalo-Menschen" sind kann ich auch nur vermuten, aber das ganze schweift ja eh schon viel zu weit ab. Es ging ja auch in keinster Weise darum wie häufig es sowas gibt sondern nur ob es eine Möglichkeit zur Überpfüng gibt, wie man auch meinem ersten Beitrag entnehmen kann.

Und UEFI hatte ich ja auch erwähnt das ist auch nur schlechte Science-Fiction ja?
Schade, dass man diesbezüglich keine sachliche Diskussion führen kann sondern einem mit Verunglimpfungen geantwortet werden. Ist anscheinend der falscher Ort für solche Fragen.

Trotzdem für die ansonsten nette Hilfe beim Scannen, ich gehe mal davon aus, dass es auch keine weiteren Möglichkeiten mehr zum Scannen gibt, da ja der letzte Beitrag diesbezüglich auch keine Anweisung enthält.

Alt 27.10.2015, 19:39   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Pc spinnt / Unknown MBR Code... Bootkit? - Standard

Pc spinnt / Unknown MBR Code... Bootkit?


Zitat:
Schade, dass man diesbezüglich keine sachliche Diskussion führen kann sondern einem mit Verunglimpfungen geantwortet werden. Ist anscheinend der falscher Ort für solche Fragen.
Nö, nach dem 300sten User der denkt, er hätte sowas, wird man halt komisch. Es gibt sowas, im Labor.

Keiner von uns wird sowas auf dem Rechner haben. Und erkennbar an Scans ist es schon zweimal nicht.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Pc spinnt / Unknown MBR Code... Bootkit?
cyberghost, desktop, dnsapi.dll, ferngesteuert, firefox, flash player, ftp, google, homepage, installation, internet, kaspersky, launch, mozilla, port, problem, prozess, prozesse, registry, rojaner gefunden, rundll, safer networking, scan, security, server, software, svchost.exe, synology, system, teamspeak, trojaner, win10, windows


« Kaspersky findet immer not-a- virus:HEUR und ich bekomme es nicht weg. | Avira erkennt mehr als 30 Funde »


Ähnliche Themen: Pc spinnt / Unknown MBR Code... Bootkit?


  1. Win 7: Rechner crashed und startet von neuem und Browser spinnt. Teil 1 (langer code)
    Plagegeister aller Art und deren Bekämpfung - 20.06.2015 (20)
  2. Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert
    Plagegeister aller Art und deren Bekämpfung - 24.08.2014 (18)
  3. Windows XP: PC bootet nicht mehr richtig (Trojaner, Root-, Bootkit?)
    Log-Analyse und Auswertung - 19.03.2014 (19)
  4. Bootkit Remover hat ein Problem erkannt, wie gehts jetzt weiter?
    Log-Analyse und Auswertung - 22.11.2013 (26)
  5. unknown MBR code, kein Zugriff auf Dokumente und Einstellungen
    Log-Analyse und Auswertung - 17.03.2013 (0)
  6. C:\WINXP\system32\dllcache\explorer.exe (Trojan.Bootkit.Dropper)
    Log-Analyse und Auswertung - 30.08.2012 (13)
  7. Bootkit Mebratix.B ?
    Log-Analyse und Auswertung - 06.04.2012 (10)
  8. (Unbekanntes) Bootkit
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (6)
  9. AVAST findet Bootkit?
    Plagegeister aller Art und deren Bekämpfung - 25.04.2011 (86)
  10. Bootkit Remover findet anscheinend defekten MBR, was nun?
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (4)
  11. Virus überschreibt MBR immer neu.. (evt Bootkit?)
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (19)
  12. TR Click.Cycler.ajts läßt sich mit bootkit remover oder GMER nicht beseitigen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (19)
  13. Bootkit Remover
    Anleitungen, FAQs & Links - 30.05.2010 (1)
  14. Bootkit hebelt Festplattenverschlüsselung aus
    Nachrichten - 30.07.2009 (0)
  15. BkCln.Unknown
    Plagegeister aller Art und deren Bekämpfung - 12.09.2005 (12)
  16. Unknown owner
    Log-Analyse und Auswertung - 27.03.2005 (5)
  17. Unknown Trojan !?
    Plagegeister aller Art und deren Bekämpfung - 29.01.2005 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Pc spinnt / Unknown MBR Code... Bootkit? - Hallo, also teilweise spinnt das Internet an meinem Rechner. Der Seitenaufbau funktioniert dann teilweise und die Seiten laden dann endlos aber laden nur teilweise in Chrome und auch FF IE - Pc spinnt / Unknown MBR Code... Bootkit?...
Archiv
Du betrachtest: Pc spinnt / Unknown MBR Code... Bootkit? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55