Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC langsam und CPU oft bei 100% (https://www.trojaner-board.de/164868-pc-langsam-cpu-oft-100-a.html)

ArmeSocke 08.03.2015 22:35
PC langsam und CPU oft bei 100%
 
Liebes Trojaner-Board-Team,

mein PC ist zur Zeit sehr langsam, teilweise ist die CPU lange bei 100% (Nur ein Browser offen). Zusätzlich verschinden teilweise, wenn ich einen Browser öffne, kurz alle Symbole auf meinem Desktop und Programmleiste und werden durch ein weißes Symbol ersetzt. Das alles kommt mir irgendwie sehr komisch vor.
Wenn ich in den Task-Manager starte, sehe ich Prozesse zu denen kein User und kein Pfad angezeigt wird, zb. csrss.exe.
Ich hoffe ihr könnt mir helfen, den ich fürchte ich habe mir irgendwie einen Virus eingefangen. Danke schon mal im Voraus.

Technische Daten:

Betriebssystem: Windows 7 Home Premium
Prozessor: Intel(R) Core(TM) i5-3317U
Arbeitsspeicher: 8GB
Systemtyp: 64-Bit
Schutzprogramme: Kaspersky Internet Security 2015

Logs:

Defogger:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:41 on 08/03/2015 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by User (ATTENTION: The logged in user is not administrator) on MS-STUDY-LAPTOP on 08-03-2015 21:46:54
Running from C:\Users\User\Desktop
Loaded Profiles: UpdatusUser & User & Admin (Available profiles: UpdatusUser & User & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> nvxdsync.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> AdminService.exe
Failed to access process -> CxAudMsg64.exe
Failed to access process -> HeciServer.exe
Failed to access process -> irstrtsv.exe
Failed to access process -> Jhi_service.exe
Failed to access process -> LenovoSmartConnectService.exe
Failed to access process -> svchost.exe
Failed to access process -> Ath_CoexAgent.exe
Failed to access process -> svchost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Failed to access process -> armsvc.exe
Failed to access process -> igfxCUIService.exe
Failed to access process -> dirmngr.exe
Failed to access process -> avp.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(LENOVO) C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
Failed to access process -> svchost.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> svchost.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> IntelMeFWService.exe
Failed to access process -> LMS.exe
Failed to access process -> UNS.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> dllhost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> VSSVC.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [792224 2011-12-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-12-13] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [378968 2012-01-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-04-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2014-04-29] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe [3244080 2012-04-06] (Lenovo)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-17] (LENOVO)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\RunOnce: [DeleteVeriFace] => C:\Windows\DeleteVF.exe [320864 2014-04-29] (TODO: <公司名>)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\...\Run: [SkyDrive] => C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\...\MountPoints2: {8e1cabb4-3b1c-11e4-9143-446d57a390f2} - E:\Startme.exe
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Internet Security.lnk
ShortcutTarget: Kaspersky Internet Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3577023336-649988219-1192559642-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-3577023336-649988219-1192559642-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3577023336-649988219-1192559642-1000] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-3577023336-649988219-1192559642-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
URLSearchHook: [S-1-5-21-3577023336-649988219-1192559642-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {16B26D30-2FA7-49A8-9AAD-93A94B928D29} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {16B26D30-2FA7-49A8-9AAD-93A94B928D29} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3577023336-649988219-1192559642-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-3577023336-649988219-1192559642-1001 -> {16B26D30-2FA7-49A8-9AAD-93A94B928D29} URL =
SearchScopes: HKU\S-1-5-21-3577023336-649988219-1192559642-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-08] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-08] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-08] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-08] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2014-12-11] (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-12-13] (Atheros Commnucations)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-08] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-12-11] (Sun Microsystems, Inc.)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-08] (Kaspersky Lab ZAO)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwtc4h0k.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll [2014-12-11] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2014-12-11] (Sun Microsystems, Inc.)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-08] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-08] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwtc4h0k.default\user.js [2015-02-13]
FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwtc4h0k.default\Extensions\firefox@ghostery.com.xpi [2015-02-13]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwtc4h0k.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-13]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwtc4h0k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-13]
FF Extension: BetterPrivacy - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwtc4h0k.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-02-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-08]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-08]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-08]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (WOT) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-09-15]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-15]
CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-08]
CHR Extension: (HTTPS Everywhere) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-06-12]
CHR Extension: (Ghostery) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-06-12]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-13] (Atheros Commnucations) [File not signed]
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-11-25] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-16] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164184 2012-04-16] (Intel Corporation)
R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
S2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-13] (Atheros) [File not signed]
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-13] (Sony Mobile Communications)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2014-10-16] (Intel  Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-08] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-08] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-12] (TODO: <Company name>)
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-11-05] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-11-05] (Microsoft Corporation) [File not signed]
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 wlidsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 21:43 - 2015-03-08 21:47 - 00025756 _____ () C:\Users\User\Desktop\FRST.txt
2015-03-08 21:42 - 2015-03-08 21:46 - 00000000 ____D () C:\FRST
2015-03-08 21:41 - 2015-03-08 21:41 - 00000472 _____ () C:\Users\User\Desktop\defogger_disable.log
2015-03-08 21:41 - 2015-03-08 21:41 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-03-08 20:53 - 2015-03-08 20:53 - 00380416 _____ () C:\Users\User\Desktop\Gmer-19357.exe
2015-03-08 20:52 - 2015-03-08 20:52 - 00000000 ____D () C:\Users\User\Desktop\Scan
2015-03-08 20:51 - 2015-03-08 20:51 - 02095104 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-03-08 20:50 - 2015-03-08 20:50 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
2015-03-08 20:40 - 2015-03-08 20:40 - 00000022 _____ () C:\Windows\S.dirmngr
2015-03-06 11:32 - 2015-03-06 11:32 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-03-01 23:04 - 2015-03-02 15:17 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-25 15:07 - 2015-02-27 14:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 12:14 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 12:14 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 11:12 - 2015-02-25 11:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\Atheros
2015-02-25 11:12 - 2015-02-25 11:12 - 00000000 ____D () C:\Users\User\AppData\Local\BMExplorer
2015-02-24 11:31 - 2015-02-24 11:31 - 00000000 ____D () C:\Users\User\AppData\Local\Steam
2015-02-24 11:04 - 2015-02-24 11:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\Macromedia
2015-02-24 10:52 - 2015-02-24 10:52 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-02-23 12:55 - 2015-02-24 18:09 - 00000683 _____ () C:\Users\User\Desktop\AWS-20150223.txt
2015-02-20 19:51 - 2015-02-20 19:51 - 00000000 ____D () C:\ProgramData\Energy Management
2015-02-15 10:24 - 2015-02-15 10:24 - 00003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 20:14 - 2015-02-13 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-02-13 20:12 - 2015-02-13 20:14 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2015-02-13 20:11 - 2015-02-13 20:11 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-12 20:01 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 20:01 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:01 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 20:01 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 12:25 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 12:25 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 12:25 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 12:25 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 12:24 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 12:24 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 12:24 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 12:24 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 12:24 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 12:24 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 12:24 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 12:24 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 12:24 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 12:24 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 12:24 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:24 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 12:24 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 12:24 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 12:24 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:24 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:24 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 12:24 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 12:24 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 12:24 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 12:24 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 12:24 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 12:24 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 12:24 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 12:24 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 12:24 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 12:24 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:24 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 12:24 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 12:24 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 12:24 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:24 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 12:24 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 12:24 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 12:24 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 12:24 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 12:24 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 12:24 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 12:24 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 12:24 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 12:24 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:24 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 12:24 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:24 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 12:24 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 12:24 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:24 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 12:24 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 12:24 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 12:24 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 12:24 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:24 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 12:24 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 12:24 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 12:24 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 12:24 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:24 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 12:24 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 12:24 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 12:24 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 12:24 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 12:24 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 12:23 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 12:23 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 12:23 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 12:23 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 12:23 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 12:23 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 12:23 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 12:23 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 12:23 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 12:23 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 12:23 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 12:23 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 12:23 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 12:23 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 12:23 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 12:23 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 12:23 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 12:23 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 12:23 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 12:23 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 12:23 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 12:23 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 12:23 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:23 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 12:23 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 12:23 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 12:23 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 12:23 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 12:23 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 12:23 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 12:22 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 12:22 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 12:22 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 12:22 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 12:22 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 12:22 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 12:22 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 12:22 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 21:41 - 2014-09-13 09:08 - 00000000 ____D () C:\Users\Admin
2015-03-08 21:39 - 2014-10-08 18:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 21:32 - 2014-07-10 09:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 21:29 - 2014-04-29 11:44 - 01284386 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 21:28 - 2014-09-06 12:20 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-08 21:05 - 2009-07-14 05:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 21:05 - 2009-07-14 05:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 20:47 - 2014-06-11 19:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\KeePass
2015-03-08 20:46 - 2014-04-29 21:37 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-03-08 20:46 - 2014-04-29 21:37 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-03-08 20:46 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 20:42 - 2014-06-11 18:23 - 00000000 ___RD () C:\Users\User\Dropbox
2015-03-08 20:42 - 2014-06-11 18:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-03-08 20:41 - 2014-06-11 18:17 - 00000000 ___RD () C:\Users\User\OneDrive
2015-03-08 20:39 - 2014-07-10 09:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 20:39 - 2014-06-06 08:36 - 00043364 _____ () C:\Users\Public\CAFADEBUG.log
2015-03-08 20:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 20:39 - 2009-07-14 05:51 - 00099225 _____ () C:\Windows\setupact.log
2015-03-08 11:17 - 2014-06-11 18:17 - 00002192 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-06 09:53 - 2014-11-12 10:33 - 00000000 ____D () C:\Users\User\AppData\Local\Eclipse
2015-03-06 09:19 - 2014-06-12 09:23 - 00000000 ____D () C:\Users\User\Documents\bloodbowlchaos
2015-03-06 08:22 - 2014-06-11 19:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-01 22:00 - 2014-06-16 23:12 - 00000000 ____D () C:\Users\User\Desktop\Private
2015-03-01 10:09 - 2014-06-11 18:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-27 15:06 - 2014-06-24 15:01 - 00000000 ____D () C:\Users\User\UMLet
2015-02-15 10:22 - 2014-12-14 12:34 - 00000000 ____D () C:\Users\User\Documents\Reisen
2015-02-14 14:34 - 2010-11-21 04:47 - 00155788 _____ () C:\Windows\PFRO.log
2015-02-13 20:11 - 2015-01-28 08:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-13 19:07 - 2014-06-11 18:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 14:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 20:03 - 2014-04-29 12:10 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-11 12:40 - 2009-07-14 05:45 - 00308592 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 12:38 - 2014-12-11 14:32 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 12:38 - 2014-06-11 21:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 12:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 12:36 - 2014-06-11 21:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 12:30 - 2014-06-11 21:37 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-06 16:39 - 2014-06-12 07:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 16:39 - 2014-06-12 07:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-02-15 10:24 - 2015-02-15 10:24 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-06 06:37 - 2014-06-06 06:37 - 0003072 _____ () C:\Users\User\AppData\Local\file__0.localstorage

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4atagz.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
Die anderen Log-Dateien haben meinen Post leider zu groß gemacht, deshalb werde ich sie erstmal in einer zip-Datei anhängen. Falls ich die Logs nochmal extra posten soll, mache ich das natürlich gerne.

Nochmal vielen Dank im voraus und beste Grüße,
ArmeSocke

schrauber 09.03.2015 02:33
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

ArmeSocke 09.03.2015 07:47
Ok. Danke für die schnelle Antwort.

Defogger und FRST hatte ich ja schon gepostet.
Jetzt noch die fehlenden.

Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by User at 2015-03-08 21:47:18
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.3042.60281 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.3042.60281 - Alcor Micro Corp.) Hidden
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Blood Bowl: Chaos Edition (HKLM-x32\...\Steam App 216890) (Version:  - Cyanide Studios)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.145 - Atheros Communications)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.28.50 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-3577023336-649988219-1192559642-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.9 - Lenovo)
Energy Management (x32 Version: 7.0.3.9 - Lenovo) Hidden
Gephi 0.8.2 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version:  - Gephi)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gpg4win (2.2.3) (HKLM-x32\...\GPG4Win) (Version: 2.2.3 - The Gpg4win Project)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)
Java SE Development Kit 7 Update 76 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170760}) (Version: 1.7.0.760 - Oracle)
Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Java(TM) SE Development Kit 6 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160450}) (Version: 1.6.0.450 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.7 - Lenovo)
Lenovo CAPOSD (x32 Version: 1.0.0.7 - Lenovo) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.1214.1 - Lenovo EasyCamera)
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.0.29 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3577023336-649988219-1192559642-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Nsd (HKLM-x32\...\{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}) (Version: 1.0.1.5 - Lenovo)
NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1083 - RStudio)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.33.0 - Synaptics Incorporated)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino USB Driver (01/04/2013 1.0.0.0) (HKLM\...\1E3EA5624DD04BEFECF3FFF6D3A21CCE9CD70A91) (Version: 01/04/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
Windows Driver Package - Lenovo Corporation (LAD) System  (01/13/2012 1.0.0.2) (HKLM\...\5E61CDC4058A17FE9BE3046B1846F3118CD618B1) (Version: 01/13/2012 1.0.0.2 - Lenovo Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3577023336-649988219-1192559642-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>

==================== Loaded Modules (whitelisted) ==============

2013-12-26 18:42 - 2013-12-26 18:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2008-12-20 02:20 - 2014-04-29 12:19 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-28 13:34 - 2014-04-29 12:19 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 15:31 - 2014-04-29 12:19 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2008-12-20 02:20 - 2014-04-29 12:19 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-04-29 12:10 - 2011-12-08 10:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
2014-04-29 12:02 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\Conexant\ForteConfig\fmapp.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3577023336-649988219-1192559642-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

==================== Accounts: =============================

Admin (S-1-5-21-3577023336-649988219-1192559642-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3577023336-649988219-1192559642-500 - Administrator - Disabled)
Gast (S-1-5-21-3577023336-649988219-1192559642-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3577023336-649988219-1192559642-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-3577023336-649988219-1192559642-1000 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-3577023336-649988219-1192559642-1001 - Limited - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2015 08:41:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).


System errors:
=============
Error: (03/08/2015 08:40:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (03/08/2015 08:39:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (03/08/2015 03:25:32 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (03/08/2015 03:25:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (03/08/2015 11:15:55 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (03/08/2015 11:15:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (03/08/2015 00:44:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.

Error: (03/07/2015 07:41:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (03/07/2015 07:41:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (03/07/2015 11:15:19 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5


Microsoft Office Sessions:
=========================
Error: (03/08/2015 08:41:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---Get Poicy Open key suc failed with 0, The Code is:0x422.

Error: (03/08/2015 08:40:02 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: NSDSvc---query POLICYVT key success failed with 0, The Code is:0x424.


CodeIntegrity Errors:
===================================
  Date: 2015-02-14 14:39:21.971
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-14 14:39:21.961
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 18:49:42.513
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 18:49:42.461
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 14:35:54.502
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 14:35:54.502
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 14:35:36.001
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 14:35:36.001
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-12 20:03:17.496
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-12 20:03:17.493
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 32%
Total physical RAM: 8052.9 MB
Available physical RAM: 5411.83 MB
Total Pagefile: 16103.99 MB
Available Pagefile: 13296.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:300.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.56 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
GMER.log (1/2)
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-08 22:00:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwtiquog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                                      0000000076b0a400 7 bytes JMP 000000016fff0260
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                                    0000000076b13f20 5 bytes JMP 000000016fff01b8
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                                      0000000076b2ffb0 5 bytes JMP 000000016fff01f0
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                0000000076b3f2e0 5 bytes JMP 000000016fff0148
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                              0000000076b69a30 7 bytes JMP 000000016fff00d8
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                              0000000076b794c0 5 bytes JMP 000000016fff0180
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                                              0000000076b79630 5 bytes JMP 000000016fff0110
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                      0000000076b987e0 7 bytes JMP 000000016fff0228
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                        000007fefcb62db0 5 bytes JMP 000007fffcb50180
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                  000007fefcb637d0 7 bytes JMP 000007fffcb500d8
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                    000007fefcb68ef0 6 bytes JMP 000007fffcb50148
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                000007fefcb7af60 5 bytes JMP 000007fffcb50110
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                  000007fefd9f89f0 8 bytes JMP 000007fffcb501f0
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                000007fefd9fbe50 8 bytes JMP 000007fffcb501b8
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                                                                                                    0000000076c26c80 5 bytes JMP 000000016fff0308
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                                                                                    0000000076c2a5b4 5 bytes JMP 000000016fff02d0
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\USER32.dll!CreateWindowExW                                                                                                        0000000076c30810 7 bytes JMP 000000016fff0340
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                                                            0000000076c3ccec 9 bytes JMP 000000016fff0298
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                        000007fefec97490 11 bytes JMP 000007fffcb50228
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                      000007fefecabf00 7 bytes JMP 000007fffcb50260
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                                                                        000007fef85cdc88 5 bytes JMP 000007fff85a00d8
.text  C:\Windows\system32\Dwm.exe[2500] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                                                                      000007fef85cde10 5 bytes JMP 000007fff85a0110
.text  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                    0000000076f1faa8 5 bytes JMP 0000000171d82e30
.text  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                              0000000076f20038 5 bytes JMP 0000000171d82df0
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                0000000074a61401 2 bytes JMP 7493b21b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                  0000000074a61419 2 bytes JMP 7493b346 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                0000000074a61431 2 bytes JMP 749b8ea9 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                0000000074a6144a 2 bytes CALL 749148ad C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                                                                    * 9
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                  0000000074a614dd 2 bytes JMP 749b87a2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                            0000000074a614f5 2 bytes JMP 749b8978 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                  0000000074a6150d 2 bytes JMP 749b8698 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                            0000000074a61525 2 bytes JMP 749b8a62 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                  0000000074a6153d 2 bytes JMP 7492fca8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                      0000000074a61555 2 bytes JMP 749368ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                0000000074a6156d 2 bytes JMP 749b8f61 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                  0000000074a61585 2 bytes JMP 749b8ac2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                    0000000074a6159d 2 bytes JMP 749b865c C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                  0000000074a615b5 2 bytes JMP 7492fd41 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                0000000074a615cd 2 bytes JMP 7493b2dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                            0000000074a616b2 2 bytes JMP 749b8e24 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                            0000000074a616bd 2 bytes JMP 749b85f1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                      0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                              0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                              0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                      0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                    0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                        0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                            0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                          0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                          0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                        0000000076d227d2 8 bytes {JMP 0x10}
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                        0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                        0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                            0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                            0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                          0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                          0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                              0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                        0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                      0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                      0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 3
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                          0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                          0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                    0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                    0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                        0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                        0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                    0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                    0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                    0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                      0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                    0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                              0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                        0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                          0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                          0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                              0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                              0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                    0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                  0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                            0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                      0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                            0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                  0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                      0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                    0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                        0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                        0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                      0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                    00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                    000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                              00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                              00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                        0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                              0000000074a61401 2 bytes JMP 7493b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                0000000074a61419 2 bytes JMP 7493b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                              0000000074a61431 2 bytes JMP 749b8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                              0000000074a6144a 2 bytes CALL 749148ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                    * 9
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                  0000000074a614dd 2 bytes JMP 749b87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                          0000000074a614f5 2 bytes JMP 749b8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                  0000000074a6150d 2 bytes JMP 749b8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                          0000000074a61525 2 bytes JMP 749b8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                0000000074a6153d 2 bytes JMP 7492fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                      0000000074a61555 2 bytes JMP 749368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                              0000000074a6156d 2 bytes JMP 749b8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                0000000074a61585 2 bytes JMP 749b8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                    0000000074a6159d 2 bytes JMP 749b865c C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                0000000074a615b5 2 bytes JMP 7492fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                              0000000074a615cd 2 bytes JMP 7493b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                          0000000074a616b2 2 bytes JMP 749b8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                          0000000074a616bd 2 bytes JMP 749b85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                                0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                      0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                      0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                              0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                              0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                    0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                  0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                  0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                0000000076d227d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                  0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                        0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                        0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                    0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                    0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                    0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                    0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                        0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 3
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                    0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                    0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                              0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                              0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                              0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                              0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                            0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                            0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                        0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                  0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                                    0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                    0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                      0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                      0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                        0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                            0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                            0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                      0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                              0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                      0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                          0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                        0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                              0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                            0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                              0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                              0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                            00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                            000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                          00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                      00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                      00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                              0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                      0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                      0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                              0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                            0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                    0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                  0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                  0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                0000000076d227d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                        0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                        0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                    0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                    0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                  0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                  0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                      0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                              0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                              0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                  0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                  0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                            0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                            0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                            0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                            0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                            0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                              0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                            0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                      0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                  0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                  0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                      0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                      0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                        0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                            0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                          0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                    0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                              0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                    0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                          0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                        0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                              0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                              0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                            00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                            000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                        00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                      00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                      00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                        0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                              0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                      0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                    0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  0000000076d227d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79  0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184  0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375          0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                      0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                    0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                    0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197        0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                    0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                    0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                              0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                              0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                  0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                  0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                              0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                              0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256              0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501              0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                        0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                  0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

ArmeSocke 09.03.2015 07:48
GMER.log (2/2)
Code:
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                    0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                    0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                        0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                        0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45          0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4              0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92            0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                      0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                      0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                          00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                    0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                          0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                          0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                  0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                  0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                    0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                        0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                      0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                      0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                    0000000076d227d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                      0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                    0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                            0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                            0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                        0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                        0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                        0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                        0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                            0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                    0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                    0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                    0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                        0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                        0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                  0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                  0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                    0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                    0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                  0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                  0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                    0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                            0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                      0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                        0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                        0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                          0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                          0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                            0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                          0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                  0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                          0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                              0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                            0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                  0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                    0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                    0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                  0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                              00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                          00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                          00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                    0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                    0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                          0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                          0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                  0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                  0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                    0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                        0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                      0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                      0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                    0000000076d227d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                      0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                    0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                            0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                            0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                        0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                        0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                        0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                        0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                            0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                    0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                    0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                    0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                        0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                        0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                  0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                  0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                    0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                    0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                  0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                  0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                    0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                            0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                      0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                        0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                        0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                          0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                          0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                            0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                          0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                  0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                          0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                              0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                            0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                  0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                    0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                    0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                  0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                              00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                          00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                          00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                    0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                                              0000000076d21398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                    0000000076d2143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                    0000000076d21594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                            0000000076d2191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                            0000000076d21bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                              0000000076d21d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                  0000000076d21edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                0000000076d21fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                0000000076d227b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                              0000000076d227d2 8 bytes {JMP 0x10}
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                0000000076d2282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                              0000000076d22898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                      0000000076d22d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                      0000000076d22d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                  0000000076d2323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                  0000000076d233c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                  0000000076d23a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                  0000000076d23ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                      0000000076d23b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                              0000000076d24190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                              0000000076d24241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                              0000000076d242b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 3
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                  0000000076d243f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                  0000000076d24434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                                            0000000076d245d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                                            0000000076d246d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                              0000000076d24a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                              0000000076d24b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                            0000000076d24c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                            0000000076d24d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                    * 2
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                          0000000076d24ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                              0000000076d24ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                          0000000076d250f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                      0000000076d252f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                0000000076d253f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                                                  0000000076d255e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                  0000000076d264d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                    0000000076d2668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                    0000000076d2687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                      0000000076d268bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                          0000000076d268d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                          0000000076d2692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                    0000000076d27166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                                            0000000076d27dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                                    0000000076d27e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                        0000000076d71380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                      0000000076d71500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                            0000000076d71530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                          0000000076d71650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                              0000000076d71700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                              0000000076d71d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                            0000000076d71f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                            0000000076d727e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                          00000000736913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                          000000007369146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                        00000000736916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                    00000000736919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                    00000000736919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\User\Desktop\Gmer-19357.exe[7700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                              0000000073691a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d57a390f2                                                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d57a390f2@2c54cf731a05                                                                                                0xFF 0xB9 0x24 0x88 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d57a390f2 (not active ControlSet)                                                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d57a390f2@2c54cf731a05                                                                                                    0xFF 0xB9 0x24 0x88 ...

---- EOF - GMER 2.1 ----

schrauber 09.03.2015 16:16
unsere Tools brauchen immer Adminrechte!



Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

ArmeSocke 09.03.2015 18:34
Hi Schrauber,

hab die Scans gemacht. Laut Scan der TDSSKiller hat eine Bedrohung (UnsignedFile.Multi.Generic) gefunden.

MalwareBytes:
Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.09.04
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Admin :: MS-STUDY-LAPTOP [administrator]

09.03.2015 16:34:33
mbar-log-2015-03-09 (16-34-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 433463
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
TDSSKiller:
Code:
16:45:17.0129 0x0408  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
16:45:21.0156 0x0408  ============================================================
16:45:21.0156 0x0408  Current date / time: 2015/03/09 16:45:21.0156
16:45:21.0156 0x0408  SystemInfo:
16:45:21.0156 0x0408 
16:45:21.0156 0x0408  OS Version: 6.1.7601 ServicePack: 1.0
16:45:21.0156 0x0408  Product type: Workstation
16:45:21.0156 0x0408  ComputerName: MS-STUDY-LAPTOP
16:45:21.0156 0x0408  UserName: Admin
16:45:21.0156 0x0408  Windows directory: C:\Windows
16:45:21.0156 0x0408  System windows directory: C:\Windows
16:45:21.0156 0x0408  Running under WOW64
16:45:21.0156 0x0408  Processor architecture: Intel x64
16:45:21.0156 0x0408  Number of processors: 4
16:45:21.0156 0x0408  Page size: 0x1000
16:45:21.0156 0x0408  Boot type: Normal boot
16:45:21.0156 0x0408  ============================================================
16:45:21.0312 0x0408  KLMD registered as C:\Windows\system32\drivers\89277919.sys
16:45:21.0717 0x0408  System UUID: {D97AB4EC-DD3B-F190-56DB-10B078B703F6}
16:45:22.0653 0x0408  Drive \Device\Harddisk0\DR0 - Size: 0x200000000 ( 8.00 Gb ), SectorSize: 0x200, Cylinders: 0x414, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:45:22.0653 0x0408  Drive \Device\Harddisk1\DR1 - Size: 0x74709D0E00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:45:22.0669 0x0408  ============================================================
16:45:22.0669 0x0408  \Device\Harddisk0\DR0:
16:45:22.0669 0x0408  MBR partitions:
16:45:22.0669 0x0408  \Device\Harddisk1\DR1:
16:45:22.0669 0x0408  MBR partitions:
16:45:22.0669 0x0408  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
16:45:22.0669 0x0408  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34921000
16:45:22.0669 0x0408  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x34985800, BlocksNum 0x32F0000
16:45:22.0669 0x0408  ============================================================
16:45:22.0669 0x0408  C: <-> \Device\Harddisk1\DR1\Partition2
16:45:22.0669 0x0408  D: <-> \Device\Harddisk1\DR1\Partition3
16:45:22.0669 0x0408  ============================================================
16:45:22.0669 0x0408  Initialize success
16:45:22.0669 0x0408  ============================================================
16:46:15.0985 0x0b94  ============================================================
16:46:15.0985 0x0b94  Scan started
16:46:15.0985 0x0b94  Mode: Manual; SigCheck; TDLFS;
16:46:15.0985 0x0b94  ============================================================
16:46:15.0985 0x0b94  KSN ping started
16:46:40.0177 0x0b94  KSN ping finished: true
16:46:40.0657 0x0b94  ================ Scan system memory ========================
16:46:40.0657 0x0b94  System memory - ok
16:46:40.0657 0x0b94  ================ Scan services =============================
16:46:40.0735 0x0b94  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:46:40.0781 0x0b94  1394ohci - ok
16:46:40.0797 0x0b94  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:46:40.0813 0x0b94  ACPI - ok
16:46:40.0828 0x0b94  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
16:46:40.0828 0x0b94  AcpiPmi - ok
16:46:40.0844 0x0b94  [ 5E813B11629007309E4FC0F0FD2B7C30, A8FDC3994D236248B7FAEA572E987C8D5903AF5305E06D624909DE786FA811BA ] ACPIVPC        C:\Windows\system32\DRIVERS\AcpiVpc.sys
16:46:40.0844 0x0b94  ACPIVPC - ok
16:46:40.0859 0x0b94  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:46:40.0859 0x0b94  AdobeARMservice - ok
16:46:40.0906 0x0b94  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:46:40.0922 0x0b94  AdobeFlashPlayerUpdateSvc - ok
16:46:40.0969 0x0b94  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
16:46:41.0015 0x0b94  adp94xx - ok
16:46:41.0078 0x0b94  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci        C:\Windows\system32\drivers\adpahci.sys
16:46:41.0109 0x0b94  adpahci - ok
16:46:41.0125 0x0b94  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
16:46:41.0156 0x0b94  adpu320 - ok
16:46:41.0156 0x0b94  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
16:46:41.0187 0x0b94  AeLookupSvc - ok
16:46:41.0203 0x0b94  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD            C:\Windows\system32\drivers\afd.sys
16:46:41.0234 0x0b94  AFD - ok
16:46:41.0234 0x0b94  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
16:46:41.0249 0x0b94  agp440 - ok
16:46:41.0265 0x0b94  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG            C:\Windows\System32\alg.exe
16:46:41.0282 0x0b94  ALG - ok
16:46:41.0282 0x0b94  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:46:41.0297 0x0b94  aliide - ok
16:46:41.0297 0x0b94  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:46:41.0313 0x0b94  amdide - ok
16:46:41.0328 0x0b94  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
16:46:41.0344 0x0b94  AmdK8 - ok
16:46:41.0344 0x0b94  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:46:41.0360 0x0b94  AmdPPM - ok
16:46:41.0375 0x0b94  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
16:46:41.0391 0x0b94  amdsata - ok
16:46:41.0406 0x0b94  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:46:41.0422 0x0b94  amdsbs - ok
16:46:41.0438 0x0b94  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata        C:\Windows\system32\drivers\amdxata.sys
16:46:41.0453 0x0b94  amdxata - ok
16:46:41.0453 0x0b94  [ C5D5B9BAF5A940953FE8393BF937AD60, 089985EB94755EBDC0D839173F2E7B29B104746DEF6CC503039E31D2791E2FDC ] AmUStor        C:\Windows\system32\drivers\AmUStor.SYS
16:46:41.0469 0x0b94  AmUStor - ok
16:46:41.0484 0x0b94  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID          C:\Windows\system32\drivers\appid.sys
16:46:41.0516 0x0b94  AppID - ok
16:46:41.0531 0x0b94  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:46:41.0562 0x0b94  AppIDSvc - ok
16:46:41.0562 0x0b94  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo        C:\Windows\System32\appinfo.dll
16:46:41.0578 0x0b94  Appinfo - ok
16:46:41.0594 0x0b94  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc            C:\Windows\system32\drivers\arc.sys
16:46:41.0609 0x0b94  arc - ok
16:46:41.0625 0x0b94  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:46:41.0640 0x0b94  arcsas - ok
16:46:41.0656 0x0b94  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:46:41.0672 0x0b94  aspnet_state - ok
16:46:41.0687 0x0b94  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:41.0718 0x0b94  AsyncMac - ok
16:46:41.0718 0x0b94  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi          C:\Windows\system32\drivers\atapi.sys
16:46:41.0734 0x0b94  atapi - ok
16:46:41.0734 0x0b94  [ EF3B9AD9D03047EBA1369732B2F55AFE, 19D5CE66C492666EB2C94E6ED2347F923B1815196955F1BC4B9E397625FE1FFD ] AthBTPort      C:\Windows\system32\DRIVERS\btath_flt.sys
16:46:41.0750 0x0b94  AthBTPort - ok
16:46:41.0765 0x0b94  [ 8BE63D6CE5C6994888C231CB5F8464FF, E87EB73D4E0D578FC87BC656EEDC1ABD9BCB22248DA6F42CD9AEA14F04DFDAA7 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
16:46:41.0765 0x0b94  AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
16:46:46.0133 0x0b94  Detect skipped due to KSN trusted
16:46:46.0133 0x0b94  AtherosSvc - ok
16:46:46.0196 0x0b94  [ 3660381F5EA18E14A06C98591B533AD6, F94E7D73989480CF37EDE0710A0111E9A5E51A527EAE6B8D4C84810958107EBE ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:46:46.0352 0x0b94  athr - ok
16:46:46.0367 0x0b94  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:46:46.0430 0x0b94  AudioEndpointBuilder - ok
16:46:46.0445 0x0b94  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:46:46.0476 0x0b94  AudioSrv - ok
16:46:46.0492 0x0b94  [ AB1AF0BA03DCB6A879BC22F472EACEEA, A75B73D0B1FE885F6DC2C7A0B755A6E12F9DC54CE702A1FFC3F283196793627A ] AVP15.0.1      C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
16:46:46.0523 0x0b94  AVP15.0.1 - ok
16:46:46.0539 0x0b94  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:46:46.0554 0x0b94  AxInstSV - ok
16:46:46.0586 0x0b94  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
16:46:46.0617 0x0b94  b06bdrv - ok
16:46:46.0632 0x0b94  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:46:46.0664 0x0b94  b57nd60a - ok
16:46:46.0679 0x0b94  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:46:46.0695 0x0b94  BDESVC - ok
16:46:46.0695 0x0b94  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:46:46.0742 0x0b94  Beep - ok
16:46:46.0757 0x0b94  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE            C:\Windows\System32\bfe.dll
16:46:46.0820 0x0b94  BFE - ok
16:46:46.0851 0x0b94  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
16:46:46.0929 0x0b94  BITS - ok
16:46:46.0929 0x0b94  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:46:46.0944 0x0b94  blbdrive - ok
16:46:46.0960 0x0b94  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:46:46.0976 0x0b94  bowser - ok
16:46:46.0991 0x0b94  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:46:47.0007 0x0b94  BrFiltLo - ok
16:46:47.0007 0x0b94  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:46:47.0038 0x0b94  BrFiltUp - ok
16:46:47.0038 0x0b94  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser        C:\Windows\System32\browser.dll
16:46:47.0069 0x0b94  Browser - ok
16:46:47.0085 0x0b94  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
16:46:47.0116 0x0b94  Brserid - ok
16:46:47.0116 0x0b94  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:46:47.0132 0x0b94  BrSerWdm - ok
16:46:47.0147 0x0b94  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:46:47.0163 0x0b94  BrUsbMdm - ok
16:46:47.0163 0x0b94  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:46:47.0194 0x0b94  BrUsbSer - ok
16:46:47.0194 0x0b94  [ 72EA2FCD6456BFC6936EDA474EA08E48, 1026D73B9420B77E971F55E9959F239D688830AF4BB42BDBF3200D8D3AB5A6EA ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
16:46:47.0225 0x0b94  BTATH_A2DP - ok
16:46:47.0241 0x0b94  [ FFA0D38141FB7B93AFF465B82596D1EC, E893D7F6B24A9E2D4D427AB7CE1393DA281AA3A95F92F70B98BAD8F10C816110 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
16:46:47.0256 0x0b94  btath_avdt - ok
16:46:47.0256 0x0b94  [ A65A9B2C3A9985D8122B2B6D3D2F4C1B, 8C3E95D2153040C8AF5434301CAC3ECE2600C829EE83ABBE136797A17EE04216 ] BTATH_BUS      C:\Windows\system32\DRIVERS\btath_bus.sys
16:46:47.0288 0x0b94  BTATH_BUS - ok
16:46:47.0288 0x0b94  [ E95F7E9F4C8A88610F4142E60CF196BE, EE2ECCDE1C6EE1E365D4DD966F6F4BA9646A21E8BE594884B39BCA87A25DB3B6 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
16:46:47.0319 0x0b94  BTATH_HCRP - ok
16:46:47.0319 0x0b94  [ 1A5C05524C0C503C87F930F154B7145D, 8A71E9E2524E63E9871734A0625A680A1A7C04A775F5F8B2A4AEEAE9379EE174 ] BTATH_LWFLT    C:\Windows\system32\DRIVERS\btath_lwflt.sys
16:46:47.0350 0x0b94  BTATH_LWFLT - ok
16:46:47.0366 0x0b94  [ C2FD5B24F648DAC8143C51514307B0EC, D3A7BC3C96385685A725A21C2EBCC0B7387EAC6FC43B94C12B01CC582F020451 ] BTATH_RCP      C:\Windows\system32\DRIVERS\btath_rcp.sys
16:46:47.0397 0x0b94  BTATH_RCP - ok
16:46:47.0412 0x0b94  [ 01155B6604D05F844D0655C69587FC2B, 8BFB345DCB1A5FD8600F20C1C0B6C0A562EBF68B31F187E5226BD5B21B8C17F1 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
16:46:47.0459 0x0b94  BtFilter - ok
16:46:47.0459 0x0b94  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
16:46:47.0475 0x0b94  BthEnum - ok
16:46:47.0490 0x0b94  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:46:47.0506 0x0b94  BTHMODEM - ok
16:46:47.0522 0x0b94  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:46:47.0537 0x0b94  BthPan - ok
16:46:47.0553 0x0b94  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
16:46:47.0600 0x0b94  BTHPORT - ok
16:46:47.0600 0x0b94  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv        C:\Windows\system32\bthserv.dll
16:46:47.0646 0x0b94  bthserv - ok
16:46:47.0646 0x0b94  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
16:46:47.0662 0x0b94  BTHUSB - ok
16:46:47.0678 0x0b94  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:46:47.0709 0x0b94  cdfs - ok
16:46:47.0724 0x0b94  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
16:46:47.0740 0x0b94  cdrom - ok
16:46:47.0756 0x0b94  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc    C:\Windows\System32\certprop.dll
16:46:47.0787 0x0b94  CertPropSvc - ok
16:46:47.0787 0x0b94  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:46:47.0818 0x0b94  circlass - ok
16:46:47.0834 0x0b94  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
16:46:47.0865 0x0b94  CLFS - ok
16:46:47.0880 0x0b94  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:46:47.0943 0x0b94  clr_optimization_v2.0.50727_32 - ok
16:46:47.0974 0x0b94  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:46:47.0990 0x0b94  clr_optimization_v2.0.50727_64 - ok
16:46:48.0005 0x0b94  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:46:48.0036 0x0b94  clr_optimization_v4.0.30319_32 - ok
16:46:48.0036 0x0b94  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:46:48.0068 0x0b94  clr_optimization_v4.0.30319_64 - ok
16:46:48.0068 0x0b94  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd          C:\Windows\system32\DRIVERS\clwvd.sys
16:46:48.0083 0x0b94  clwvd - ok
16:46:48.0099 0x0b94  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:48.0130 0x0b94  CmBatt - ok
16:46:48.0130 0x0b94  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:46:48.0146 0x0b94  cmdide - ok
16:46:48.0161 0x0b94  [ AFA1BFF926592FD0C3AB97D838652EF9, C38BC4BBD4EDF779993B2FECF96C1FD55B085F3FBEB3E1AE3C892DFD369D611D ] cm_km_w        C:\Windows\system32\DRIVERS\cm_km_w.sys
16:46:48.0192 0x0b94  cm_km_w - ok
16:46:48.0208 0x0b94  [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG            C:\Windows\system32\Drivers\cng.sys
16:46:48.0255 0x0b94  CNG - ok
16:46:48.0302 0x0b94  [ BFF966AD3941BAF23F9563EDD0D7575D, 230C0A00D4690BE065EC7877277E61684814F8C32C990F83F123FDE8184F119B ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
16:46:48.0395 0x0b94  CnxtHdAudService - ok
16:46:48.0411 0x0b94  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:46:48.0426 0x0b94  Compbatt - ok
16:46:48.0426 0x0b94  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:46:48.0458 0x0b94  CompositeBus - ok
16:46:48.0458 0x0b94  COMSysApp - ok
16:46:48.0520 0x0b94  [ D8724B606616B2B75AF54096119580F5, 53E1DEF9F966FDE5898759A33FB62B5062A941E97B235D6F6EF79A5AD1283BDE ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:46:48.0645 0x0b94  cphs - ok
16:46:48.0660 0x0b94  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
16:46:48.0676 0x0b94  crcdisk - ok
16:46:48.0692 0x0b94  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:46:48.0723 0x0b94  CryptSvc - ok
16:46:48.0738 0x0b94  [ F160B26B26BA4AFE8CECC12ED5AC231E, 8DA8921A40B67ACFC7E47A54870181CDA1866901A3E8B3A2393D7C006C6B3A42 ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
16:46:48.0754 0x0b94  CxAudMsg - ok
16:46:48.0770 0x0b94  [ 7AF9DAC504FBD047CBC3E64AE52C92BF, CA8F9564733DED4C3895CF7150BB254995D66889E6BE08D6654E4F897E4FF7A4 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
16:46:48.0801 0x0b94  dc3d - ok
16:46:48.0816 0x0b94  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:46:48.0863 0x0b94  DcomLaunch - ok
16:46:48.0910 0x0b94  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc      C:\Windows\System32\defragsvc.dll
16:46:48.0972 0x0b94  defragsvc - ok
16:46:48.0972 0x0b94  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:46:49.0019 0x0b94  DfsC - ok
16:46:49.0035 0x0b94  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:46:49.0066 0x0b94  Dhcp - ok
16:46:49.0082 0x0b94  [ B54792D15F331EE083777E83EFE92573, BE3728CA2901487F093F08109CBBC7D83A5416B9D7FA69C1A3EE0C2B401A228F ] DirMngr        C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
16:46:49.0206 0x0b94  DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
16:46:53.0543 0x0b94  Detect skipped due to KSN trusted
16:46:53.0543 0x0b94  DirMngr - ok
16:46:53.0543 0x0b94  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
16:46:53.0590 0x0b94  discache - ok
16:46:53.0590 0x0b94  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
16:46:53.0606 0x0b94  Disk - ok
16:46:53.0621 0x0b94  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:46:53.0637 0x0b94  Dnscache - ok
16:46:53.0699 0x0b94  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc        C:\Windows\System32\dot3svc.dll
16:46:53.0730 0x0b94  dot3svc - ok
16:46:53.0746 0x0b94  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS            C:\Windows\system32\dps.dll
16:46:53.0777 0x0b94  DPS - ok
16:46:53.0793 0x0b94  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
16:46:53.0808 0x0b94  drmkaud - ok
16:46:53.0824 0x0b94  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
16:46:53.0886 0x0b94  DXGKrnl - ok
16:46:53.0886 0x0b94  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost        C:\Windows\System32\eapsvc.dll
16:46:53.0933 0x0b94  EapHost - ok
16:46:54.0011 0x0b94  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv          C:\Windows\system32\drivers\evbda.sys
16:46:54.0167 0x0b94  ebdrv - ok
16:46:54.0183 0x0b94  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS            C:\Windows\System32\lsass.exe
16:46:54.0198 0x0b94  EFS - ok
16:46:54.0276 0x0b94  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
16:46:54.0354 0x0b94  ehRecvr - ok
16:46:54.0370 0x0b94  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched        C:\Windows\ehome\ehsched.exe
16:46:54.0386 0x0b94  ehSched - ok
16:46:54.0401 0x0b94  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
16:46:54.0432 0x0b94  elxstor - ok
16:46:54.0432 0x0b94  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:46:54.0464 0x0b94  ErrDev - ok
16:46:54.0479 0x0b94  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem    C:\Windows\system32\es.dll
16:46:54.0528 0x0b94  EventSystem - ok
16:46:54.0544 0x0b94  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat          C:\Windows\system32\drivers\exfat.sys
16:46:54.0590 0x0b94  exfat - ok
16:46:54.0590 0x0b94  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
16:46:54.0653 0x0b94  fastfat - ok
16:46:54.0684 0x0b94  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax            C:\Windows\system32\fxssvc.exe
16:46:54.0731 0x0b94  Fax - ok
16:46:54.0746 0x0b94  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc            C:\Windows\system32\drivers\fdc.sys
16:46:54.0762 0x0b94  fdc - ok
16:46:54.0762 0x0b94  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost        C:\Windows\system32\fdPHost.dll
16:46:54.0793 0x0b94  fdPHost - ok
16:46:54.0809 0x0b94  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:46:54.0840 0x0b94  FDResPub - ok
16:46:54.0840 0x0b94  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:46:54.0856 0x0b94  FileInfo - ok
16:46:54.0871 0x0b94  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
16:46:54.0902 0x0b94  Filetrace - ok
16:46:54.0918 0x0b94  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:46:54.0934 0x0b94  flpydisk - ok
16:46:54.0934 0x0b94  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:46:54.0965 0x0b94  FltMgr - ok
16:46:54.0996 0x0b94  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache      C:\Windows\system32\FntCache.dll
16:46:55.0090 0x0b94  FontCache - ok
16:46:55.0105 0x0b94  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:46:55.0121 0x0b94  FontCache3.0.0.0 - ok
16:46:55.0136 0x0b94  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
16:46:55.0152 0x0b94  FsDepends - ok
16:46:55.0152 0x0b94  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:46:55.0168 0x0b94  Fs_Rec - ok
16:46:55.0183 0x0b94  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:46:55.0199 0x0b94  fvevol - ok
16:46:55.0214 0x0b94  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:46:55.0230 0x0b94  gagp30kx - ok
16:46:55.0230 0x0b94  [ A1F556318931B9EA276F4E2DA2C1791C, 1E5564A9B213689C56BFBBEC1A7BBFAD78DF1FB55422171C0680935338C5DE57 ] ggflt          C:\Windows\system32\DRIVERS\ggflt.sys
16:46:55.0246 0x0b94  ggflt - ok
16:46:55.0246 0x0b94  [ 7F56A3E09A6AD40B07E4EFAD34A40A18, E0EC4293035162E9EFA89A45FFF26B5BC829F7BB7F4D2D5A2CAA5E88AC6DC0C9 ] ggsomc          C:\Windows\system32\DRIVERS\ggsomc.sys
16:46:55.0261 0x0b94  ggsomc - ok
16:46:55.0277 0x0b94  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc          C:\Windows\System32\gpsvc.dll
16:46:55.0355 0x0b94  gpsvc - ok
16:46:55.0355 0x0b94  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:46:55.0417 0x0b94  gupdate - ok
16:46:55.0417 0x0b94  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:46:55.0433 0x0b94  gupdatem - ok
16:46:55.0433 0x0b94  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:46:55.0448 0x0b94  hcw85cir - ok
16:46:55.0464 0x0b94  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:46:55.0495 0x0b94  HdAudAddService - ok
16:46:55.0495 0x0b94  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:46:55.0526 0x0b94  HDAudBus - ok
16:46:55.0526 0x0b94  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
16:46:55.0542 0x0b94  HidBatt - ok
16:46:55.0558 0x0b94  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:46:55.0573 0x0b94  HidBth - ok
16:46:55.0573 0x0b94  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr          C:\Windows\system32\drivers\hidir.sys
16:46:55.0604 0x0b94  HidIr - ok
16:46:55.0604 0x0b94  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv        C:\Windows\system32\hidserv.dll
16:46:55.0651 0x0b94  hidserv - ok
16:46:55.0651 0x0b94  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:46:55.0667 0x0b94  HidUsb - ok
16:46:55.0682 0x0b94  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:46:55.0714 0x0b94  hkmsvc - ok
16:46:55.0714 0x0b94  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:46:55.0745 0x0b94  HomeGroupListener - ok
16:46:55.0760 0x0b94  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:46:55.0776 0x0b94  HomeGroupProvider - ok
16:46:55.0792 0x0b94  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:46:55.0807 0x0b94  HpSAMD - ok
16:46:55.0823 0x0b94  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:46:55.0885 0x0b94  HTTP - ok
16:46:55.0901 0x0b94  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:46:55.0916 0x0b94  hwpolicy - ok
16:46:55.0916 0x0b94  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:46:55.0932 0x0b94  i8042prt - ok
16:46:55.0963 0x0b94  [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor          C:\Windows\system32\drivers\iaStor.sys
16:46:55.0994 0x0b94  iaStor - ok
16:46:55.0994 0x0b94  [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:46:56.0010 0x0b94  IAStorDataMgrSvc - ok
16:46:56.0026 0x0b94  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
16:46:56.0057 0x0b94  iaStorV - ok
16:46:56.0104 0x0b94  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:46:56.0166 0x0b94  idsvc - ok
16:46:56.0166 0x0b94  IEEtwCollectorService - ok
16:46:56.0260 0x0b94  [ 076023219E918D34585B231029A44571, C2AB0DE0D80D0BC6595C9F9655A890531E7952599714DC03B4ECB46947D833A8 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:46:56.0478 0x0b94  igfx - ok
16:46:56.0494 0x0b94  [ C814D4A0B7B91E936B2DC0828C69ACAB, A19B503CB3C598474C61DA6F1AC087CCF287F7523D2F932B21EF21E7CA1809B1 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
16:46:56.0525 0x0b94  igfxCUIService1.0.0.0 - ok
16:46:56.0525 0x0b94  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
16:46:56.0540 0x0b94  iirsp - ok
16:46:56.0572 0x0b94  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
16:46:56.0618 0x0b94  IKEEXT - ok
16:46:56.0634 0x0b94  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
16:46:56.0681 0x0b94  IntcDAud - ok
16:46:56.0712 0x0b94  [ 0043EC20C06FD9FE339B5D37474B731E, E84A078BDBEC7EA29257D758030271B62F3ED2C954DC1EEECC5B24B39EDB2A59 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:46:56.0743 0x0b94  Intel(R) Capability Licensing Service Interface - ok
16:46:56.0743 0x0b94  [ 50CA8F1A4B0AEC4EE583594F0A8EB719, D5CCADAA5510DDE82910C4782D2A4FF9419A832D5493BCD2DF5194D239763850 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
16:46:56.0821 0x0b94  Intel(R) ME Service - ok
16:46:56.0821 0x0b94  [ 91467F8BA0C941011FA23C4AF99918C2, 220456D1C56B4E80786FD88F8839CEFA75A5DD54E11F25A1946E2AAF6C88C6A8 ] IntelHaxm      C:\Windows\system32\DRIVERS\IntelHaxm.sys
16:46:56.0852 0x0b94  IntelHaxm - ok
16:46:56.0868 0x0b94  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:46:56.0884 0x0b94  intelide - ok
16:46:56.0884 0x0b94  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:46:56.0899 0x0b94  intelppm - ok
16:46:56.0915 0x0b94  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
16:46:56.0946 0x0b94  IPBusEnum - ok
16:46:56.0946 0x0b94  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:46:56.0993 0x0b94  IpFilterDriver - ok
16:46:57.0008 0x0b94  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:46:57.0040 0x0b94  iphlpsvc - ok
16:46:57.0055 0x0b94  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
16:46:57.0071 0x0b94  IPMIDRV - ok
16:46:57.0086 0x0b94  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
16:46:57.0133 0x0b94  IPNAT - ok
16:46:57.0149 0x0b94  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:46:57.0164 0x0b94  IRENUM - ok
16:46:57.0164 0x0b94  [ 6DC22BDAA595BE00F19696E72F2F3312, B46B50395100D3A23663C56CC395A874130B72E314997AAD6C52F0C5C23364C4 ] irstrtdv        C:\Windows\system32\DRIVERS\irstrtdv.sys
16:46:57.0180 0x0b94  irstrtdv - ok
16:46:57.0196 0x0b94  [ 205FD80EF4B9832F9763B9A187957260, 560410A01B4C2395F7129413C2460F6A0776DF52D08758E3AE68EC41FC79A2D3 ] irstrtsv        C:\Windows\SysWOW64\irstrtsv.exe
16:46:57.0320 0x0b94  irstrtsv - ok
16:46:57.0320 0x0b94  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:46:57.0336 0x0b94  isapnp - ok
16:46:57.0367 0x0b94  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:46:57.0445 0x0b94  iScsiPrt - ok
16:46:57.0445 0x0b94  [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:46:57.0461 0x0b94  iusb3hcs - ok
16:46:57.0476 0x0b94  [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
16:46:57.0508 0x0b94  iusb3hub - ok
16:46:57.0523 0x0b94  [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:46:57.0570 0x0b94  iusb3xhc - ok
16:46:57.0586 0x0b94  [ EF27B3B58E393E9F10FB6A6643BD8185, 8671AB0159CCACA39F6D072EFFDE984BAFE56137965AA0ADEC880D00893B8E8A ] jhi_service    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:46:57.0664 0x0b94  jhi_service - ok
16:46:57.0664 0x0b94  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:46:57.0695 0x0b94  kbdclass - ok
16:46:57.0695 0x0b94  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:46:57.0710 0x0b94  kbdhid - ok
16:46:57.0726 0x0b94  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso          C:\Windows\system32\lsass.exe
16:46:57.0726 0x0b94  KeyIso - ok
16:46:57.0742 0x0b94  [ D93E72DCC2A99E67931BB79485563146, 7EF496A82E69A53465ED7D45E890275E44C979AD5E9C5E482E0DBE5DC9AD9AD3 ] kl1            C:\Windows\system32\DRIVERS\kl1.sys
16:46:57.0773 0x0b94  kl1 - ok
16:46:57.0788 0x0b94  [ CEF0410B784E8CEB0175103CDE52E7FA, 729A45D76D1886E5ECDF23F96925CEBB90A31EFA5A798D69D9C5A684380B6E36 ] kldisk          C:\Windows\system32\DRIVERS\kldisk.sys
16:46:57.0804 0x0b94  kldisk - ok
16:46:57.0820 0x0b94  [ 09F851161CB4B3D92CDE85B3845DCECC, C86EE26F13DB904CD0CB92BEE282188D5E56ECE071F4D6E53F9AAB6D911C5DE0 ] klflt          C:\Windows\system32\DRIVERS\klflt.sys
16:46:57.0835 0x0b94  klflt - ok
16:46:57.0835 0x0b94  [ 7A64190934B66C17F41D3921353BAEDD, D212A6ECB1CBCC665336DF982B5061A72CD88CB5BF6B2EB14B11B8BE756A670E ] klhk            C:\Windows\system32\DRIVERS\klhk.sys
16:46:57.0866 0x0b94  klhk - ok
16:46:57.0882 0x0b94  [ 150DEC2F6A081D2513B7428DC060B557, 7E5996530FD821D1FAF1879F1167CBDE0B562E17388FDC46939ABEFB8869D2CE ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
16:46:57.0929 0x0b94  KLIF - ok
16:46:57.0944 0x0b94  [ FEAD1F401CBE9383A642877A6EA1398F, 0529A96D406DAB1C0715692441BDBC1C05123EB62005B806A8EFF5B0B6DCD5DB ] KLIM6          C:\Windows\system32\DRIVERS\klim6.sys
16:46:57.0960 0x0b94  KLIM6 - ok
16:46:57.0960 0x0b94  [ 3FAE739F2AFEA18BCBB9C5E7DC6E889D, 5990C074BCB8E2172AE0A2AC0A31E6636B3C3EF0A5BB1F593E62D22D53FC5BF0 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
16:46:57.0976 0x0b94  klkbdflt - ok
16:46:57.0976 0x0b94  klkbdflt2 - ok
16:46:57.0976 0x0b94  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
16:46:57.0991 0x0b94  klmouflt - ok
16:46:58.0007 0x0b94  [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
16:46:58.0022 0x0b94  klpd - ok
16:46:58.0022 0x0b94  [ 43957361D346A4263873932D572613F2, 719E61CADF6FB49C24370899329BDE198E55DEB175F5701382EE16311D8576D9 ] kltdi          C:\Windows\system32\DRIVERS\kltdi.sys
16:46:58.0038 0x0b94  kltdi - ok
16:46:58.0038 0x0b94  [ 926BA68DA79545EB6D99BB009B781E5E, EB1DB801044EB4228D38D85A8B6853EFE887B7D4E1EA1F0B8F75DD4886C96467 ] Klwtp          C:\Windows\system32\DRIVERS\klwtp.sys
16:46:58.0054 0x0b94  Klwtp - ok
16:46:58.0069 0x0b94  [ D4CEEAC11C65F49D0F42E74440E829BF, 7E289BB5E400326BADDD61CBB99CB268A3E99103CF16968E1D9141C205EE309C ] kneps          C:\Windows\system32\DRIVERS\kneps.sys
16:46:58.0085 0x0b94  kneps - ok
16:46:58.0100 0x0b94  [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:46:58.0116 0x0b94  KSecDD - ok
16:46:58.0116 0x0b94  [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
16:46:58.0147 0x0b94  KSecPkg - ok
16:46:58.0147 0x0b94  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
16:46:58.0194 0x0b94  ksthunk - ok
16:46:58.0241 0x0b94  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm          C:\Windows\system32\msdtckrm.dll
16:46:58.0288 0x0b94  KtmRm - ok
16:46:58.0288 0x0b94  [ 7C621B3EE93130A96D7D19A02755CF3D, A18745C7C10581A2A6F7D703B6B94D672B58059274A647741F02929FBAA264B5 ] LAD            C:\Windows\system32\DRIVERS\LAD.sys
16:46:58.0319 0x0b94  LAD - ok
16:46:58.0319 0x0b94  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:46:58.0366 0x0b94  LanmanServer - ok
16:46:58.0366 0x0b94  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:46:58.0412 0x0b94  LanmanWorkstation - ok
16:46:58.0412 0x0b94  [ 5F10F9351627D7E63B3E55828096E4F6, 02714A64B0156F102EAEAF6162FA56AD1BAB582F1361166B16274CE2E3E8BEA5 ] LenovoSmartConnectService C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
16:46:58.0475 0x0b94  LenovoSmartConnectService - ok
16:46:58.0475 0x0b94  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
16:46:58.0490 0x0b94  LHDmgr - ok
16:46:58.0490 0x0b94  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:46:58.0522 0x0b94  lltdio - ok
16:46:58.0553 0x0b94  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
16:46:58.0600 0x0b94  lltdsvc - ok
16:46:58.0600 0x0b94  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts        C:\Windows\System32\lmhsvc.dll
16:46:58.0646 0x0b94  lmhosts - ok
16:46:58.0646 0x0b94  [ 2526FECED1625752EF4F8ABB367CAA7E, EB90022051D5A6AE5FC2C7B0AD05AEF15730160FD611F652E5E7AD00C774881A ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:46:58.0787 0x0b94  LMS - ok
16:46:58.0802 0x0b94  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:46:58.0818 0x0b94  LSI_FC - ok
16:46:58.0849 0x0b94  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
16:46:58.0865 0x0b94  LSI_SAS - ok
16:46:58.0896 0x0b94  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:46:58.0912 0x0b94  LSI_SAS2 - ok
16:46:58.0912 0x0b94  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:46:58.0927 0x0b94  LSI_SCSI - ok
16:46:58.0943 0x0b94  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv          C:\Windows\system32\drivers\luafv.sys
16:46:58.0974 0x0b94  luafv - ok
16:46:58.0974 0x0b94  McAWFwk - ok
16:46:58.0990 0x0b94  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
16:46:59.0005 0x0b94  Mcx2Svc - ok
16:46:59.0021 0x0b94  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas        C:\Windows\system32\drivers\megasas.sys
16:46:59.0036 0x0b94  megasas - ok
16:46:59.0052 0x0b94  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:46:59.0083 0x0b94  MegaSR - ok
16:46:59.0083 0x0b94  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
16:46:59.0099 0x0b94  MEIx64 - ok
16:46:59.0099 0x0b94  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS          C:\Windows\system32\mmcss.dll
16:46:59.0146 0x0b94  MMCSS - ok
16:46:59.0146 0x0b94  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem          C:\Windows\system32\drivers\modem.sys
16:46:59.0192 0x0b94  Modem - ok
16:46:59.0192 0x0b94  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
16:46:59.0208 0x0b94  monitor - ok
16:46:59.0224 0x0b94  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:46:59.0239 0x0b94  mouclass - ok
16:46:59.0239 0x0b94  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:46:59.0255 0x0b94  mouhid - ok
16:46:59.0270 0x0b94  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:46:59.0286 0x0b94  mountmgr - ok
16:46:59.0302 0x0b94  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:46:59.0364 0x0b94  MozillaMaintenance - ok
16:46:59.0380 0x0b94  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:46:59.0411 0x0b94  mpio - ok
16:46:59.0411 0x0b94  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:46:59.0442 0x0b94  mpsdrv - ok
16:46:59.0473 0x0b94  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:46:59.0536 0x0b94  MpsSvc - ok
16:46:59.0567 0x0b94  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:46:59.0598 0x0b94  MRxDAV - ok
16:46:59.0598 0x0b94  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:46:59.0629 0x0b94  mrxsmb - ok
16:46:59.0645 0x0b94  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:46:59.0676 0x0b94  mrxsmb10 - ok
16:46:59.0676 0x0b94  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:46:59.0707 0x0b94  mrxsmb20 - ok
16:46:59.0723 0x0b94  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:46:59.0738 0x0b94  msahci - ok
16:46:59.0754 0x0b94  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
16:46:59.0785 0x0b94  msdsm - ok
16:46:59.0785 0x0b94  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC          C:\Windows\System32\msdtc.exe
16:46:59.0816 0x0b94  MSDTC - ok
16:46:59.0816 0x0b94  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:46:59.0863 0x0b94  Msfs - ok
16:46:59.0879 0x0b94  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
16:46:59.0910 0x0b94  mshidkmdf - ok
16:46:59.0926 0x0b94  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:46:59.0941 0x0b94  msisadrv - ok
16:46:59.0941 0x0b94  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
16:46:59.0988 0x0b94  MSiSCSI - ok
16:46:59.0988 0x0b94  msiserver - ok
16:46:59.0988 0x0b94  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
16:47:00.0019 0x0b94  MSKSSRV - ok
16:47:00.0019 0x0b94  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:00.0066 0x0b94  MSPCLOCK - ok
16:47:00.0066 0x0b94  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
16:47:00.0097 0x0b94  MSPQM - ok
16:47:00.0113 0x0b94  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
16:47:00.0144 0x0b94  MsRPC - ok
16:47:00.0144 0x0b94  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:00.0160 0x0b94  mssmbios - ok
16:47:00.0160 0x0b94  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
16:47:00.0206 0x0b94  MSTEE - ok
16:47:00.0206 0x0b94  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:47:00.0222 0x0b94  MTConfig - ok
16:47:00.0222 0x0b94  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup            C:\Windows\system32\Drivers\mup.sys
16:47:00.0253 0x0b94  Mup - ok
16:47:00.0269 0x0b94  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
16:47:00.0316 0x0b94  napagent - ok
16:47:00.0331 0x0b94  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
16:47:00.0362 0x0b94  NativeWifiP - ok
16:47:00.0394 0x0b94  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:47:00.0440 0x0b94  NDIS - ok
16:47:00.0472 0x0b94  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
16:47:00.0503 0x0b94  NdisCap - ok
16:47:00.0503 0x0b94  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:00.0534 0x0b94  NdisTapi - ok
16:47:00.0550 0x0b94  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:00.0581 0x0b94  Ndisuio - ok
16:47:00.0596 0x0b94  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:00.0628 0x0b94  NdisWan - ok
16:47:00.0643 0x0b94  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
16:47:00.0690 0x0b94  NDProxy - ok
16:47:00.0690 0x0b94  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
16:47:00.0721 0x0b94  NetBIOS - ok
16:47:00.0737 0x0b94  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
16:47:00.0784 0x0b94  NetBT - ok
16:47:00.0799 0x0b94  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon        C:\Windows\system32\lsass.exe
16:47:00.0799 0x0b94  Netlogon - ok
16:47:00.0815 0x0b94  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
16:47:00.0877 0x0b94  Netman - ok
16:47:00.0924 0x0b94  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:47:00.0955 0x0b94  NetMsmqActivator - ok
16:47:00.0986 0x0b94  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:47:01.0002 0x0b94  NetPipeActivator - ok
16:47:01.0033 0x0b94  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
16:47:01.0080 0x0b94  netprofm - ok
16:47:01.0080 0x0b94  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:47:01.0096 0x0b94  NetTcpActivator - ok
16:47:01.0096 0x0b94  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:47:01.0111 0x0b94  NetTcpPortSharing - ok
16:47:01.0127 0x0b94  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
16:47:01.0142 0x0b94  nfrd960 - ok
16:47:01.0142 0x0b94  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:47:01.0174 0x0b94  NlaSvc - ok
16:47:01.0174 0x0b94  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:47:01.0220 0x0b94  Npfs - ok
16:47:01.0220 0x0b94  [ 686398C3A52EE6588948EAC0C01B126C, 81712D5154535F54E492BA14F3B9140AF3A179D4BED5A1E084F3961275A6B39D ] NSD            C:\Windows\system32\drivers\nsd.sys
16:47:01.0236 0x0b94  NSD - ok
16:47:01.0236 0x0b94  [ 2152DC8E58391562C9F07998C6FCCF8C, BE89243A90FC3A3D5A628E6C1DF9CB2B51839C907AD4CE1A30C38D4260FC0DCC ] Nsdfltr        C:\Windows\system32\drivers\Nsdfltr.sys
16:47:01.0267 0x0b94  Nsdfltr - ok
16:47:01.0267 0x0b94  [ 486EC2BDC09FBAC5814032D38215010A, 70B1588AAF8897F36D09922BEECD8DBC6B922904B2B0E3EE3F0561624C0DE634 ] NSDSvc          C:\Windows\System32\NSDSvc.exe
16:47:01.0283 0x0b94  NSDSvc - ok
16:47:01.0298 0x0b94  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi            C:\Windows\system32\nsisvc.dll
16:47:01.0330 0x0b94  nsi - ok
16:47:01.0345 0x0b94  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:47:01.0376 0x0b94  nsiproxy - ok
16:47:01.0423 0x0b94  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:47:01.0501 0x0b94  Ntfs - ok
16:47:01.0501 0x0b94  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
16:47:01.0548 0x0b94  Null - ok
16:47:01.0829 0x0b94  [ 86B50CE257C74E378FC2686B8A1F8B30, 944093E5182FD076A93D8D9C06979E2B031A310217DFF0B2723CB136EE517772 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:47:02.0312 0x0b94  nvlddmkm - ok
16:47:02.0328 0x0b94  [ 3C4C982A745D50EEF29A59927E4E37CD, DB1C833FDA7873D00578C281EC808A6A303D0B569141E5F08FC6369F84AF8318 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
16:47:02.0344 0x0b94  nvpciflt - ok
16:47:02.0359 0x0b94  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:47:02.0390 0x0b94  nvraid - ok
16:47:02.0390 0x0b94  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:47:02.0422 0x0b94  nvstor - ok
16:47:02.0437 0x0b94  [ F44DF61D9B1C1269862CF4E135B64590, 7E6579A63A6E2E75C9CA752A5D16896C1677F6B7461C9ED9E1962B97946E716B ] nvsvc          C:\Windows\system32\nvvsvc.exe
16:47:02.0484 0x0b94  nvsvc - ok
16:47:02.0562 0x0b94  [ 845AF450F71A11B7358C6EFE9A76A894, 8042DF2402D00E210536552AC8202F6112F75C2F1506B0BED8DD3F04AF7BEF3F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:47:02.0749 0x0b94  nvUpdatusService - ok
16:47:02.0796 0x0b94  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:47:02.0812 0x0b94  nv_agp - ok
16:47:02.0858 0x0b94  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:47:02.0874 0x0b94  ohci1394 - ok
16:47:02.0890 0x0b94  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:47:02.0936 0x0b94  p2pimsvc - ok
16:47:02.0952 0x0b94  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
16:47:02.0983 0x0b94  p2psvc - ok
16:47:02.0999 0x0b94  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport        C:\Windows\system32\drivers\parport.sys
16:47:03.0014 0x0b94  Parport - ok
16:47:03.0030 0x0b94  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
16:47:03.0046 0x0b94  partmgr - ok
16:47:03.0046 0x0b94  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:47:03.0077 0x0b94  PcaSvc - ok
16:47:03.0092 0x0b94  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci            C:\Windows\system32\drivers\pci.sys
16:47:03.0108 0x0b94  pci - ok
16:47:03.0108 0x0b94  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:47:03.0124 0x0b94  pciide - ok
16:47:03.0155 0x0b94  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:47:03.0170 0x0b94  pcmcia - ok
16:47:03.0186 0x0b94  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw            C:\Windows\system32\drivers\pcw.sys
16:47:03.0202 0x0b94  pcw - ok
16:47:03.0217 0x0b94  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:47:03.0280 0x0b94  PEAUTH - ok
16:47:03.0311 0x0b94  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:47:03.0326 0x0b94  PerfHost - ok
16:47:03.0389 0x0b94  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla            C:\Windows\system32\pla.dll
16:47:03.0482 0x0b94  pla - ok
16:47:03.0482 0x0b94  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:47:03.0545 0x0b94  PlugPlay - ok
16:47:03.0560 0x0b94  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
16:47:03.0576 0x0b94  PNRPAutoReg - ok
16:47:03.0576 0x0b94  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
16:47:03.0592 0x0b94  PNRPsvc - ok
16:47:03.0607 0x0b94  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
16:47:03.0670 0x0b94  PolicyAgent - ok
16:47:03.0670 0x0b94  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power          C:\Windows\system32\umpo.dll
16:47:03.0716 0x0b94  Power - ok
16:47:03.0716 0x0b94  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:47:03.0763 0x0b94  PptpMiniport - ok
16:47:03.0763 0x0b94  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor      C:\Windows\system32\drivers\processr.sys
16:47:03.0779 0x0b94  Processor - ok
16:47:03.0794 0x0b94  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc        C:\Windows\system32\profsvc.dll
16:47:03.0810 0x0b94  ProfSvc - ok
16:47:03.0826 0x0b94  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:47:03.0826 0x0b94  ProtectedStorage - ok
16:47:03.0841 0x0b94  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:47:03.0872 0x0b94  Psched - ok
16:47:03.0919 0x0b94  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:47:03.0997 0x0b94  ql2300 - ok
16:47:04.0013 0x0b94  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:47:04.0028 0x0b94  ql40xx - ok
16:47:04.0044 0x0b94  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE          C:\Windows\system32\qwave.dll
16:47:04.0075 0x0b94  QWAVE - ok
16:47:04.0091 0x0b94  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:47:04.0106 0x0b94  QWAVEdrv - ok
16:47:04.0106 0x0b94  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:47:04.0138 0x0b94  RasAcd - ok
16:47:04.0153 0x0b94  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
16:47:04.0200 0x0b94  RasAgileVpn - ok
16:47:04.0200 0x0b94  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto        C:\Windows\System32\rasauto.dll
16:47:04.0231 0x0b94  RasAuto - ok
16:47:04.0247 0x0b94  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
16:47:04.0278 0x0b94  Rasl2tp - ok
16:47:04.0294 0x0b94  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
16:47:04.0340 0x0b94  RasMan - ok
16:47:04.0340 0x0b94  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:47:04.0387 0x0b94  RasPppoe - ok
16:47:04.0387 0x0b94  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
16:47:04.0418 0x0b94  RasSstp - ok
16:47:04.0434 0x0b94  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
16:47:04.0481 0x0b94  rdbss - ok
16:47:04.0481 0x0b94  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:47:04.0496 0x0b94  rdpbus - ok
16:47:04.0512 0x0b94  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:47:04.0543 0x0b94  RDPCDD - ok
16:47:04.0543 0x0b94  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:47:04.0574 0x0b94  RDPENCDD - ok
16:47:04.0590 0x0b94  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:47:04.0621 0x0b94  RDPREFMP - ok
16:47:04.0652 0x0b94  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:47:04.0668 0x0b94  RdpVideoMiniport - ok
16:47:04.0684 0x0b94  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
16:47:04.0699 0x0b94  RDPWD - ok
16:47:04.0715 0x0b94  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:47:04.0730 0x0b94  rdyboost - ok
16:47:04.0762 0x0b94  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:47:04.0793 0x0b94  RemoteAccess - ok
16:47:04.0808 0x0b94  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:47:04.0855 0x0b94  RemoteRegistry - ok
16:47:04.0855 0x0b94  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:47:04.0886 0x0b94  RFCOMM - ok
16:47:04.0886 0x0b94  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:47:04.0933 0x0b94  RpcEptMapper - ok
16:47:04.0933 0x0b94  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
16:47:04.0949 0x0b94  RpcLocator - ok
16:47:04.0964 0x0b94  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs          C:\Windows\system32\rpcss.dll
16:47:05.0011 0x0b94  RpcSs - ok
16:47:05.0011 0x0b94  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:47:05.0042 0x0b94  rspndr - ok
16:47:05.0058 0x0b94  [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
16:47:05.0105 0x0b94  RTL8167 - ok
16:47:05.0105 0x0b94  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs          C:\Windows\system32\lsass.exe
16:47:05.0120 0x0b94  SamSs - ok
16:47:05.0136 0x0b94  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:47:05.0152 0x0b94  sbp2port - ok
16:47:05.0183 0x0b94  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:47:05.0230 0x0b94  SCardSvr - ok
16:47:05.0245 0x0b94  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:47:05.0276 0x0b94  scfilter - ok
16:47:05.0323 0x0b94  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
16:47:05.0448 0x0b94  Schedule - ok
16:47:05.0448 0x0b94  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc    C:\Windows\System32\certprop.dll
16:47:05.0479 0x0b94  SCPolicySvc - ok
16:47:05.0495 0x0b94  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:47:05.0526 0x0b94  SDRSVC - ok
16:47:05.0526 0x0b94  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:47:05.0573 0x0b94  secdrv - ok
16:47:05.0604 0x0b94  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
16:47:05.0635 0x0b94  seclogon - ok
16:47:05.0651 0x0b94  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
16:47:05.0698 0x0b94  SENS - ok
16:47:05.0713 0x0b94  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:47:05.0744 0x0b94  SensrSvc - ok
16:47:05.0760 0x0b94  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum        C:\Windows\system32\drivers\serenum.sys
16:47:05.0776 0x0b94  Serenum - ok
16:47:05.0776 0x0b94  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
16:47:05.0807 0x0b94  Serial - ok
16:47:05.0807 0x0b94  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:47:05.0822 0x0b94  sermouse - ok
16:47:05.0838 0x0b94  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
16:47:05.0869 0x0b94  SessionEnv - ok
16:47:05.0869 0x0b94  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
16:47:05.0900 0x0b94  sffdisk - ok
16:47:05.0900 0x0b94  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:47:05.0916 0x0b94  sffp_mmc - ok
16:47:05.0932 0x0b94  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
16:47:05.0947 0x0b94  sffp_sd - ok
16:47:05.0947 0x0b94  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
16:47:05.0978 0x0b94  sfloppy - ok
16:47:06.0010 0x0b94  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:47:06.0056 0x0b94  SharedAccess - ok
16:47:06.0088 0x0b94  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:47:06.0134 0x0b94  ShellHWDetection - ok
16:47:06.0134 0x0b94  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:47:06.0166 0x0b94  SiSRaid2 - ok
16:47:06.0166 0x0b94  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:47:06.0181 0x0b94  SiSRaid4 - ok
16:47:06.0181 0x0b94  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
16:47:06.0228 0x0b94  Smb - ok
16:47:06.0244 0x0b94  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:47:06.0259 0x0b94  SNMPTRAP - ok
16:47:06.0275 0x0b94  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr          C:\Windows\system32\drivers\spldr.sys
16:47:06.0290 0x0b94  spldr - ok
16:47:06.0306 0x0b94  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler        C:\Windows\System32\spoolsv.exe
16:47:06.0384 0x0b94  Spooler - ok
16:47:06.0524 0x0b94  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:47:06.0696 0x0b94  sppsvc - ok
16:47:06.0712 0x0b94  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
16:47:06.0743 0x0b94  sppuinotify - ok
16:47:06.0758 0x0b94  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv            C:\Windows\system32\DRIVERS\srv.sys
16:47:06.0805 0x0b94  srv - ok
16:47:06.0821 0x0b94  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:47:06.0852 0x0b94  srv2 - ok
16:47:06.0852 0x0b94  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:47:06.0883 0x0b94  srvnet - ok
16:47:06.0883 0x0b94  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
16:47:06.0930 0x0b94  SSDPSRV - ok
16:47:06.0961 0x0b94  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc        C:\Windows\system32\sstpsvc.dll
16:47:07.0008 0x0b94  SstpSvc - ok
16:47:07.0055 0x0b94  [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:47:07.0226 0x0b94  Steam Client Service - ok
16:47:07.0242 0x0b94  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:47:07.0258 0x0b94  stexstor - ok
16:47:07.0273 0x0b94  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
16:47:07.0320 0x0b94  stisvc - ok
16:47:07.0320 0x0b94  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:47:07.0336 0x0b94  swenum - ok
16:47:07.0382 0x0b94  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv          C:\Windows\System32\swprv.dll
16:47:07.0445 0x0b94  swprv - ok
16:47:07.0460 0x0b94  [ 2F494CF2EC5DF71465A052CF9A494C06, E2018B28693699291AD384BB4DED666D0B3BE8F35880A945A39EF74DF56A44B0 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
16:47:07.0492 0x0b94  SynTP - ok
16:47:07.0523 0x0b94  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain        C:\Windows\system32\sysmain.dll
16:47:07.0632 0x0b94  SysMain - ok
16:47:07.0648 0x0b94  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:47:07.0679 0x0b94  TabletInputService - ok
16:47:07.0710 0x0b94  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv        C:\Windows\System32\tapisrv.dll
16:47:07.0757 0x0b94  TapiSrv - ok
16:47:07.0772 0x0b94  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS            C:\Windows\System32\tbssvc.dll
16:47:07.0804 0x0b94  TBS - ok
16:47:07.0866 0x0b94  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
16:47:07.0960 0x0b94  Tcpip - ok
16:47:08.0006 0x0b94  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:47:08.0053 0x0b94  TCPIP6 - ok
16:47:08.0069 0x0b94  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:47:08.0084 0x0b94  tcpipreg - ok
16:47:08.0084 0x0b94  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:47:08.0147 0x0b94  TDPIPE - ok
16:47:08.0147 0x0b94  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
16:47:08.0162 0x0b94  TDTCP - ok
16:47:08.0178 0x0b94  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
16:47:08.0194 0x0b94  tdx - ok
16:47:08.0194 0x0b94  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:47:08.0225 0x0b94  TermDD - ok
16:47:08.0240 0x0b94  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService    C:\Windows\System32\termsrv.dll
16:47:08.0287 0x0b94  TermService - ok
16:47:08.0287 0x0b94  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
16:47:08.0303 0x0b94  Themes - ok
16:47:08.0318 0x0b94  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER    C:\Windows\system32\mmcss.dll
16:47:08.0350 0x0b94  THREADORDER - ok
16:47:08.0350 0x0b94  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM            C:\Windows\system32\drivers\tpm.sys
16:47:08.0365 0x0b94  TPM - ok
16:47:08.0381 0x0b94  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
16:47:08.0412 0x0b94  TrkWks - ok
16:47:08.0428 0x0b94  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:47:08.0459 0x0b94  TrustedInstaller - ok
16:47:08.0506 0x0b94  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:47:08.0537 0x0b94  tssecsrv - ok
16:47:08.0537 0x0b94  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:47:08.0568 0x0b94  TsUsbFlt - ok
16:47:08.0568 0x0b94  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
16:47:08.0584 0x0b94  TsUsbGD - ok
16:47:08.0599 0x0b94  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:47:08.0630 0x0b94  tunnel - ok
16:47:08.0630 0x0b94  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:47:08.0662 0x0b94  uagp35 - ok
16:47:08.0677 0x0b94  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:47:08.0724 0x0b94  udfs - ok
16:47:08.0740 0x0b94  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect      C:\Windows\system32\UI0Detect.exe
16:47:08.0755 0x0b94  UI0Detect - ok
16:47:08.0771 0x0b94  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:47:08.0786 0x0b94  uliagpkx - ok
16:47:08.0786 0x0b94  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
16:47:08.0802 0x0b94  umbus - ok
16:47:08.0818 0x0b94  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:47:08.0833 0x0b94  UmPass - ok
16:47:08.0849 0x0b94  [ 5A5D20BD5BA50B8F671CDA78585729D5, 1B537183E883D64F8D6B6FC6CC01F62ED6EE744AB43124CB25EF55CA3A775558 ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:47:08.0958 0x0b94  UNS - ok
16:47:08.0974 0x0b94  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
16:47:09.0020 0x0b94  upnphost - ok
16:47:09.0020 0x0b94  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
16:47:09.0067 0x0b94  usbccgp - ok
16:47:09.0083 0x0b94  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:47:09.0130 0x0b94  usbcir - ok
16:47:09.0145 0x0b94  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci        C:\Windows\system32\drivers\usbehci.sys
16:47:09.0161 0x0b94  usbehci - ok
16:47:09.0176 0x0b94  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:47:09.0208 0x0b94  usbhub - ok
16:47:09.0223 0x0b94  [ B26ACA4784AD1295C25A7501FD4AB79E, 85AF98DE6D900C0986C9C5C808D0556DC3704C01EA0137F34C962D3B295455CE ] usbohci        C:\Windows\system32\drivers\usbohci.sys
16:47:09.0223 0x0b94  usbohci - detected UnsignedFile.Multi.Generic ( 1 )
16:47:19.0313 0x0b94  Object is SCO, delete is not allowed
16:47:19.0313 0x0b94  usbohci ( UnsignedFile.Multi.Generic ) - warning
16:47:33.0526 0x0b94  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:47:33.0573 0x0b94  usbprint - ok
16:47:33.0604 0x0b94  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
16:47:33.0636 0x0b94  usbscan - ok
16:47:33.0651 0x0b94  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:47:33.0682 0x0b94  USBSTOR - ok
16:47:33.0682 0x0b94  [ 35944CFF264134FFD2E7EED0F8B81A56, 48D4CD3143950B2D2650B7F37EDE0B9B94921C1E1FB2A3FFF8C23B399929726F ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
16:47:33.0698 0x0b94  usbuhci - detected UnsignedFile.Multi.Generic ( 1 )
16:47:38.0004 0x0b94  Detect skipped due to KSN trusted
16:47:38.0004 0x0b94  usbuhci - ok
16:47:38.0019 0x0b94  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:47:38.0066 0x0b94  usbvideo - ok
16:47:38.0066 0x0b94  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms          C:\Windows\System32\uxsms.dll
16:47:38.0097 0x0b94  UxSms - ok
16:47:38.0113 0x0b94  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc        C:\Windows\system32\lsass.exe
16:47:38.0113 0x0b94  VaultSvc - ok
16:47:38.0128 0x0b94  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:47:38.0144 0x0b94  vdrvroot - ok
16:47:38.0191 0x0b94  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds            C:\Windows\System32\vds.exe
16:47:38.0269 0x0b94  vds - ok
16:47:38.0269 0x0b94  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
16:47:38.0284 0x0b94  vga - ok
16:47:38.0284 0x0b94  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave        C:\Windows\System32\drivers\vga.sys
16:47:38.0331 0x0b94  VgaSave - ok
16:47:38.0331 0x0b94  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
16:47:38.0362 0x0b94  vhdmp - ok
16:47:38.0362 0x0b94  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:47:38.0378 0x0b94  viaide - ok
16:47:38.0409 0x0b94  [ 9A57B880B0F7AD01155B06741E073FBE, E4E8A6EFB340433012188A1BA763B072A1671796DFCC0336EAC529753BD73A5B ] vm332avs        C:\Windows\system32\Drivers\vm332avs.sys
16:47:38.0456 0x0b94  vm332avs - ok
16:47:38.0456 0x0b94  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:47:38.0472 0x0b94  volmgr - ok
16:47:38.0487 0x0b94  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
16:47:38.0518 0x0b94  volmgrx - ok
16:47:38.0534 0x0b94  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap        C:\Windows\system32\drivers\volsnap.sys
16:47:38.0565 0x0b94  volsnap - ok
16:47:38.0565 0x0b94  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
16:47:38.0581 0x0b94  vsmraid - ok
16:47:38.0628 0x0b94  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS            C:\Windows\system32\vssvc.exe
16:47:38.0721 0x0b94  VSS - ok
16:47:38.0737 0x0b94  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:47:38.0752 0x0b94  vwifibus - ok
16:47:38.0752 0x0b94  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:47:38.0784 0x0b94  vwififlt - ok
16:47:38.0799 0x0b94  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time        C:\Windows\system32\w32time.dll
16:47:38.0846 0x0b94  W32Time - ok
16:47:38.0846 0x0b94  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:47:38.0862 0x0b94  WacomPen - ok
16:47:38.0877 0x0b94  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:47:38.0908 0x0b94  WANARP - ok
16:47:38.0908 0x0b94  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:47:38.0940 0x0b94  Wanarpv6 - ok
16:47:38.0986 0x0b94  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
16:47:39.0049 0x0b94  wbengine - ok
16:47:39.0080 0x0b94  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:47:39.0111 0x0b94  WbioSrvc - ok
16:47:39.0127 0x0b94  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
16:47:39.0158 0x0b94  wcncsvc - ok
16:47:39.0174 0x0b94  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:47:39.0205 0x0b94  WcsPlugInService - ok
16:47:39.0205 0x0b94  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
16:47:39.0220 0x0b94  Wd - ok
16:47:39.0236 0x0b94  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:47:39.0283 0x0b94  Wdf01000 - ok
16:47:39.0298 0x0b94  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:47:39.0314 0x0b94  WdiServiceHost - ok
16:47:39.0330 0x0b94  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost  C:\Windows\system32\wdi.dll
16:47:39.0330 0x0b94  WdiSystemHost - ok
16:47:39.0345 0x0b94  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient      C:\Windows\System32\webclnt.dll
16:47:39.0376 0x0b94  WebClient - ok
16:47:39.0408 0x0b94  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:47:39.0439 0x0b94  Wecsvc - ok
16:47:39.0454 0x0b94  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
16:47:39.0486 0x0b94  wercplsupport - ok
16:47:39.0486 0x0b94  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:47:39.0532 0x0b94  WerSvc - ok
16:47:39.0532 0x0b94  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:47:39.0579 0x0b94  WfpLwf - ok
16:47:39.0579 0x0b94  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:47:39.0595 0x0b94  WIMMount - ok
16:47:39.0595 0x0b94  WinDefend - ok
16:47:39.0595 0x0b94  WinHttpAutoProxySvc - ok
16:47:39.0610 0x0b94  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
16:47:39.0657 0x0b94  Winmgmt - ok
16:47:39.0720 0x0b94  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM          C:\Windows\system32\WsmSvc.dll
16:47:39.0813 0x0b94  WinRM - ok
16:47:39.0844 0x0b94  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:47:39.0860 0x0b94  WinUsb - ok
16:47:39.0891 0x0b94  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc        C:\Windows\System32\wlansvc.dll
16:47:39.0954 0x0b94  Wlansvc - ok
16:47:39.0954 0x0b94  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
16:47:39.0969 0x0b94  WmiAcpi - ok
16:47:40.0000 0x0b94  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:47:40.0016 0x0b94  wmiApSrv - ok
16:47:40.0032 0x0b94  WMPNetworkSvc - ok
16:47:40.0032 0x0b94  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:47:40.0063 0x0b94  WPCSvc - ok
16:47:40.0078 0x0b94  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:47:40.0110 0x0b94  WPDBusEnum - ok
16:47:40.0110 0x0b94  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
16:47:40.0141 0x0b94  ws2ifsl - ok
16:47:40.0156 0x0b94  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
16:47:40.0172 0x0b94  wscsvc - ok
16:47:40.0188 0x0b94  WSearch - ok
16:47:40.0266 0x0b94  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:47:40.0359 0x0b94  wuauserv - ok
16:47:40.0375 0x0b94  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:47:40.0390 0x0b94  WudfPf - ok
16:47:40.0406 0x0b94  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:47:40.0422 0x0b94  WUDFRd - ok
16:47:40.0437 0x0b94  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
16:47:40.0453 0x0b94  wudfsvc - ok
16:47:40.0468 0x0b94  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc        C:\Windows\System32\wwansvc.dll
16:47:40.0500 0x0b94  WwanSvc - ok
16:47:40.0515 0x0b94  [ D83C2FF7EA53E66B8EA7901D710494EA, 5B2D3866C8D00FBDB3D9C5A03FA2C711633DF3C1D3FCB864E9A53C851E17FD18 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
16:47:40.0578 0x0b94  ZAtheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
16:47:44.0900 0x0b94  Detect skipped due to KSN trusted
16:47:44.0900 0x0b94  ZAtheros Bt&Wlan Coex Agent - ok
16:47:44.0916 0x0b94  ================ Scan global ===============================
16:47:44.0931 0x0b94  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:47:44.0947 0x0b94  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:47:44.0963 0x0b94  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:47:44.0963 0x0b94  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:47:44.0994 0x0b94  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:47:45.0009 0x0b94  [ Global ] - ok
16:47:45.0009 0x0b94  ================ Scan MBR ==================================
16:47:45.0009 0x0b94  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:47:45.0009 0x0b94  \Device\Harddisk0\DR0 - ok
16:47:45.0041 0x0b94  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:47:45.0243 0x0b94  \Device\Harddisk1\DR1 - ok
16:47:45.0243 0x0b94  ================ Scan VBR ==================================
16:47:45.0243 0x0b94  [ 690C7060DE21ED5C02DD84BC836DD040 ] \Device\Harddisk1\DR1\Partition1
16:47:45.0243 0x0b94  \Device\Harddisk1\DR1\Partition1 - ok
16:47:45.0259 0x0b94  [ 4124C05B5FBBB1E240FD6618CC6DEB19 ] \Device\Harddisk1\DR1\Partition2
16:47:45.0259 0x0b94  \Device\Harddisk1\DR1\Partition2 - ok
16:47:45.0259 0x0b94  [ 1A51DAB2B82E4985F4C075F660D247A6 ] \Device\Harddisk1\DR1\Partition3
16:47:45.0259 0x0b94  \Device\Harddisk1\DR1\Partition3 - ok
16:47:45.0259 0x0b94  ================ Scan generic autorun ======================
16:47:45.0290 0x0b94  [ 85C1A7A42D559F40AA2BB3FF12D90D4A, A60C8E3C98D8278CA399C7FA9BCA9FCA46EB6E35753503DCBB95036F3978EEF9 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
16:47:45.0337 0x0b94  AtherosBtStack - detected UnsignedFile.Multi.Generic ( 1 )
16:47:49.0674 0x0b94  Detect skipped due to KSN trusted
16:47:49.0674 0x0b94  AtherosBtStack - ok
16:47:49.0721 0x0b94  [ 8004052925477E082FC4B08C90A08D59, 33B836A7EA6B5E6BD43812DB4416CDE4EBFED80508748A6EA3A7384C27887105 ] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
16:47:49.0767 0x0b94  AthBtTray - detected UnsignedFile.Multi.Generic ( 1 )
16:47:54.0109 0x0b94  Detect skipped due to KSN trusted
16:47:54.0109 0x0b94  AthBtTray - ok
16:47:54.0141 0x0b94  [ 29DF2C444582BCACFC910E626EF5EEE0, DF558747D1F7C7C821F65BB8D94FBCF8723BD9E44FCE1BC21AC67EB3A16FFFFA ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
16:47:54.0156 0x0b94  AmIcoSinglun64 - ok
16:47:54.0156 0x0b94  SynTPEnh - ok
16:47:54.0189 0x0b94  [ 4E2B3D1B77FD1D842BAB244D32F8B0D2, B45CAE370040E19FA2C93FB9892DD4C9330828C8F298EB8AEDD5C42B0E4B1A88 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
16:47:54.0236 0x0b94  cAudioFilterAgent - ok
16:47:54.0236 0x0b94  [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
16:47:54.0252 0x0b94  ForteConfig - ok
16:47:54.0252 0x0b94  SynLenovoGestureMgr - ok
16:47:54.0439 0x0b94  [ 0C971FB9C511505E16D5E8A1340FD37E, 46B14D1EE5C9CBCAEFC8B952DCFFEC0F994D8897DDA8F0A53696615EC1149F88 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
16:47:54.0760 0x0b94  Energy Management - ok
16:47:54.0963 0x0b94  [ A0C651367C263C89212B3684977D8FBC, 2269C27E2A5509093733471D794E094EFCEBD8BFA7B0C0615B4C97AB9A0C9DD1 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
16:47:55.0197 0x0b94  EnergyUtility - ok
16:47:55.0228 0x0b94  [ 3A5D0E1BF0D7B954FD3A8BE474FCAABA, 2B41DF59122496519C8B68518AD566F3B7F28BECD089BF15B50D3D78C7369760 ] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
16:47:55.0337 0x0b94  332BigDog - ok
16:47:55.0353 0x0b94  [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
16:47:55.0415 0x0b94  USB3MON - ok
16:47:55.0415 0x0b94  [ 613166769A21CC231605F88A147B27C2, A48EB76D8B49C309B58F8ABC0C19A81379EEC95896D301B8EE8CE8BDB0DE4019 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
16:47:55.0446 0x0b94  Dolby Home Theater v4 - ok
16:47:55.0524 0x0b94  [ 8609649C2E4396209699AB576EF968D6, D6376683F95BB4C9DDAD037F859091471854ACFC82C98516E03E9E4547A50551 ] C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe
16:47:55.0634 0x0b94  Smart Update - ok
16:47:55.0649 0x0b94  [ 487620AB26D4286EB076ADCACB500E7C, 024D7D240D2AE9BBB6FEA81E2C58D431C9A41A8E2C55263CCF30182506C197E3 ] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
16:47:55.0665 0x0b94  Intelligent Touchpad - ok
16:47:55.0712 0x0b94  [ 305C31DC5C120ED45FDE11C818101B19, 251918553366EFBDB26B4A3DD4959EA15B50AF97DA43E75D2642928BA41F46FC ] C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe
16:47:55.0977 0x0b94  CAPOSD - detected UnsignedFile.Multi.Generic ( 1 )
16:48:00.0309 0x0b94  Detect skipped due to KSN trusted
16:48:00.0309 0x0b94  CAPOSD - ok
16:48:00.0371 0x0b94  [ E032ECB5304F71D642A977BC2C1C2B8E, 3B8EC8A70EE69ADBDEEAC3D9055D60C78E8FF774A6113DD4C6BAAFE09061C58E ] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
16:48:00.0434 0x0b94  KeePass 2 PreLoad - detected UnsignedFile.Multi.Generic ( 1 )
16:48:04.0744 0x0b94  Detect skipped due to KSN trusted
16:48:04.0744 0x0b94  KeePass 2 PreLoad - ok
16:48:04.0799 0x0b94  [ DBF1D13790ABEA19AC4ED7118FA3F14A, 5C07B4EDC78A805764D4CA7176AB24CCDC15CBD9838F9DB394D1A2EA8B1FEEA1 ] C:\Windows\DeleteVF.exe
16:48:04.0912 0x0b94  DeleteVeriFace - ok
16:48:04.0959 0x0b94  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:48:05.0030 0x0b94  Sidebar - ok
16:48:05.0045 0x0b94  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:48:05.0071 0x0b94  mctadmin - ok
16:48:05.0114 0x0b94  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:48:05.0150 0x0b94  Sidebar - ok
16:48:05.0157 0x0b94  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:48:05.0176 0x0b94  mctadmin - ok
16:48:05.0207 0x0b94  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:48:05.0244 0x0b94  Sidebar - ok
16:48:05.0249 0x0b94  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:48:05.0266 0x0b94  mctadmin - ok
16:48:05.0267 0x0b94  [ 0EC83E2DA29365048CBEB9A9A963BDFA, 49A41056403042B21AF3C1936489942B703BE609CB7DFC3303C417A5702501B9 ] C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
16:48:05.0300 0x0b94  SkyDrive - ok
16:48:05.0316 0x0b94  [ 0EC83E2DA29365048CBEB9A9A963BDFA, 49A41056403042B21AF3C1936489942B703BE609CB7DFC3303C417A5702501B9 ] C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
16:48:05.0349 0x0b94  SkyDrive - ok
16:48:05.0349 0x0b94  Waiting for KSN requests completion. In queue: 9
16:48:06.0349 0x0b94  Waiting for KSN requests completion. In queue: 9
16:48:07.0360 0x0b94  Waiting for KSN requests completion. In queue: 9
16:48:08.0361 0x0b94  Waiting for KSN requests completion. In queue: 9
16:48:09.0369 0x0b94  Waiting for KSN requests completion. In queue: 9
16:48:10.0572 0x0b94  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\wmiav.exe ( 15.0.1.415 ), 0x41000 ( enabled : updated )
16:48:10.0587 0x0b94  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\wmifw.exe ( 15.0.1.415 ), 0x41010 ( enabled )
16:48:23.0813 0x0b94  ============================================================
16:48:23.0813 0x0b94  Scan finished
16:48:23.0813 0x0b94  ============================================================
16:48:23.0828 0x1e0c  Detected object count: 1
16:48:23.0828 0x1e0c  Actual detected object count: 1
16:49:10.0405 0x1e0c  usbohci ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:10.0405 0x1e0c  usbohci ( UnsignedFile.Multi.Generic ) - User select action: Skip
Beste Grüße,
ArmeSocke

schrauber 10.03.2015 12:20
Das ist ein Fehlalarm :)


ProcessExplorer als Ersatz für den Windows Taskmanager installieren

Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden.

Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt.

Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).

ArmeSocke 10.03.2015 14:32
Hallo Schrauber,

vielen Danke zu erst einmal für diese Info. Das ist schon einmal beruhigend.
Was für eine Art von Fehlalarm ist das denn?
Ach und noch eine Frage kann ich jetzt die verschieden Programme wieder entfernen, bzw rückgängig machen (defogger)?

Leider gibt es Probleme mit dem Process Explorer. Bei dem Öffnen der Links bekomme ich die folgenden Fehler:

Process Explorer:
Code:
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Code>OutOfRangeInput</Code>
<Message>
One of the request inputs is out of range. RequestId:130c3954-0001-0000-752f-9ff030000000 Time:2015-03-10T13:22:33.4935350Z
</Message>
</Error>
Bei der Windows-Anleitung:
"We are sorry, the page you requested cannot be found."

schrauber 10.03.2015 20:04
Process Explorer - Download - Filepony
Versuch den Link.

Aufräumen machen wir wenn wir fertig sind :)

ArmeSocke 10.03.2015 20:54
Liste der Anhänge anzeigen (Anzahl: 5)
Hey,

damit hat es geklappt. Sowie es aussieht frisst Kaspersky die meisten Ressourcen. Aus diesem Grund habe ich mal Kaspersky geöffnet und gesehen, dass es einen vollständigen Scan ausführt. Und jetzt wo der Scan vorbei ist scheint sich die Performance verbessert zu haben. jetzt sind im oberen Bereich hauptsächlich Chrome-Prozesse aktiv.
Wieso hat Chrome eigentlich so viel Prozesse offen, obwohl ich nur ein Fenster offen habe?

Ich habe dir ein Bild mit dem Fenster geöffnet und zusätzlich Details von den intensiven Prozessen.

Beste Grüße,
ArmeSocke

ArmeSocke 10.03.2015 21:17
Hey,

ich habe mir gerade nochmal die Zeitpläne von Kaspersky angeschaut und da ist mir aufgefallen, dass ich bei der Einstellung wohl einige dumme Fehler gemacht habe. Um 19:30 startet jeden Tag die vollständige Untersuchung, um 20:00 die Schwachstellen suche und um 21:00 noch mal ein Untersuchung. Keine Ahnung wieso ich so viele Untersuchungen starte :balla: Ich habe die Einstellungen wohl immer mal wieder geändert und die anderen Einstellungen dabei nicht bedacht. :headbang:
Und meist ist mein PC genau zu dieser Zeit sehr langsam.
Kann das sein?

schrauber 11.03.2015 11:48
Klar kann das sein :).

Alle geplanten Scans raus. Chrome hat pro offenem Tab einen Prozess.

ArmeSocke 11.03.2015 16:02
Okay. Dann werde ich das mal machen und mir das mal die nächsten zwei Tage oder so anschauen, ob es das war. Und dann schreibe ich nochmal. :)

Wie soll ich es dann mit den Scans machen? On Demand?

schrauber 12.03.2015 08:55
Echtzeitschutz ist doch an, mehr braucht es nit.

ArmeSocke 12.03.2015 09:05
Ja, klar. ;-) d.h. Du würdest nur scannen, wenn dir etwas komisch vorkommt?


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:44 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131