Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Beim Virenscan Malware backdoor.win32.androm.eutw gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.10.2014, 10:51   #1
coldmorning
 
Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Standard

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden



Hallo,

nachdem ich den Rechner meines Kumpels mit eurer Hilfe gereinigt hat schein es mich nun auch getroffen zu haben. Hab mit Kaspersky einen Virenscan gemacht und promt Malware gefunden.

hier die logs (musste auf mehrere Posts aufteilen.

Kaspersky:

Code:
ATTFilter
Gefundenes Objekt (Datei) wurde nicht verarbeitet	"D:\Windows Live Mail\Freenet (st f5e\Posteingang\3B4511AA-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr"	"D:\Windows Live Mail\Freenet (st f5e\Posteingang\3B4511AA-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr"	Backdoor.Win32.Androm.eutw	Trojanisches Programm	Heute, 21:07
Gefundenes Objekt (Datei) wurde nicht verarbeitet	"C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Freenet.de\Posteingang\6D221AF4-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr"	"C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Freenet.de\Posteingang\6D221AF4-00000593.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr"	Backdoor.Win32.Androm.eutw	Trojanisches Programm	Heute, 20:26
Gefundenes Objekt (Datei) wurde nicht verarbeitet	"C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte 3e4\Freenet (st f5e\Posteingang\0BAF5B92-00000044.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr"	"C:\Documents and Settings\Stephan\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte 3e4\Freenet (st f5e\Posteingang\0BAF5B92-00000044.eml//[From ""Jin"" <luisella@mabelsrl.it>][Date 4 Sep 2014 18:17:08][Subj Foto]/foto94238.zip//foto94238.scr"	Backdoor.Win32.Androm.eutw	Trojanisches Programm	Heute, 20:26
         
gmer Teil 1:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-21 21:28:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\00000061 Samsung_ rev.EXT0 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Familie\AppData\Local\Temp\fwdirfoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                            0000000076f31465 2 bytes [F3, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                           0000000076f314bb 2 bytes [F3, 76]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                             0000000076f31465 2 bytes [F3, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                            0000000076f314bb 2 bytes [F3, 76]
.text  ...                                                                                                                                                                                  * 2
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                     00000000779111f5 8 bytes {JMP 0xd}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                   0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Pro                                                                      00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                           0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                  000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                  000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                          000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                          0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                         0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                            0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                            0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                               0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                              0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                      0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                  0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                  0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                       0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                              00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                            00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                             000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                            0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                    0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                    0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                            0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                               0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                               0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                   0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                   0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                            0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                      0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                    0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                          0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                            0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                          0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                        0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                        0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                     0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                       0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                  0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                  0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                            0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                              0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                            0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                 00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                               0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                      000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                      000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                              000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                              0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                             0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                    0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                   0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                  0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                          0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                      0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                      0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                           0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                  00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                 000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                        0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                        0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                    000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                    00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                   0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                   0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                       0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                       0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                          0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                        0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                              0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                              0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                            0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                            0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                         0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                           0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                      0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                      0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                  0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1276] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                     0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                             00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                           0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                  000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                  000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                          000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                          0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                         0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                            0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                            0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                               0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                              0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                      0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                  0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                  0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                       0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                              00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                            00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                             000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                            0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                    0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                    0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                            0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                               0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                               0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                   0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                   0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                            0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                      0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                    0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                          0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                            0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                          0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                        0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                        0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                     0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                       0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                  0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                  0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                            0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                              0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                            0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                      00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                    0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                           000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                           000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                   000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                   0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                  0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                     0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                     0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                         0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                        0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                       0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                               0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                           0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                           0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                       00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                     00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                      000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                     0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                             0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                             0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                     0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                         000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                         00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                        0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                        0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                            0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                            0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                     0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                               0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                             0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                   0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                     0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                   0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                 0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                 0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                              0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                           0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                           0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                     0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                       0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                     0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                          0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                            0000000076f31465 2 bytes [F3, 76]
.text  C:\Program Files (x86)\Browny02\BrYNSvc.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                           0000000076f314bb 2 bytes [F3, 76]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                              00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                            0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                   000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                   000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                           000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                           0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                          0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                             0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                             0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                 0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                               0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                       0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                   0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                   0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                        0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                               00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                             00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                              000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                             0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                     0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                     0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                             0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                 000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                 00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                    0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                    0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                             0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                       0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                     0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                           0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                         0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                             0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                             0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                           0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                           00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                         0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                         0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                      0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                        0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                   0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                   0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                             0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                               0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                             0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4140] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                  0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                          00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                        0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                               000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                               000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                       000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                       0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                      0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                         0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                         0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                             0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                            0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                           0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                   0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                               0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                               0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                    0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                           00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                         00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                          000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                         0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                 0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                 0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                         0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                             000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                             00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                            0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                            0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                         0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                   0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                 0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                       0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                     0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                         0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                         0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                       0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                       00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                     0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                     0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                  0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                    0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                               0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                               0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                         0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                           0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                         0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Stephan\Desktop\Gmer-19357.exe[5832] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                              0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Kernel IAT/EAT - GMER 2.1 ----

IAT    C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback]                                                                                                                      [fffff880044c3fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0993ca                                                                                                          
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0993ca@789ed08a1c82                                                                                             0xDF 0x16 0x94 0x22 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00190e0993ca (not active ControlSet)                                                                                      
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00190e0993ca@789ed08a1c82                                                                                                 0xDF 0x16 0x94 0x22 ...

---- Files - GMER 2.1 ----

File   C:\Program Files (x86)\Secunia\PSI\SUA\running                                                                                                                                       0 bytes

---- EOF - GMER 2.1 ----
         

Alt 22.10.2014, 10:54   #2
coldmorning
 
Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Standard

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden



gmer Teil2:


Code:
ATTFilter
gramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                          000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                          000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                  000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                  0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                 0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                    0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                    0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                        0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                       0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                      0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                              0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                          0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                          0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                               0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                      00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                    00000000779127d2 8 bytes {JMP 0x10}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                     000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                    0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                            0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                            0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                    0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                        000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                        00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                       0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                       0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                           0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                           0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                    0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                              0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                            0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                  0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                    0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                    0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                  0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                  00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                             0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                               0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                          0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                          0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                    0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                      0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                    0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[3852] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                         0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                  00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                       000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                       000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                               000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                               0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                              0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                 0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                 0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                     0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                    0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                   0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                           0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                       0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                       0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                            0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                   00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                 00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                  000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                 0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                         0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                         0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                 0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                     000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                     00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                    0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                    0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                        0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                        0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                 0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                           0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                         0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                               0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                             0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                 0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                 0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                               0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                               00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                             0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                             0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                          0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                            0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                       0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                       0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                 0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                   0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                 0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                      0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                        0000000076f31465 2 bytes [F3, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                       0000000076f314bb 2 bytes [F3, 76]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                   00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                 0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                        000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                               0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                  0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                      0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                     0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                    0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                            0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                        0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                        0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578             0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79   000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176  0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367          0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                  0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                      00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                     0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                     0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197         0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611         0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                           0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                             0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                  0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                    0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                       0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                             00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                           0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                  000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                  000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                          000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                          0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                         0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                            0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                            0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                               0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                              0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                      0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                  0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                  0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                       0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                              00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                            00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                             000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                            0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                    0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                    0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                            0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                               0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                               0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                   0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                   0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                            0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                      0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                    0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                          0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                            0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                          0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                        0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                        0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                     0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                       0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                  0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                  0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                            0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                              0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                            0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[4088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                 0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                    00000000779111f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                  0000000077911390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                         000000007791143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                         000000007791158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                 000000007791191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                 0000000077911b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                0000000077911bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                   0000000077911d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                   0000000077911eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                       0000000077911edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                      0000000077911f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                     0000000077911fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                             0000000077911fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                         0000000077912272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                         0000000077912301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                              0000000077912792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                     00000000779127b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                   00000000779127d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                    000000007791282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                   0000000077912890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                           0000000077912d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                           0000000077912d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                   0000000077913023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                       000000007791323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                       00000000779133c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                      0000000077913a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                      0000000077913ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                          0000000077913b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                          0000000077913d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                   0000000077914190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                             0000000077961380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                           0000000077961500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                 0000000077961530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                               0000000077961650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                   0000000077961700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                   0000000077961d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                 0000000077961f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 00000000779627e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                               0000000073d813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                               0000000073d8146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                            0000000073d816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                              0000000073d816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                         0000000073d819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                         0000000073d819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                   0000000073d81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                     0000000073d81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                   0000000073d81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe[3252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                        0000000073d81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5
         
__________________


Alt 22.10.2014, 10:58   #3
coldmorning
 
Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Standard

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden



Gmer ist ja riesngroß... Muss das so sein? Das kommt mir irgendwie seltsam vor...


frst Log:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Familie (administrator) on STEPHAN-PC on 21-10-2014 21:22:09
Running from C:\Users\Stephan\Desktop
Loaded Profiles: Stephan & Familie (Available profiles: Stephan & Familie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-1192048264-2856092765-3315345556-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Familie\AppData\Roaming\Mozilla\Firefox\Profiles\nvb8lbqy.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\Familie\AppData\Roaming\Mozilla\Firefox\Profiles\nvb8lbqy.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-08-31]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-06-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-06-07]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-08-31]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-09-18] (Perfect World Entertainment Inc)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 21:22 - 2014-10-21 21:22 - 00017338 _____ () C:\Users\Stephan\Desktop\FRST.txt
2014-10-21 21:22 - 2014-10-21 21:22 - 00000000 ____D () C:\FRST
2014-10-21 21:21 - 2014-10-21 21:21 - 02110976 _____ (Farbar) C:\Users\Stephan\Desktop\FRST64.exe
2014-10-21 21:17 - 2014-10-21 21:17 - 00380416 _____ () C:\Users\Stephan\Desktop\Gmer-19357.exe
2014-10-21 21:16 - 2014-10-21 21:16 - 00001684 _____ () C:\Users\Stephan\Desktop\kaspersky.txt
2014-10-21 20:42 - 2014-10-21 20:42 - 00001215 _____ () C:\Users\Stephan\Documents\kaspersky.txt
2014-10-21 17:36 - 2014-10-21 17:36 - 00000407 _____ () C:\Windows\SecuniaPackage.log
2014-10-21 17:34 - 2014-10-21 17:34 - 05329480 _____ (Secunia) C:\Users\Stephan\Downloads\psisetup.exe
2014-10-21 17:34 - 2014-10-21 17:34 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-10-21 17:34 - 2014-10-21 17:34 - 00000000 ____D () C:\Users\Familie\AppData\Local\Secunia PSI
2014-10-21 17:34 - 2014-10-21 17:34 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-10-21 17:05 - 2014-10-21 17:05 - 00000000 ____D () C:\Users\Stephan\Documents\My Weblog Posts
2014-10-21 17:02 - 2014-10-21 17:02 - 12757300 _____ () C:\Users\Stephan\Downloads\PanoramicForests.deskthemepack
2014-10-20 18:40 - 2014-10-21 17:06 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-20 18:40 - 2014-10-20 18:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-10-20 18:40 - 2014-10-20 18:40 - 00001083 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-10-20 18:40 - 2014-10-20 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-10-20 18:40 - 2014-10-20 18:40 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-20 18:40 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-10-20 17:59 - 2014-10-20 19:03 - 00006656 _____ () C:\Users\Stephan\Desktop\Selbsthilfegruppe Teilnehmer.xls
2014-10-20 17:55 - 2014-10-20 17:55 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-10-20 17:53 - 2014-10-20 17:53 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-10-20 17:53 - 2014-10-20 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-10-20 17:52 - 2014-10-21 19:54 - 00000504 _____ () C:\Windows\setupact.log
2014-10-20 17:52 - 2014-10-20 17:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-20 17:51 - 2014-10-20 17:48 - 220827648 _____ () C:\LibreOffice_4.2.6-secfix_Win_x86.msi
2014-10-20 17:46 - 2014-10-20 17:48 - 220827648 _____ () C:\Users\Stephan\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi
2014-10-20 17:43 - 2014-10-21 17:47 - 00101961 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 17:40 - 2014-10-20 17:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 17:40 - 2014-10-20 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 17:39 - 2014-10-20 17:39 - 00638888 _____ (Oracle Corporation) C:\Users\Familie\Downloads\jxpiinstall.exe
2014-10-20 17:39 - 2014-10-20 17:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-20 17:30 - 2014-10-20 17:30 - 00003270 _____ () C:\Windows\System32\Tasks\{21E52D00-12D3-4A5A-8A74-BE5F8183B62E}
2014-10-20 17:28 - 2014-10-20 17:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stephan\Downloads\revosetup95.exe
2014-10-20 17:28 - 2014-10-20 17:28 - 00001268 _____ () C:\Users\Familie\Desktop\Revo Uninstaller.lnk
2014-10-20 17:28 - 2014-10-20 17:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-20 16:06 - 2014-10-20 16:06 - 04095448 _____ (BrightFort LLC ) C:\Users\Stephan\Downloads\spywareblastersetup50.exe
2014-10-20 15:52 - 2014-10-20 15:52 - 02347384 _____ (ESET) C:\Users\Stephan\Downloads\esetsmartinstaller_deu(1).exe
2014-10-18 19:27 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-18 19:27 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-18 19:27 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-18 19:27 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-18 19:27 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-18 19:27 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-18 19:27 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-18 19:27 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-18 19:27 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-18 19:27 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-18 19:27 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-18 19:27 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-18 19:27 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-18 19:27 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-18 19:27 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-18 19:27 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-18 19:27 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-18 19:27 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-18 19:27 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-18 19:27 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-18 19:27 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-18 19:27 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-18 19:27 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-18 19:27 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-18 19:27 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-18 19:27 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-18 19:27 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-18 19:27 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-18 19:27 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-18 19:27 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-18 19:27 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-18 19:27 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-18 19:27 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-18 19:27 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-18 19:27 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-18 19:27 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-18 19:27 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-18 19:27 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-18 19:27 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-18 19:27 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-18 19:27 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-18 19:27 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-18 19:27 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-18 19:27 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-18 19:27 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-18 19:27 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-18 19:27 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-18 19:27 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-18 19:27 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-18 19:27 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-18 19:27 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-18 19:27 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-18 19:27 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-18 19:27 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-18 19:27 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-18 19:27 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-18 19:27 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-18 19:27 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-18 19:27 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-18 19:27 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-18 19:27 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-18 19:27 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-18 19:27 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-18 19:27 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-18 19:27 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-18 19:27 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-18 19:26 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-18 19:26 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-18 19:26 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-18 19:26 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-18 19:26 - 2014-08-29 04:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-18 19:25 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-18 19:25 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-18 19:25 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-18 19:25 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-18 19:25 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-18 19:25 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-18 19:25 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-18 19:25 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-18 19:25 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-18 19:25 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-18 19:25 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-18 19:25 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-18 19:25 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-18 19:25 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-18 19:25 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 15:54 - 2014-10-15 15:54 - 00062096 _____ () C:\Windows\SysWOW64\CCCInstall_201410151554461740.log
2014-10-15 15:54 - 2014-10-15 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-10-15 15:54 - 2014-10-15 15:54 - 00000000 ____D () C:\ProgramData\ATI
2014-10-15 15:54 - 2014-10-15 15:54 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-10-14 18:22 - 2014-10-14 18:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-01 16:04 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 16:04 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-25 19:44 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 19:44 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 21:18 - 2014-07-15 16:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 20:44 - 2014-06-07 19:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 20:15 - 2014-06-07 20:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-21 20:01 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 20:01 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 19:58 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-10-21 19:58 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-10-21 19:58 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 19:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 17:36 - 2014-06-07 19:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-21 17:36 - 2014-06-07 19:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-21 17:36 - 2014-06-07 19:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-21 17:06 - 2014-06-08 22:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-21 17:05 - 2014-06-08 20:52 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Windows Live Writer
2014-10-20 18:34 - 2009-07-14 06:45 - 00332448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 18:08 - 2014-09-10 18:13 - 00000000 ____D () C:\Users\Familie\AppData\Local\Adobe
2014-10-20 18:06 - 2014-06-07 21:37 - 00072104 _____ () C:\Users\Familie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-20 17:54 - 2014-06-07 19:07 - 00072104 _____ () C:\Users\Stephan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-20 17:53 - 2014-06-08 21:44 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-10-20 17:40 - 2014-06-07 19:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-18 19:37 - 2014-06-07 20:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 19:34 - 2014-06-07 19:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 19:33 - 2014-06-07 19:42 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 15:54 - 2014-06-07 20:30 - 00000000 ____D () C:\ProgramData\AMD
2014-10-15 15:54 - 2014-06-07 18:39 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-10-15 15:53 - 2014-06-07 20:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-15 15:52 - 2014-06-07 19:48 - 00000000 ____D () C:\AMD
2014-10-14 19:22 - 2014-06-07 20:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-02 15:53 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Stephan\AppData\Local\Temp\tmpFF25.exe
C:\Users\Stephan\AppData\Local\Temp\_is7A6C.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-09 18:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition Text:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by Familie at 2014-10-21 21:22:45
Running from C:\Users\Stephan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Uninstaller 2.9.0.722 (HKLM-x32\...\Absolute Uninstaller_is1) (Version:  - Glarysoft.com)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\{BC8AC77D-6A6F-491F-BEED-2958F09C6CAE}) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD Accelerated Video Transcoding (Version: 13.30.100.40915 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0915.1813.30937 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0915.1813.30937 - Ihr Firmenname) Hidden
AMD USB Filter Driver (x32 Version: 1.0.14.91 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Armageddon (HKLM-x32\...\{E163BB62-2840-4C55-9A8E-5C5B9E9FF86C}) (Version:  - )
Brother MFL-Pro Suite MFC-J4410DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
COGPACK-DEMO (HKLM-x32\...\COGPACK-DEMO) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Doomsday (HKLM-x32\...\{69464949-AD9C-4C98-933F-C32FFC86F3C8}) (Version:  - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.44.820 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.820 - DVDVideoSoft Ltd.)
Hearts of Iron (HKLM-x32\...\{0C7880D0-B759-43A2-BFA9-64E208B9535B}) (Version:  - )
Hearts of Iron 2 (HKLM-x32\...\{98786147-80E3-41A5-A80C-1F3C028558CF}) (Version:  - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nero 9 (HKLM-x32\...\{d840018d-b6fd-4936-a957-623973b4c038}) (Version:  - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.23.100 - Nero AG) Hidden
Nero Disc Copy Gadget (x32 Version: 2.4.43.0 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero PhotoSnap (x32 Version: 2.4.29.0 - Nero AG) Hidden
Nero Recode (x32 Version: 4.4.40.0 - Nero AG) Hidden
Nero Rescue Agent (x32 Version: 2.4.14.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.27.100 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.40.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.19.100 - Nero AG) Hidden
Nero WaveEditor (x32 Version: 5.4.39.0 - Nero AG) Hidden
NeroBurningROM (x32 Version: 1.0.0.0 - Nero AG) Hidden
NeroExpress (x32 Version: 1.0.0.0 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SoundTrax (x32 Version: 4.4.39.0 - Nero AG) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1192048264-2856092765-3315345556-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Stephan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1192048264-2856092765-3315345556-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Stephan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1192048264-2856092765-3315345556-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Stephan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1192048264-2856092765-3315345556-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Stephan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1192048264-2856092765-3315345556-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Stephan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {735CCA8D-F0B9-4882-AA0B-B929131E7695} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {EFF10ACB-74E9-4154-9F0E-883472D142EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-15 18:13 - 2014-09-15 18:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-06-08 20:57 - 2005-04-22 06:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2008-02-12 13:55 - 2008-02-12 13:55 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-06-08 20:57 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-10-14 18:22 - 2014-10-14 18:22 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Stephan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup

========================= Accounts: ==========================

Administrator (S-1-5-21-1192048264-2856092765-3315345556-500 - Administrator - Disabled)
Familie (S-1-5-21-1192048264-2856092765-3315345556-1004 - Administrator - Enabled) => C:\Users\Familie
Gast (S-1-5-21-1192048264-2856092765-3315345556-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1192048264-2856092765-3315345556-1002 - Limited - Enabled)
Stephan (S-1-5-21-1192048264-2856092765-3315345556-1000 - Limited - Enabled) => C:\Users\Stephan

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2014 07:55:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2014 05:23:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2014 04:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x13e0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/21/2014 04:19:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2014 10:30:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2014 08:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2014 07:56:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2014 07:18:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2014 07:14:15 PM) (Source: ESENT) (EventID: 455) (User: )
Description: wlmail (5468) D:\Windows Live Mail\Calendars\: Fehler -1022 (0xfffffc02) beim Öffnen von Protokolldatei D:\Windows Live Mail\Calendars\DBStore\LogFiles\edb.log.

Error: (10/20/2014 07:14:15 PM) (Source: ESENT) (EventID: 489) (User: )
Description: wlmail (5468) D:\Windows Live Mail\Calendars\: Versuch, Datei "D:\Windows Live Mail\Calendars\DBStore\LogFiles\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 55 (0x00000037): "Die angegebene Netzwerkressource bzw. das angegebene Gerät ist nicht mehr verfügbar. " fehlgeschlagen. Fehler -1022 (0xfffffc02) beim Öffnen von Dateien.


System errors:
=============
Error: (10/21/2014 05:23:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AVP erreicht.

Error: (10/20/2014 07:14:15 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.

Error: (10/20/2014 07:14:15 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error: (10/20/2014 07:14:15 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.

Error: (10/20/2014 07:14:15 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.

Error: (10/20/2014 07:14:15 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.

Error: (10/20/2014 07:14:15 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.

Error: (10/20/2014 07:14:15 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk0\DR0 ist für den Zugriff noch nicht bereit.

Error: (10/14/2014 04:35:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Gruppenrichtlinienclient" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/03/2014 11:33:09 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.


Microsoft Office Sessions:
=========================
Error: (10/21/2014 07:55:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2014 05:23:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2014 04:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb800000030000142513e001cfed3be7d61d7bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla4f8aa7a-5932-11e4-bc88-002522ac0f69

Error: (10/21/2014 04:19:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2014 10:30:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2014 08:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2014 07:56:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2014 07:18:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2014 07:14:15 PM) (Source: ESENT) (EventID: 455) (User: )
Description: wlmail5468D:\Windows Live Mail\Calendars\: D:\Windows Live Mail\Calendars\DBStore\LogFiles\edb.log-1022 (0xfffffc02)

Error: (10/20/2014 07:14:15 PM) (Source: ESENT) (EventID: 489) (User: )
Description: wlmail5468D:\Windows Live Mail\Calendars\: D:\Windows Live Mail\Calendars\DBStore\LogFiles\edb.log-1022 (0xfffffc02)55 (0x00000037)Die angegebene Netzwerkressource bzw. das angegebene Gerät ist nicht mehr verfügbar.


CodeIntegrity Errors:
===================================
  Date: 2014-10-20 15:26:12.034
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-20 15:26:11.971
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 19:13:55.562
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 19:13:55.562
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 19:13:55.562
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 19:13:55.562
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 19:13:23.014
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 19:13:22.952
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-09 18:23:20.669
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-09 18:23:20.666
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 960T Processor
Percentage of memory in use: 23%
Total physical RAM: 8187.64 MB
Available physical RAM: 6267.14 MB
Total Pagefile: 16373.46 MB
Available Pagefile: 14425.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:74.12 GB) NTFS
Drive d: (Musik und Videos) (Fixed) (Total:232.88 GB) (Free:96.83 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:319.28 GB) (Free:299.57 GB) NTFS
Drive g: (Volume) (Fixed) (Total:146.38 GB) (Free:138.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: B0325106)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E88D7372)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 89E2C361)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
malware Antibytes (hatte ich schon auf dem Rechner, dachte es könnte nicht schaden das mal auszuführen).

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.10.2014
Suchlauf-Zeit: 11:57:17
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.2.1012
Malware Datenbank: v2014.10.22.03
Rootkit Datenbank: v2014.10.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Stephan

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 248244
Verstrichene Zeit: 9 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
__________________

Geändert von coldmorning (22.10.2014 um 11:13 Uhr)

Alt 22.10.2014, 11:39   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Standard

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.10.2014, 17:24   #5
coldmorning
 
Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Standard

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden



Hallo und danke erstmal.

Hier das Log:

Code:
ATTFilter
14:36:40.0646 0x1150  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
14:36:43.0922 0x1150  ============================================================
14:36:43.0922 0x1150  Current date / time: 2014/10/22 14:36:43.0922
14:36:43.0922 0x1150  SystemInfo:
14:36:43.0922 0x1150  
14:36:43.0922 0x1150  OS Version: 6.1.7601 ServicePack: 1.0
14:36:43.0922 0x1150  Product type: Workstation
14:36:43.0922 0x1150  ComputerName: STEPHAN-PC
14:36:43.0922 0x1150  UserName: Familie
14:36:43.0922 0x1150  Windows directory: C:\Windows
14:36:43.0922 0x1150  System windows directory: C:\Windows
14:36:43.0922 0x1150  Running under WOW64
14:36:43.0922 0x1150  Processor architecture: Intel x64
14:36:43.0922 0x1150  Number of processors: 4
14:36:43.0922 0x1150  Page size: 0x1000
14:36:43.0922 0x1150  Boot type: Normal boot
14:36:43.0922 0x1150  ============================================================
14:36:44.0546 0x1150  KLMD registered as C:\Windows\system32\drivers\56681097.sys
14:36:44.0905 0x1150  System UUID: {785032FA-A08A-20E3-B858-BC7320DEEDE9}
14:36:45.0794 0x1150  Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:36:45.0810 0x1150  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x764A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
14:36:45.0825 0x1150  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:36:45.0825 0x1150  ============================================================
14:36:45.0825 0x1150  \Device\Harddisk2\DR2:
14:36:45.0825 0x1150  MBR partitions:
14:36:45.0825 0x1150  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
14:36:45.0825 0x1150  \Device\Harddisk0\DR0:
14:36:45.0825 0x1150  MBR partitions:
14:36:45.0825 0x1150  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
14:36:45.0825 0x1150  \Device\Harddisk1\DR1:
14:36:45.0841 0x1150  MBR partitions:
14:36:45.0841 0x1150  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:36:45.0841 0x1150  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C5000
14:36:45.0841 0x1150  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x124F8000, BlocksNum 0x27E8D000
14:36:45.0841 0x1150  ============================================================
14:36:45.0841 0x1150  C: <-> \Device\Harddisk2\DR2\Partition1
14:36:45.0856 0x1150  D: <-> \Device\Harddisk0\DR0\Partition1
14:36:45.0919 0x1150  E: <-> \Device\Harddisk1\DR1\Partition3
14:36:45.0950 0x1150  G: <-> \Device\Harddisk1\DR1\Partition2
14:36:45.0950 0x1150  ============================================================
14:36:45.0950 0x1150  Initialize success
14:36:45.0950 0x1150  ============================================================
14:38:04.0325 0x1618  ============================================================
14:38:04.0325 0x1618  Scan started
14:38:04.0325 0x1618  Mode: Manual; SigCheck; TDLFS; 
14:38:04.0325 0x1618  ============================================================
14:38:04.0325 0x1618  KSN ping started
14:38:07.0039 0x1618  KSN ping finished: true
14:38:07.0382 0x1618  ================ Scan system memory ========================
14:38:07.0382 0x1618  System memory - ok
14:38:07.0382 0x1618  ================ Scan services =============================
14:38:07.0445 0x1618  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
14:38:07.0491 0x1618  1394ohci - ok
14:38:07.0507 0x1618  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:38:07.0523 0x1618  ACPI - ok
14:38:07.0523 0x1618  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:38:07.0585 0x1618  AcpiPmi - ok
14:38:07.0585 0x1618  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:38:07.0585 0x1618  AdobeARMservice - ok
14:38:07.0632 0x1618  [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:38:07.0757 0x1618  AdobeFlashPlayerUpdateSvc - ok
14:38:07.0772 0x1618  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:38:07.0819 0x1618  adp94xx - ok
14:38:07.0835 0x1618  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:38:07.0866 0x1618  adpahci - ok
14:38:07.0881 0x1618  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:38:07.0897 0x1618  adpu320 - ok
14:38:07.0913 0x1618  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:38:08.0037 0x1618  AeLookupSvc - ok
14:38:08.0069 0x1618  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
14:38:08.0084 0x1618  AFD - ok
14:38:08.0100 0x1618  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:38:08.0115 0x1618  agp440 - ok
14:38:08.0115 0x1618  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:38:08.0147 0x1618  ALG - ok
14:38:08.0147 0x1618  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:38:08.0162 0x1618  aliide - ok
14:38:08.0162 0x1618  [ F17B1902DFCED1C24DB57492A7896FF8, 966AB1A072A8AF98D7EDD2A388D919B50FC41A06E1C51B04B2C2F54F1BA7F0D5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:38:08.0193 0x1618  AMD External Events Utility - ok
14:38:08.0209 0x1618  AMD FUEL Service - ok
14:38:08.0209 0x1618  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:38:08.0225 0x1618  amdide - ok
14:38:08.0225 0x1618  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:38:08.0240 0x1618  AmdK8 - ok
14:38:08.0552 0x1618  [ 81FCDBBA547919D59DC134ED717658B4, 9A95C4400CAE00F25EE10BAE8949CF7317954742EB6F0831AAAEA4A2C220E56B ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:38:08.0911 0x1618  amdkmdag - ok
14:38:08.0958 0x1618  [ AF6B384E03D15471EDCEDDDEBAA363B2, 2D8CFA26D69A8FF0FAC6EBA2E5A62977B21ECBA0C65458072FEC4A886B3EDD73 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:38:08.0973 0x1618  amdkmdap - ok
14:38:08.0989 0x1618  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:38:08.0989 0x1618  AmdPPM - ok
14:38:09.0005 0x1618  [ 53D8D46D51D390ABDB54ECA623165CB7, D16A3604412D0DC3EA68320FB6980D146ED60D587AAB6B65810C038AFF1EC237 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
14:38:09.0020 0x1618  amdsata - ok
14:38:09.0036 0x1618  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:38:09.0051 0x1618  amdsbs - ok
14:38:09.0067 0x1618  [ 75C51148154E34EB3D7BB84749A758D5, 8865F223CBAE166A9BF6CBCDA66F63369F151CCB449A28E95560C36AD45D0C85 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:38:09.0067 0x1618  amdxata - ok
14:38:09.0067 0x1618  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:38:09.0083 0x1618  AODDriver4.3 - ok
14:38:09.0083 0x1618  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
14:38:09.0207 0x1618  AppID - ok
14:38:09.0207 0x1618  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:38:09.0254 0x1618  AppIDSvc - ok
14:38:09.0254 0x1618  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
14:38:09.0270 0x1618  Appinfo - ok
14:38:09.0270 0x1618  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
14:38:09.0285 0x1618  arc - ok
14:38:09.0301 0x1618  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:38:09.0317 0x1618  arcsas - ok
14:38:09.0332 0x1618  [ B405D1740CCE9A0A293BC4D63F7F16FC, 22EA39B01A6FE28E24757EDD464378AFD8BF85669BB9C923EDFE1769436EA94B ] ArcService      C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe
14:38:09.0363 0x1618  ArcService - ok
14:38:09.0379 0x1618  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:38:09.0395 0x1618  aspnet_state - ok
14:38:09.0395 0x1618  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:38:09.0426 0x1618  AsyncMac - ok
14:38:09.0426 0x1618  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:38:09.0441 0x1618  atapi - ok
14:38:09.0441 0x1618  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:38:09.0457 0x1618  AtiHDAudioService - ok
14:38:09.0488 0x1618  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:38:09.0535 0x1618  AudioEndpointBuilder - ok
14:38:09.0566 0x1618  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:38:09.0597 0x1618  AudioSrv - ok
14:38:09.0613 0x1618  [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
14:38:09.0629 0x1618  AVP - ok
14:38:09.0644 0x1618  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:38:09.0660 0x1618  AxInstSV - ok
14:38:09.0691 0x1618  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:38:09.0738 0x1618  b06bdrv - ok
14:38:09.0753 0x1618  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:38:09.0785 0x1618  b57nd60a - ok
14:38:09.0785 0x1618  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:38:09.0816 0x1618  BDESVC - ok
14:38:09.0816 0x1618  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:38:09.0847 0x1618  Beep - ok
14:38:09.0878 0x1618  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:38:09.0894 0x1618  BFE - ok
14:38:09.0941 0x1618  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:38:10.0003 0x1618  BITS - ok
14:38:10.0019 0x1618  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:38:10.0019 0x1618  blbdrive - ok
14:38:10.0034 0x1618  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:38:10.0050 0x1618  bowser - ok
14:38:10.0050 0x1618  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:38:10.0065 0x1618  BrFiltLo - ok
14:38:10.0065 0x1618  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:38:10.0081 0x1618  BrFiltUp - ok
14:38:10.0097 0x1618  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:38:10.0112 0x1618  Browser - ok
14:38:10.0128 0x1618  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:38:10.0159 0x1618  Brserid - ok
14:38:10.0159 0x1618  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:38:10.0190 0x1618  BrSerWdm - ok
14:38:10.0190 0x1618  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:38:10.0206 0x1618  BrUsbMdm - ok
14:38:10.0206 0x1618  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:38:10.0221 0x1618  BrUsbSer - ok
14:38:10.0237 0x1618  [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
14:38:10.0253 0x1618  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
14:38:12.0967 0x1618  Detect skipped due to KSN trusted
14:38:12.0967 0x1618  BrYNSvc - ok
14:38:12.0967 0x1618  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
14:38:12.0983 0x1618  BthEnum - ok
14:38:12.0998 0x1618  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:38:13.0014 0x1618  BTHMODEM - ok
14:38:13.0029 0x1618  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:38:13.0045 0x1618  BthPan - ok
14:38:13.0076 0x1618  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:38:13.0123 0x1618  BTHPORT - ok
14:38:13.0139 0x1618  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:38:13.0170 0x1618  bthserv - ok
14:38:13.0170 0x1618  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:38:13.0201 0x1618  BTHUSB - ok
14:38:13.0201 0x1618  [ 05ACFD6CFB58D6AC174AD50D33C24EFC, 60C86C37BCB167A37D3A17A0D2865A97487DBB98828C1ED8180F55608F7B5C87 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:38:13.0217 0x1618  btwaudio - ok
14:38:13.0232 0x1618  [ 73B4341807E3398DAC73102E4709ECB0, 37F2F1DCE4A945D5C3C321AE327F6E5B5194F9D39BEAC42BB235EAA2919D8A1D ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
14:38:13.0248 0x1618  btwavdt - ok
14:38:13.0248 0x1618  [ DA0386AED062087147A4A9E09A23F6F1, CCA2DC854D2F612AF6FCF7D86516FC6560AC83D5B717566005ECFC89AB4AA016 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:38:13.0263 0x1618  btwrchid - ok
14:38:13.0279 0x1618  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:38:13.0310 0x1618  cdfs - ok
14:38:13.0326 0x1618  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:38:13.0341 0x1618  cdrom - ok
14:38:13.0341 0x1618  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:38:13.0388 0x1618  CertPropSvc - ok
14:38:13.0388 0x1618  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:38:13.0404 0x1618  circlass - ok
14:38:13.0419 0x1618  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
14:38:13.0435 0x1618  CLFS - ok
14:38:13.0451 0x1618  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:38:13.0497 0x1618  clr_optimization_v2.0.50727_32 - ok
14:38:13.0513 0x1618  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:38:13.0529 0x1618  clr_optimization_v2.0.50727_64 - ok
14:38:13.0544 0x1618  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:38:13.0560 0x1618  clr_optimization_v4.0.30319_32 - ok
14:38:13.0560 0x1618  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:38:13.0575 0x1618  clr_optimization_v4.0.30319_64 - ok
14:38:13.0575 0x1618  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:38:13.0591 0x1618  CmBatt - ok
14:38:13.0591 0x1618  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:38:13.0607 0x1618  cmdide - ok
14:38:13.0638 0x1618  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
14:38:13.0653 0x1618  CNG - ok
14:38:13.0653 0x1618  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:38:13.0669 0x1618  Compbatt - ok
14:38:13.0685 0x1618  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:38:13.0700 0x1618  CompositeBus - ok
14:38:13.0700 0x1618  COMSysApp - ok
14:38:13.0700 0x1618  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:38:13.0716 0x1618  crcdisk - ok
14:38:13.0731 0x1618  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:38:13.0747 0x1618  CryptSvc - ok
14:38:13.0763 0x1618  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:38:13.0809 0x1618  DcomLaunch - ok
14:38:13.0825 0x1618  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:38:13.0887 0x1618  defragsvc - ok
14:38:13.0887 0x1618  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:38:13.0919 0x1618  DfsC - ok
14:38:13.0934 0x1618  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:38:13.0950 0x1618  Dhcp - ok
14:38:13.0965 0x1618  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:38:13.0981 0x1618  discache - ok
14:38:13.0997 0x1618  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
14:38:13.0997 0x1618  Disk - ok
14:38:14.0012 0x1618  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:38:14.0028 0x1618  Dnscache - ok
14:38:14.0028 0x1618  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:38:14.0075 0x1618  dot3svc - ok
14:38:14.0090 0x1618  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:38:14.0121 0x1618  DPS - ok
14:38:14.0121 0x1618  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:38:14.0137 0x1618  drmkaud - ok
14:38:14.0168 0x1618  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:38:14.0184 0x1618  DXGKrnl - ok
14:38:14.0199 0x1618  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:38:14.0231 0x1618  EapHost - ok
14:38:14.0371 0x1618  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:38:14.0558 0x1618  ebdrv - ok
14:38:14.0574 0x1618  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
14:38:14.0574 0x1618  EFS - ok
14:38:14.0621 0x1618  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:38:14.0683 0x1618  ehRecvr - ok
14:38:14.0683 0x1618  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:38:14.0714 0x1618  ehSched - ok
14:38:14.0730 0x1618  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:38:14.0777 0x1618  elxstor - ok
14:38:14.0792 0x1618  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:38:14.0808 0x1618  ErrDev - ok
14:38:14.0823 0x1618  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:38:14.0870 0x1618  EventSystem - ok
14:38:14.0870 0x1618  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:38:14.0917 0x1618  exfat - ok
14:38:14.0917 0x1618  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:38:14.0948 0x1618  fastfat - ok
14:38:14.0979 0x1618  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:38:15.0011 0x1618  Fax - ok
14:38:15.0011 0x1618  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:38:15.0026 0x1618  fdc - ok
14:38:15.0026 0x1618  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:38:15.0057 0x1618  fdPHost - ok
14:38:15.0057 0x1618  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:38:15.0089 0x1618  FDResPub - ok
14:38:15.0089 0x1618  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:38:15.0104 0x1618  FileInfo - ok
14:38:15.0104 0x1618  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:38:15.0135 0x1618  Filetrace - ok
14:38:15.0135 0x1618  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:38:15.0167 0x1618  flpydisk - ok
14:38:15.0167 0x1618  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:38:15.0182 0x1618  FltMgr - ok
14:38:15.0229 0x1618  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
14:38:15.0260 0x1618  FontCache - ok
14:38:15.0276 0x1618  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:38:15.0291 0x1618  FontCache3.0.0.0 - ok
14:38:15.0291 0x1618  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:38:15.0323 0x1618  FsDepends - ok
14:38:15.0323 0x1618  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:38:15.0323 0x1618  Fs_Rec - ok
14:38:15.0338 0x1618  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:38:15.0354 0x1618  fvevol - ok
14:38:15.0354 0x1618  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:38:15.0385 0x1618  gagp30kx - ok
14:38:15.0416 0x1618  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:38:15.0463 0x1618  gpsvc - ok
14:38:15.0479 0x1618  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:38:15.0494 0x1618  hcw85cir - ok
14:38:15.0510 0x1618  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:38:15.0557 0x1618  HdAudAddService - ok
14:38:15.0557 0x1618  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:38:15.0572 0x1618  HDAudBus - ok
14:38:15.0572 0x1618  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:38:15.0588 0x1618  HidBatt - ok
14:38:15.0603 0x1618  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:38:15.0635 0x1618  HidBth - ok
14:38:15.0635 0x1618  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:38:15.0650 0x1618  HidIr - ok
14:38:15.0650 0x1618  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
14:38:15.0681 0x1618  hidserv - ok
14:38:15.0697 0x1618  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:38:15.0744 0x1618  HidUsb - ok
14:38:15.0759 0x1618  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:38:15.0791 0x1618  hkmsvc - ok
14:38:15.0806 0x1618  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:38:15.0822 0x1618  HomeGroupListener - ok
14:38:15.0822 0x1618  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:38:15.0837 0x1618  HomeGroupProvider - ok
14:38:15.0853 0x1618  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:38:15.0869 0x1618  HpSAMD - ok
14:38:15.0900 0x1618  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:38:15.0931 0x1618  HTTP - ok
14:38:15.0947 0x1618  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:38:15.0947 0x1618  hwpolicy - ok
14:38:15.0962 0x1618  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:38:15.0962 0x1618  i8042prt - ok
14:38:15.0993 0x1618  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:38:16.0025 0x1618  iaStorV - ok
14:38:16.0040 0x1618  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:38:16.0071 0x1618  idsvc - ok
14:38:16.0071 0x1618  IEEtwCollectorService - ok
14:38:16.0071 0x1618  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:38:16.0087 0x1618  iirsp - ok
14:38:16.0134 0x1618  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:38:16.0149 0x1618  IKEEXT - ok
14:38:16.0243 0x1618  [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:38:16.0290 0x1618  IntcAzAudAddService - ok
14:38:16.0305 0x1618  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:38:16.0321 0x1618  intelide - ok
14:38:16.0321 0x1618  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
14:38:16.0337 0x1618  intelppm - ok
14:38:16.0352 0x1618  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:38:16.0383 0x1618  IPBusEnum - ok
14:38:16.0383 0x1618  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:38:16.0430 0x1618  IpFilterDriver - ok
14:38:16.0446 0x1618  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:38:16.0477 0x1618  iphlpsvc - ok
14:38:16.0477 0x1618  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:38:16.0508 0x1618  IPMIDRV - ok
14:38:16.0508 0x1618  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:38:16.0555 0x1618  IPNAT - ok
14:38:16.0555 0x1618  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:38:16.0571 0x1618  IRENUM - ok
14:38:16.0586 0x1618  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:38:16.0602 0x1618  isapnp - ok
14:38:16.0617 0x1618  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:38:16.0649 0x1618  iScsiPrt - ok
14:38:16.0649 0x1618  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:38:16.0649 0x1618  kbdclass - ok
14:38:16.0664 0x1618  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:38:16.0664 0x1618  kbdhid - ok
14:38:16.0680 0x1618  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
14:38:16.0680 0x1618  KeyIso - ok
14:38:16.0695 0x1618  [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
14:38:16.0711 0x1618  kl1 - ok
14:38:16.0727 0x1618  [ D0C3AEF67932D2A80736FBCB956C017D, 166C2FD5F1B6FFE7A71CD821DFDD02B68D25CBF0D44BD6F2522C65CF1DEB363C ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
14:38:16.0727 0x1618  klflt - ok
14:38:16.0742 0x1618  [ 41DF293A7F0418F5DDED9F0297DC68F3, 25DE4BB7F2D915FCF576ABD46EEDC5574B694A2D1E5CB7AB565792C7BB57C76B ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
14:38:16.0758 0x1618  KLIF - ok
14:38:16.0773 0x1618  [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
14:38:16.0773 0x1618  KLIM6 - ok
14:38:16.0789 0x1618  [ 8DA5BC75C3E8A995335642F26CAEA54B, 3995AAB499A37077AA4FB372E75CD9259BA3EA7020B961CF482AC948D2D47AB4 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
14:38:16.0789 0x1618  klkbdflt - ok
14:38:16.0789 0x1618  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
14:38:16.0805 0x1618  klmouflt - ok
14:38:16.0805 0x1618  [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
14:38:16.0805 0x1618  klpd - ok
14:38:16.0820 0x1618  [ 4828B3D2BC89B05E07101C6E60CE0A6A, C2D40EA03A526286AEDF27DE80CB0576EB59EB7581C9E9ECFCB867349593D7CE ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
14:38:16.0820 0x1618  kltdi - ok
14:38:16.0836 0x1618  [ 91BC1C5B00275A4D7FD669EFF0DDEB2A, B745518E1916441A49565478EA77C8DBC784E7B4D9DAD1EA1F648ED1727F413D ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
14:38:16.0836 0x1618  kneps - ok
14:38:16.0851 0x1618  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:38:16.0851 0x1618  KSecDD - ok
14:38:16.0867 0x1618  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:38:16.0883 0x1618  KSecPkg - ok
14:38:16.0883 0x1618  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:38:16.0898 0x1618  ksthunk - ok
14:38:16.0929 0x1618  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:38:16.0976 0x1618  KtmRm - ok
14:38:16.0992 0x1618  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:38:17.0023 0x1618  LanmanServer - ok
14:38:17.0023 0x1618  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:38:17.0054 0x1618  LanmanWorkstation - ok
14:38:17.0054 0x1618  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:38:17.0085 0x1618  lltdio - ok
14:38:17.0101 0x1618  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:38:17.0148 0x1618  lltdsvc - ok
14:38:17.0148 0x1618  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:38:17.0179 0x1618  lmhosts - ok
14:38:17.0179 0x1618  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:38:17.0210 0x1618  LSI_FC - ok
14:38:17.0210 0x1618  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:38:17.0241 0x1618  LSI_SAS - ok
14:38:17.0241 0x1618  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:38:17.0257 0x1618  LSI_SAS2 - ok
14:38:17.0273 0x1618  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:38:17.0288 0x1618  LSI_SCSI - ok
14:38:17.0288 0x1618  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:38:17.0319 0x1618  luafv - ok
14:38:17.0335 0x1618  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:38:17.0335 0x1618  MBAMProtector - ok
14:38:17.0397 0x1618  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
14:38:17.0444 0x1618  MBAMScheduler - ok
14:38:17.0475 0x1618  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
14:38:17.0507 0x1618  MBAMService - ok
14:38:17.0507 0x1618  [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
14:38:17.0522 0x1618  MBAMWebAccessControl - ok
14:38:17.0538 0x1618  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:38:17.0553 0x1618  Mcx2Svc - ok
14:38:17.0553 0x1618  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:38:17.0585 0x1618  megasas - ok
14:38:17.0600 0x1618  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:38:17.0631 0x1618  MegaSR - ok
14:38:17.0631 0x1618  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:38:17.0663 0x1618  MMCSS - ok
14:38:17.0663 0x1618  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:38:17.0694 0x1618  Modem - ok
14:38:17.0694 0x1618  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:38:17.0709 0x1618  monitor - ok
14:38:17.0709 0x1618  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:38:17.0725 0x1618  mouclass - ok
14:38:17.0725 0x1618  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:38:17.0725 0x1618  mouhid - ok
14:38:17.0741 0x1618  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:38:17.0741 0x1618  mountmgr - ok
14:38:17.0756 0x1618  [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:38:17.0756 0x1618  MozillaMaintenance - ok
14:38:17.0772 0x1618  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:38:17.0803 0x1618  mpio - ok
14:38:17.0803 0x1618  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:38:17.0834 0x1618  mpsdrv - ok
14:38:17.0865 0x1618  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:38:17.0912 0x1618  MpsSvc - ok
14:38:17.0928 0x1618  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:38:17.0943 0x1618  MRxDAV - ok
14:38:17.0959 0x1618  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:38:17.0975 0x1618  mrxsmb - ok
14:38:17.0990 0x1618  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:38:18.0006 0x1618  mrxsmb10 - ok
14:38:18.0006 0x1618  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:38:18.0021 0x1618  mrxsmb20 - ok
14:38:18.0021 0x1618  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:38:18.0037 0x1618  msahci - ok
14:38:18.0037 0x1618  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:38:18.0053 0x1618  msdsm - ok
14:38:18.0068 0x1618  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:38:18.0084 0x1618  MSDTC - ok
14:38:18.0099 0x1618  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:38:18.0131 0x1618  Msfs - ok
14:38:18.0131 0x1618  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:38:18.0162 0x1618  mshidkmdf - ok
14:38:18.0162 0x1618  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:38:18.0177 0x1618  msisadrv - ok
14:38:18.0177 0x1618  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:38:18.0224 0x1618  MSiSCSI - ok
14:38:18.0224 0x1618  msiserver - ok
14:38:18.0224 0x1618  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:38:18.0255 0x1618  MSKSSRV - ok
14:38:18.0255 0x1618  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:38:18.0287 0x1618  MSPCLOCK - ok
14:38:18.0302 0x1618  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:38:18.0333 0x1618  MSPQM - ok
14:38:18.0349 0x1618  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:38:18.0365 0x1618  MsRPC - ok
14:38:18.0365 0x1618  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:38:18.0380 0x1618  mssmbios - ok
14:38:18.0380 0x1618  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:38:18.0411 0x1618  MSTEE - ok
14:38:18.0411 0x1618  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:38:18.0427 0x1618  MTConfig - ok
14:38:18.0443 0x1618  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:38:18.0443 0x1618  Mup - ok
14:38:18.0474 0x1618  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:38:18.0505 0x1618  napagent - ok
14:38:18.0521 0x1618  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:38:18.0567 0x1618  NativeWifiP - ok
14:38:18.0599 0x1618  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:38:18.0630 0x1618  NDIS - ok
14:38:18.0630 0x1618  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:38:18.0661 0x1618  NdisCap - ok
14:38:18.0677 0x1618  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:38:18.0692 0x1618  NdisTapi - ok
14:38:18.0708 0x1618  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:38:18.0739 0x1618  Ndisuio - ok
14:38:18.0739 0x1618  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:38:18.0770 0x1618  NdisWan - ok
14:38:18.0770 0x1618  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:38:18.0801 0x1618  NDProxy - ok
14:38:18.0833 0x1618  [ 0FF3C6AA3E0FE0EB316DF5449B569463, 7EDB0349F5E4714368EB27667385FF7B935D6C050E7E45C25E792D9825082C52 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:38:18.0864 0x1618  Nero BackItUp Scheduler 4.0 - ok
14:38:18.0864 0x1618  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:38:18.0895 0x1618  NetBIOS - ok
14:38:18.0911 0x1618  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:38:18.0926 0x1618  NetBT - ok
14:38:18.0942 0x1618  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
14:38:18.0942 0x1618  Netlogon - ok
14:38:18.0973 0x1618  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:38:18.0989 0x1618  Netman - ok
14:38:19.0004 0x1618  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:38:19.0020 0x1618  NetMsmqActivator - ok
14:38:19.0020 0x1618  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:38:19.0035 0x1618  NetPipeActivator - ok
14:38:19.0067 0x1618  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:38:19.0098 0x1618  netprofm - ok
14:38:19.0098 0x1618  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:38:19.0113 0x1618  NetTcpActivator - ok
14:38:19.0113 0x1618  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:38:19.0129 0x1618  NetTcpPortSharing - ok
14:38:19.0145 0x1618  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:38:19.0160 0x1618  nfrd960 - ok
14:38:19.0176 0x1618  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:38:19.0191 0x1618  NlaSvc - ok
14:38:19.0191 0x1618  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:38:19.0223 0x1618  Npfs - ok
14:38:19.0223 0x1618  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:38:19.0254 0x1618  nsi - ok
14:38:19.0254 0x1618  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:38:19.0285 0x1618  nsiproxy - ok
14:38:19.0347 0x1618  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:38:19.0410 0x1618  Ntfs - ok
14:38:19.0425 0x1618  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:38:19.0441 0x1618  Null - ok
14:38:19.0457 0x1618  [ 8EBCB9165EE7F1571842F4D9D624A74C, 115F46B8391866762AD41B299F0670D8735D124BD518A53EC73DCDBFCA9C28F9 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
14:38:19.0472 0x1618  nusb3hub - ok
14:38:19.0472 0x1618  [ 5D54DBB12BBFE07CC283FD39F2CD6D63, 3DC3F9121F8892EDABD07ACDE45DB025BA2FC4245A8D3EE343F1FDF7189B391F ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:38:19.0488 0x1618  nusb3xhc - ok
14:38:19.0488 0x1618  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:38:19.0519 0x1618  nvraid - ok
14:38:19.0519 0x1618  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:38:19.0550 0x1618  nvstor - ok
14:38:19.0550 0x1618  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:38:19.0581 0x1618  nv_agp - ok
14:38:19.0581 0x1618  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:38:19.0597 0x1618  ohci1394 - ok
14:38:19.0613 0x1618  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:38:19.0628 0x1618  p2pimsvc - ok
14:38:19.0659 0x1618  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:38:19.0675 0x1618  p2psvc - ok
14:38:19.0691 0x1618  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
14:38:19.0706 0x1618  Parport - ok
14:38:19.0722 0x1618  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:38:19.0722 0x1618  partmgr - ok
14:38:19.0737 0x1618  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:38:19.0753 0x1618  PcaSvc - ok
14:38:19.0769 0x1618  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:38:19.0769 0x1618  pci - ok
14:38:19.0784 0x1618  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:38:19.0784 0x1618  pciide - ok
14:38:19.0800 0x1618  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:38:19.0831 0x1618  pcmcia - ok
14:38:19.0831 0x1618  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:38:19.0847 0x1618  pcw - ok
14:38:19.0862 0x1618  [ 7CADB4ABAE72390951886CF259791F5F, 9A0F4113F4E09911A44843F31E8C7047EEA39611AB490A4CF16FAE9D95310076 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
14:38:19.0878 0x1618  PDFProFiltSrvPP - ok
14:38:19.0893 0x1618  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:38:19.0940 0x1618  PEAUTH - ok
14:38:19.0971 0x1618  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:38:20.0003 0x1618  PerfHost - ok
14:38:20.0049 0x1618  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:38:20.0143 0x1618  pla - ok
14:38:20.0174 0x1618  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:38:20.0205 0x1618  PlugPlay - ok
14:38:20.0205 0x1618  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:38:20.0221 0x1618  PNRPAutoReg - ok
14:38:20.0237 0x1618  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:38:20.0252 0x1618  PNRPsvc - ok
14:38:20.0283 0x1618  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:38:20.0315 0x1618  PolicyAgent - ok
14:38:20.0330 0x1618  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:38:20.0361 0x1618  Power - ok
14:38:20.0361 0x1618  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:38:20.0393 0x1618  PptpMiniport - ok
14:38:20.0393 0x1618  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
14:38:20.0408 0x1618  Processor - ok
14:38:20.0424 0x1618  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:38:20.0439 0x1618  ProfSvc - ok
14:38:20.0455 0x1618  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:38:20.0455 0x1618  ProtectedStorage - ok
14:38:20.0471 0x1618  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:38:20.0486 0x1618  Psched - ok
14:38:20.0502 0x1618  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI             C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
14:38:20.0502 0x1618  PSI - ok
14:38:20.0564 0x1618  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:38:20.0689 0x1618  ql2300 - ok
14:38:20.0705 0x1618  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:38:20.0720 0x1618  ql40xx - ok
14:38:20.0736 0x1618  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:38:20.0767 0x1618  QWAVE - ok
14:38:20.0767 0x1618  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:38:20.0798 0x1618  QWAVEdrv - ok
14:38:20.0798 0x1618  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:38:20.0829 0x1618  RasAcd - ok
14:38:20.0829 0x1618  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:38:20.0861 0x1618  RasAgileVpn - ok
14:38:20.0861 0x1618  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:38:20.0907 0x1618  RasAuto - ok
14:38:20.0907 0x1618  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:38:20.0939 0x1618  Rasl2tp - ok
14:38:20.0954 0x1618  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:38:21.0017 0x1618  RasMan - ok
14:38:21.0017 0x1618  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:38:21.0048 0x1618  RasPppoe - ok
14:38:21.0048 0x1618  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:38:21.0079 0x1618  RasSstp - ok
14:38:21.0095 0x1618  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:38:21.0126 0x1618  rdbss - ok
14:38:21.0126 0x1618  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:38:21.0141 0x1618  rdpbus - ok
14:38:21.0141 0x1618  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:38:21.0173 0x1618  RDPCDD - ok
14:38:21.0173 0x1618  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:38:21.0204 0x1618  RDPENCDD - ok
14:38:21.0204 0x1618  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:38:21.0235 0x1618  RDPREFMP - ok
14:38:21.0235 0x1618  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:38:21.0251 0x1618  RdpVideoMiniport - ok
14:38:21.0266 0x1618  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:38:21.0282 0x1618  RDPWD - ok
14:38:21.0282 0x1618  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:38:21.0297 0x1618  rdyboost - ok
14:38:21.0313 0x1618  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:38:21.0344 0x1618  RemoteAccess - ok
14:38:21.0344 0x1618  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:38:21.0391 0x1618  RemoteRegistry - ok
14:38:21.0407 0x1618  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:38:21.0422 0x1618  RFCOMM - ok
14:38:21.0438 0x1618  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:38:21.0453 0x1618  RpcEptMapper - ok
14:38:21.0453 0x1618  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:38:21.0485 0x1618  RpcLocator - ok
14:38:21.0563 0x1618  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:38:21.0594 0x1618  RpcSs - ok
14:38:21.0609 0x1618  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:38:21.0625 0x1618  rspndr - ok
14:38:21.0641 0x1618  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A, 9F6CFBE7E64A63E0AFEF546C4B8D889657B2055CE80279EA1B63EB5650E730F8 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:38:21.0656 0x1618  RTL8167 - ok
14:38:21.0672 0x1618  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
14:38:21.0672 0x1618  SamSs - ok
14:38:21.0687 0x1618  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:38:21.0703 0x1618  sbp2port - ok
14:38:21.0703 0x1618  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:38:21.0750 0x1618  SCardSvr - ok
14:38:21.0750 0x1618  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:38:21.0781 0x1618  scfilter - ok
14:38:21.0828 0x1618  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
14:38:21.0875 0x1618  Schedule - ok
14:38:21.0875 0x1618  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:38:21.0906 0x1618  SCPolicySvc - ok
14:38:21.0921 0x1618  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:38:21.0937 0x1618  SDRSVC - ok
14:38:21.0953 0x1618  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:38:21.0968 0x1618  secdrv - ok
14:38:21.0984 0x1618  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:38:21.0999 0x1618  seclogon - ok
14:38:22.0031 0x1618  [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
14:38:22.0062 0x1618  Secunia PSI Agent - ok
14:38:22.0093 0x1618  [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
14:38:22.0109 0x1618  Secunia Update Agent - ok
14:38:22.0109 0x1618  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
14:38:22.0140 0x1618  SENS - ok
14:38:22.0140 0x1618  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:38:22.0155 0x1618  SensrSvc - ok
14:38:22.0171 0x1618  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:38:22.0171 0x1618  Serenum - ok
14:38:22.0187 0x1618  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:38:22.0187 0x1618  Serial - ok
14:38:22.0202 0x1618  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:38:22.0218 0x1618  sermouse - ok
14:38:22.0218 0x1618  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:38:22.0265 0x1618  SessionEnv - ok
14:38:22.0265 0x1618  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:38:22.0280 0x1618  sffdisk - ok
14:38:22.0296 0x1618  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:38:22.0311 0x1618  sffp_mmc - ok
14:38:22.0311 0x1618  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:38:22.0327 0x1618  sffp_sd - ok
14:38:22.0327 0x1618  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:38:22.0343 0x1618  sfloppy - ok
14:38:22.0374 0x1618  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:38:22.0421 0x1618  SharedAccess - ok
14:38:22.0436 0x1618  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:38:22.0467 0x1618  ShellHWDetection - ok
14:38:22.0467 0x1618  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:38:22.0483 0x1618  SiSRaid2 - ok
14:38:22.0499 0x1618  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:38:22.0514 0x1618  SiSRaid4 - ok
14:38:22.0530 0x1618  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:38:22.0561 0x1618  Smb - ok
14:38:22.0561 0x1618  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:38:22.0577 0x1618  SNMPTRAP - ok
14:38:22.0577 0x1618  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:38:22.0592 0x1618  spldr - ok
14:38:22.0608 0x1618  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:38:22.0623 0x1618  Spooler - ok
14:38:22.0764 0x1618  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:38:22.0857 0x1618  sppsvc - ok
14:38:22.0873 0x1618  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:38:22.0904 0x1618  sppuinotify - ok
14:38:22.0935 0x1618  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:38:22.0951 0x1618  srv - ok
14:38:22.0982 0x1618  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:38:22.0998 0x1618  srv2 - ok
14:38:22.0998 0x1618  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:38:23.0013 0x1618  srvnet - ok
14:38:23.0029 0x1618  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:38:23.0045 0x1618  SSDPSRV - ok
14:38:23.0060 0x1618  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:38:23.0076 0x1618  SstpSvc - ok
14:38:23.0107 0x1618  [ AFE32AFD30464FC59CB8E88DC72F66FA, 24644F8AA47E61B98EF867BE18A9BE383822D64F3AADF2ED35E42FBFBA7B340F ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:38:23.0279 0x1618  Steam Client Service - ok
14:38:23.0279 0x1618  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:38:23.0294 0x1618  stexstor - ok
14:38:23.0294 0x1618  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
14:38:23.0310 0x1618  StillCam - ok
14:38:23.0325 0x1618  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:38:23.0357 0x1618  stisvc - ok
14:38:23.0357 0x1618  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:38:23.0372 0x1618  swenum - ok
14:38:23.0388 0x1618  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:38:23.0450 0x1618  swprv - ok
14:38:23.0528 0x1618  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
14:38:23.0653 0x1618  SysMain - ok
14:38:23.0653 0x1618  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:38:23.0684 0x1618  TabletInputService - ok
14:38:23.0700 0x1618  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:38:23.0747 0x1618  TapiSrv - ok
14:38:23.0762 0x1618  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:38:23.0793 0x1618  TBS - ok
14:38:23.0856 0x1618  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:38:23.0903 0x1618  Tcpip - ok
14:38:23.0965 0x1618  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:38:24.0012 0x1618  TCPIP6 - ok
14:38:24.0027 0x1618  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:38:24.0027 0x1618  tcpipreg - ok
14:38:24.0043 0x1618  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:38:24.0059 0x1618  TDPIPE - ok
14:38:24.0059 0x1618  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:38:24.0074 0x1618  TDTCP - ok
14:38:24.0090 0x1618  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:38:24.0105 0x1618  tdx - ok
14:38:24.0121 0x1618  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:38:24.0121 0x1618  TermDD - ok
14:38:24.0137 0x1618  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
14:38:24.0168 0x1618  TermService - ok
14:38:24.0168 0x1618  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:38:24.0183 0x1618  Themes - ok
14:38:24.0199 0x1618  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:38:24.0215 0x1618  THREADORDER - ok
14:38:24.0230 0x1618  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:38:24.0246 0x1618  TrkWks - ok
14:38:24.0261 0x1618  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:38:24.0293 0x1618  TrustedInstaller - ok
14:38:24.0293 0x1618  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:38:24.0324 0x1618  tssecsrv - ok
14:38:24.0324 0x1618  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:38:24.0339 0x1618  TsUsbFlt - ok
14:38:24.0339 0x1618  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:38:24.0355 0x1618  TsUsbGD - ok
14:38:24.0371 0x1618  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:38:24.0386 0x1618  tunnel - ok
14:38:24.0402 0x1618  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:38:24.0417 0x1618  uagp35 - ok
14:38:24.0433 0x1618  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:38:24.0480 0x1618  udfs - ok
14:38:24.0495 0x1618  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:38:24.0511 0x1618  UI0Detect - ok
14:38:24.0511 0x1618  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:38:24.0527 0x1618  uliagpkx - ok
14:38:24.0542 0x1618  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:38:24.0542 0x1618  umbus - ok
14:38:24.0558 0x1618  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:38:24.0573 0x1618  UmPass - ok
14:38:24.0589 0x1618  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:38:24.0620 0x1618  upnphost - ok
14:38:24.0620 0x1618  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
14:38:24.0651 0x1618  usbccgp - ok
14:38:24.0651 0x1618  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:38:24.0667 0x1618  usbcir - ok
14:38:24.0683 0x1618  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:38:24.0683 0x1618  usbehci - ok
14:38:24.0698 0x1618  [ 858BE9C0E498C8E505E198E17EECE0D9, 6720DEE3620325742FA5D3481534C703A7D7DEAFABEE08652843357E8FC97FA1 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
14:38:24.0698 0x1618  usbfilter - ok
14:38:24.0714 0x1618  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:38:24.0729 0x1618  usbhub - ok
14:38:24.0745 0x1618  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:38:24.0745 0x1618  usbohci - ok
14:38:24.0745 0x1618  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
14:38:24.0776 0x1618  usbprint - ok
14:38:24.0776 0x1618  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:38:24.0792 0x1618  USBSTOR - ok
14:38:24.0807 0x1618  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:38:24.0823 0x1618  usbuhci - ok
14:38:24.0823 0x1618  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:38:24.0854 0x1618  UxSms - ok
14:38:24.0854 0x1618  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
14:38:24.0870 0x1618  VaultSvc - ok
14:38:24.0870 0x1618  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:38:24.0870 0x1618  vdrvroot - ok
14:38:24.0901 0x1618  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:38:24.0963 0x1618  vds - ok
14:38:24.0963 0x1618  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:38:24.0979 0x1618  vga - ok
14:38:24.0995 0x1618  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:38:25.0010 0x1618  VgaSave - ok
14:38:25.0026 0x1618  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:38:25.0057 0x1618  vhdmp - ok
14:38:25.0057 0x1618  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:38:25.0073 0x1618  viaide - ok
14:38:25.0088 0x1618  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:38:25.0088 0x1618  volmgr - ok
14:38:25.0104 0x1618  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:38:25.0119 0x1618  volmgrx - ok
14:38:25.0135 0x1618  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:38:25.0151 0x1618  volsnap - ok
14:38:25.0166 0x1618  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:38:25.0182 0x1618  vsmraid - ok
14:38:25.0260 0x1618  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:38:25.0385 0x1618  VSS - ok
14:38:25.0385 0x1618  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:38:25.0400 0x1618  vwifibus - ok
14:38:25.0431 0x1618  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:38:25.0478 0x1618  W32Time - ok
14:38:25.0494 0x1618  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:38:25.0509 0x1618  WacomPen - ok
14:38:25.0509 0x1618  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:38:25.0541 0x1618  WANARP - ok
14:38:25.0541 0x1618  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:38:25.0572 0x1618  Wanarpv6 - ok
14:38:25.0634 0x1618  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:38:25.0728 0x1618  wbengine - ok
14:38:25.0743 0x1618  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:38:25.0775 0x1618  WbioSrvc - ok
14:38:25.0790 0x1618  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:38:25.0821 0x1618  wcncsvc - ok
14:38:25.0837 0x1618  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:38:25.0853 0x1618  WcsPlugInService - ok
14:38:25.0853 0x1618  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
14:38:25.0868 0x1618  Wd - ok
14:38:25.0915 0x1618  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:38:25.0931 0x1618  Wdf01000 - ok
14:38:25.0946 0x1618  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:38:25.0946 0x1618  WdiServiceHost - ok
14:38:25.0962 0x1618  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:38:25.0977 0x1618  WdiSystemHost - ok
14:38:25.0993 0x1618  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
14:38:26.0024 0x1618  WebClient - ok
14:38:26.0024 0x1618  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:38:26.0071 0x1618  Wecsvc - ok
14:38:26.0087 0x1618  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:38:26.0102 0x1618  wercplsupport - ok
14:38:26.0118 0x1618  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:38:26.0133 0x1618  WerSvc - ok
14:38:26.0149 0x1618  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:38:26.0165 0x1618  WfpLwf - ok
14:38:26.0165 0x1618  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:38:26.0196 0x1618  WIMMount - ok
14:38:26.0196 0x1618  WinDefend - ok
14:38:26.0196 0x1618  WinHttpAutoProxySvc - ok
14:38:26.0211 0x1618  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:38:26.0243 0x1618  Winmgmt - ok
14:38:26.0321 0x1618  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:38:26.0445 0x1618  WinRM - ok
14:38:26.0445 0x1618  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:38:26.0477 0x1618  WinUsb - ok
14:38:26.0508 0x1618  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:38:26.0586 0x1618  Wlansvc - ok
14:38:26.0664 0x1618  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:38:26.0711 0x1618  wlidsvc - ok
14:38:26.0711 0x1618  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:38:26.0742 0x1618  WmiAcpi - ok
14:38:26.0757 0x1618  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:38:26.0789 0x1618  wmiApSrv - ok
14:38:26.0789 0x1618  WMPNetworkSvc - ok
14:38:26.0789 0x1618  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:38:26.0804 0x1618  WPCSvc - ok
14:38:26.0820 0x1618  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:38:26.0820 0x1618  WPDBusEnum - ok
14:38:26.0835 0x1618  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:38:26.0867 0x1618  ws2ifsl - ok
14:38:26.0882 0x1618  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
14:38:26.0898 0x1618  wscsvc - ok
14:38:26.0898 0x1618  WSearch - ok
14:38:26.0960 0x1618  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:38:27.0023 0x1618  wuauserv - ok
14:38:27.0023 0x1618  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:38:27.0038 0x1618  WudfPf - ok
14:38:27.0054 0x1618  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:38:27.0069 0x1618  WUDFRd - ok
14:38:27.0085 0x1618  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:38:27.0101 0x1618  wudfsvc - ok
14:38:27.0116 0x1618  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:38:27.0147 0x1618  WwanSvc - ok
14:38:27.0147 0x1618  ================ Scan global ===============================
14:38:27.0147 0x1618  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:38:27.0163 0x1618  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:38:27.0179 0x1618  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:38:27.0179 0x1618  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:38:27.0194 0x1618  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:38:27.0210 0x1618  [ Global ] - ok
14:38:27.0210 0x1618  ================ Scan MBR ==================================
14:38:27.0210 0x1618  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
14:38:27.0225 0x1618  \Device\Harddisk2\DR2 - ok
14:38:27.0225 0x1618  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
14:38:27.0272 0x1618  \Device\Harddisk0\DR0 - ok
14:38:27.0272 0x1618  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:38:27.0444 0x1618  \Device\Harddisk1\DR1 - ok
14:38:27.0444 0x1618  ================ Scan VBR ==================================
14:38:27.0444 0x1618  [ B52DB29D3EBE4FC73A9CCDC147EFB3C2 ] \Device\Harddisk2\DR2\Partition1
14:38:27.0444 0x1618  \Device\Harddisk2\DR2\Partition1 - ok
14:38:27.0475 0x1618  [ 8A7481C6D6514E4B806D8191C699FB2B ] \Device\Harddisk0\DR0\Partition1
14:38:27.0475 0x1618  \Device\Harddisk0\DR0\Partition1 - ok
14:38:27.0475 0x1618  [ C37B87D7C50EEE27CFB56B6971DBC4EB ] \Device\Harddisk1\DR1\Partition1
14:38:27.0475 0x1618  \Device\Harddisk1\DR1\Partition1 - ok
14:38:27.0475 0x1618  [ 7190A6602AB8F42EFE5EC26953A88354 ] \Device\Harddisk1\DR1\Partition2
14:38:27.0475 0x1618  \Device\Harddisk1\DR1\Partition2 - ok
14:38:27.0475 0x1618  [ E81F9B961B3726B2A6EC73737A4196A9 ] \Device\Harddisk1\DR1\Partition3
14:38:27.0475 0x1618  \Device\Harddisk1\DR1\Partition3 - ok
14:38:27.0491 0x1618  ================ Scan generic autorun ======================
14:38:27.0865 0x1618  [ 8CB8E0C93C5459B45BE1FA628FB0D761, F06830359F11515BA1CA5EC061F5B254E5A4676FBEC8AFAC23B56BB413B7E63F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:38:28.0052 0x1618  RtHDVCpl - ok
14:38:28.0083 0x1618  [ 358C81ADA09E0B6906DB82EA75B836D5, B0F0FAB3D6A3541010D3CF810D6C0005E9C5556F226A71AFA2AEB22C981EC0F3 ] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
14:38:28.0083 0x1618  NUSB3MON - detected UnsignedFile.Multi.Generic ( 1 )
14:38:30.0954 0x1618  Detect skipped due to KSN trusted
14:38:30.0954 0x1618  NUSB3MON - ok
14:38:30.0969 0x1618  [ 32AC3889C598A7314954CF515E716BDE, DE843C6B523C60776401F799C01948DDC383442B2CEAC2002A867DC860949AFE ] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe
14:38:30.0985 0x1618  IndexSearch - ok
14:38:30.0985 0x1618  [ 7D46CE32283158EB7F1D0C8E02D8DDD1, DF68039E55E90EFAB90E5FC8DE79E66CEDECB99EB353C4F349375732AAEF1BE1 ] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
14:38:30.0985 0x1618  PaperPort PTD - ok
14:38:31.0016 0x1618  [ 9F0ACAA725CF5A391AF7E2067AE45746, CA7F3C2C9D4DCB135ECBFFEB3448D272552B5DB720E0A526B4AC07B1F5E8BC9E ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
14:38:31.0032 0x1618  PDFHook - ok
14:38:31.0047 0x1618  [ 154420A93E4F676AA33A055A116255D9, DF76577C22EBB439DF2B72D1B6B7A465F067CCEC886FC7A7FB337865DA1DB914 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
14:38:31.0047 0x1618  PDF5 Registry Controller - ok
14:38:31.0063 0x1618  [ 1DF3DCE54EDF5E85D15BA381ED98FAC3, 91CDEC8ADD48A40AB4D4E49B5AF0CEB01AA7A063B6C2103E16038D46C417868F ] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
14:38:31.0063 0x1618  ControlCenter4 - detected UnsignedFile.Multi.Generic ( 1 )
14:38:33.0762 0x1618  Detect skipped due to KSN trusted
14:38:33.0762 0x1618  ControlCenter4 - ok
14:38:33.0871 0x1618  [ 63E9C23A386FFFA84B5E03BFF9B628F0, A370962791EFC4B10548AAD31F89A2B288FBD5BDBF5749323C2D98C14DFB8B49 ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
14:38:33.0965 0x1618  BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
14:38:36.0679 0x1618  Detect skipped due to KSN trusted
14:38:36.0679 0x1618  BrStsMon00 - ok
14:38:36.0695 0x1618  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:38:36.0710 0x1618  Adobe ARM - ok
14:38:36.0741 0x1618  [ 3CD5FD3FED5388DC01A072DB5D06C9CD, BED3D0CE4EF7A8D0FAB8B1E2E519D2B7F9BB81E62F5CBC6C968179FC20956165 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
14:38:36.0757 0x1618  StartCCC - ok
14:38:36.0773 0x1618  [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:38:36.0788 0x1618  SunJavaUpdateSched - ok
14:38:36.0835 0x1618  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:38:36.0866 0x1618  Sidebar - ok
14:38:36.0882 0x1618  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:38:36.0897 0x1618  mctadmin - ok
14:38:36.0944 0x1618  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:38:36.0975 0x1618  Sidebar - ok
14:38:36.0991 0x1618  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:38:37.0007 0x1618  mctadmin - ok
14:38:37.0007 0x1618  [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
14:38:37.0022 0x1618  ISUSPM - ok
14:38:37.0022 0x1618  Waiting for KSN requests completion. In queue: 8
14:38:38.0036 0x1618  Waiting for KSN requests completion. In queue: 8
14:38:39.0050 0x1618  Waiting for KSN requests completion. In queue: 8
14:38:40.0080 0x1618  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x41000 ( enabled : updated )
14:38:40.0095 0x1618  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmifw.exe ( 14.0.0.4651 ), 0x41010 ( enabled )
14:38:42.0825 0x1618  ============================================================
14:38:42.0825 0x1618  Scan finished
14:38:42.0825 0x1618  ============================================================
14:38:42.0825 0x14fc  Detected object count: 0
14:38:42.0825 0x14fc  Actual detected object count: 0
14:39:50.0137 0x1120  Deinitialize success
         
Hallo,

noch was zu dem Malwarefund:

Ich rufe mit Windows Live Mail meine Emails ab. Gestern hat es mir mein Adressbuch von Live Mail zerstört als ich aufgefordert wurde meine Emails zu komprimieren. Daraufhin waren aus einem ominösen Grund alle meine Emails weg. Dazu muss ich sagen ich habe die Ordner die Windows Live Mail erstellt auf einer anderen Partition gespeichert. um falls ich meinen Rechner neu aufsetzen muss Zugriff auf meine Emails zu behalten. Ich habe also über die Optionen von Windows Live Mail den Ordner wieder zugeordnet. Anschließend habe ich Kaspersky laufen lassen und dann wurde die Malware gefunden. Ich habe Kaspersky mit der "höchsten Sicherheit" laufen lassen.


Alt 23.10.2014, 11:10   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Standard

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden



Die Funde sind nur in deinem Posteingang. Du hast da irgend eine mail drin mit anhang, und dieser Anhang ist die malware.
__________________
--> Beim Virenscan Malware backdoor.win32.androm.eutw gefunden

Alt 23.10.2014, 13:55   #7
coldmorning
 
Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Standard

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden



Hallo,

hab ich mir schon gedacht. Laut Log von kaspersky sind die Mails von meinem Emailaccount von Freenet. Also lösche ich die Mails mit Kaspersky und das dürfte es dann gewesen sein oder?


Mfg

Kaspersky hat die Dateien jetzt anscheinend gelöscht, die Meldung das sich Malware auf meinem Rechner befindet ist weg. Ich habe nochmal einen Suchlauf gemacht und nichts mehr gefunden. Muss dazu sagen das vorhin meine Mum am Rechner war vielleicht hat sie irgendwas gedrückt oder eingestellt. Und was jetzt? Normalerweise dürfte das ja auch nicht so schlimm sein weil ich die Email und den Anhang nicht geöffnet und nix ausgeführt habe...

Edit: Meine Mum meint sie hat nichts gedrückt. Glaub ich aber nicht so ganz. Naja ändern kann man es jetzt eh nicht mehr.

Geändert von coldmorning (23.10.2014 um 14:46 Uhr)

Alt 24.10.2014, 08:04   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Standard

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden



Solange Du den Anhang nicht öffnest und ausführst passiert da nix
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.10.2014, 14:28   #9
coldmorning
 
Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Standard

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden



Hi,

Sorry ich muss dich nochmal stören, vielleicht kannst du mir ja weiterhelfen.

Mein Rechner bootet nicht mehr. Das hat nix mit dem Virus zu tun glaube ich weil ich meinen Rechner nachdem ich den Virus gelöscht habe ne Zeit lang ganz normal hochfahren konnte...

Wenn ich boote dauert es ca. 1. Minute bis der Bootbildschirm (der Bildschirm wo ich auf das Bios und andere Funktonen zugreifen kann) dann kommt ein schwarzer Bildschirm und anschließend die Nachricht: "Reboot and select proper Boot device or insert boot media in selected boot device and press any key".

Ich war daraufhin im Bios weil ich vermutete das was mit der Bootreihenfolge nicht stimmt, das hat sich aber nicht bestätigt da hat alles gepasst.

Was mir aufgefallen ist ist, das eine Festplatte nicht mehr erkannt wird, da liegt der Hase im Pfeffer.

Es ist so das ich Windows auf einer SSD installiert habe. Ich habe die Auslagerungsdatei von Windows auf die Festplatte verschoben die jetzt nicht mehr erkannt wird.

Ich denke weil Windows nicht mehr auf die Auslagerungsdatei zugreifen kann startet es nicht mehr. Kann das sein?

Ich wollte FRST laufen lassen das geht aber nicht weil ich nicht mehr ins Windows Boot Menu rein komme.

ich war auch mit der Rescue Disk von Kaspersky drauf, die hat die Festplatte auch nicht mehr erkannt.

Ist meine Platte jetzt futsch?

Das wäre sehr schlecht weil da alle meine Daten drauf sind :-/.

Hallo,

ich habe mal Testweise einen anderen SATA Port benutzt, jetzt geht's wieder. Muss also an meinem Mainboard liegen. Ich behalte das mal im Auge, wenn ja muss ich mir halt mal ein anderes Board besorgen.

Alt 25.10.2014, 08:10   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Standard

Beim Virenscan Malware backdoor.win32.androm.eutw gefunden



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Beim Virenscan Malware backdoor.win32.androm.eutw gefunden
appdata, bytes, c:\windows, cache, code, datei, driver, files, foto, free, ics, kaspersky, live, mail, malware, microsoft, pdf, rechner, scan, system, system32, usb, windows, windows live, windows live mail



Ähnliche Themen: Beim Virenscan Malware backdoor.win32.androm.eutw gefunden


  1. WinXP Kaspersky findet Backdoor.win32.androm.ihru
    Plagegeister aller Art und deren Bekämpfung - 05.10.2015 (24)
  2. Bitte dringend um Hilfe - Backdoor.Win32.Androm.henq Trojaner Macbook
    Plagegeister aller Art und deren Bekämpfung - 11.06.2015 (7)
  3. Windows 8: Trojaner (Backdoor.Win32.Androm.gjvy) auf Computer nach öffnen einer Email für pay pal Rechnung
    Log-Analyse und Auswertung - 25.03.2015 (13)
  4. Backdoor.Bot - gefunden durch Malewarebytes Anti Malware
    Plagegeister aller Art und deren Bekämpfung - 10.03.2015 (5)
  5. Win32: Malware-gen / Win32: Trojan-gen bei Routinescan mit AVAST gefunden! Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (5)
  6. PC langsam, hängt sich beim Surfen auf, Bluescreen, Advanced System Protector, Win32:Dropper-gen, Win32:Malware-gen, Win32:Rootkit-gen u.a.
    Log-Analyse und Auswertung - 07.02.2015 (12)
  7. Backdoor.Win32.Androm.fxul
    Log-Analyse und Auswertung - 10.01.2015 (7)
  8. Windows 7: “Trojan.Win32.Jorik.Androm.pep”
    Log-Analyse und Auswertung - 19.05.2014 (33)
  9. Email- und Ebaykonto missbraucht: TR/Fraud.Gen8 und TR/Crypt.TPM.Gen beim Virenscan gefunden
    Log-Analyse und Auswertung - 16.01.2014 (7)
  10. Kaspersky findet Backdoor.Win32.Androm.cue
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (17)
  11. BDS/Androm.nbnv [backdoor] gefunden
    Log-Analyse und Auswertung - 25.10.2013 (3)
  12. 3 Trojianer gefunden: Win32: Sirefef-AVF, JS: ScriptPE-inf, Win32: Malware-gen
    Log-Analyse und Auswertung - 02.02.2013 (4)
  13. Probleme beim Online-Banking: Trojan.Win32.Generic!BT, Win32.Backdoor.Papras/A und andere...
    Log-Analyse und Auswertung - 06.11.2010 (19)
  14. Pc lahmt .Backdoor.ieboot,siszpe.exe und Malware gefunden und nun?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2010 (19)
  15. Gefunden: Backdoor.Win32.Shark.dxa
    Log-Analyse und Auswertung - 07.04.2009 (8)
  16. backdoor.win32.rbot.gen gefunden
    Log-Analyse und Auswertung - 19.09.2006 (4)
  17. Backdoor.Win32.Cakl.a GEFUNDEN
    Plagegeister aller Art und deren Bekämpfung - 14.05.2006 (9)

Zum Thema Beim Virenscan Malware backdoor.win32.androm.eutw gefunden - Hallo, nachdem ich den Rechner meines Kumpels mit eurer Hilfe gereinigt hat schein es mich nun auch getroffen zu haben. Hab mit Kaspersky einen Virenscan gemacht und promt Malware gefunden. - Beim Virenscan Malware backdoor.win32.androm.eutw gefunden...
Archiv
Du betrachtest: Beim Virenscan Malware backdoor.win32.androm.eutw gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.