| |
| |||||||
Log-Analyse und Auswertung: Win7 gesamtes System sehr langsam, Windows Explorer stürzt abWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.01.2015, 23:26
| #1 |
 |  Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Hallo, seit einiger Zeit ist mein PC extrem langsam bei: - Booten als auch beim Herunterfahren - Programmstarts, alle - Netzwerkverbindungsaufbau - laden von Webseiten - laden von Videos im Browser(Firefox) - Texteingabe in google Suchleiste hackt öfters für einige Sekunden bis ich weiter schreiben kann - Bootmenü zeigt die XP-Installation (auf C: ) nicht mehr an - Windows Explorer "funktioniert" öfters nicht mehr und wird neu gestartet Da ich einen Malewarebefall vermute, habe ich bereits vor Wochen zwecklos versucht die Probleme zu lösen und zwar mit Malewarebytes, Adwcleaner, Avast, Spybot, CCleaner. Hiervon habe ich leider keine Logs mehr. In den letzten Tagen habe ich nochmals einen Systemstartscan mit Avast und heute sfc /scannow gemacht. Beide ohne Funde oder Fehler. In der Hoffnung auf Hilfe danke ich im Voraus für Eure Bemühungen. |
|
19.01.2015, 06:38
| #2 |
| /// the machine /// TB-Ausbilder    | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
19.01.2015, 13:28
| #3 |
| | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Hallo Schrauber,
__________________sorry habe die Anleitung nicht aufmerksam genug durchgelesen. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2015 01
Ran by Benutzer1 (ATTENTION: The logged in user is not administrator) on HAL9000 on 18-01-2015 20:27:40
Running from F:\Benutzer1\Downloads
Loaded Profiles: Benutzer1 (Available profiles: Benutzer1 & Verwalter & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ArcSoft Inc.) E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Geek Software GmbH) E:\Program Files\PDF24\pdf24.exe
(Safer-Networking Ltd.) E:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) E:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) E:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) E:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) E:\Program Files\Mozilla Thunderbird\thunderbird.exe
(TeamViewer GmbH) E:\Program Files\TeamViewer\Version9\TeamViewer.exe
(ATI Technologies Inc.) E:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) E:\Windows\System32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ArcSoft Connection Service] => E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [ATICustomerCare] => E:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [JMB36X IDE Setup] => E:\Windows\RaidTool\xInsIDE.exe [43608 2011-02-19] ()
HKLM\...\Run: [snp2std] => E:\Windows\vsnp2std.exe [339968 2005-10-20] (Sonix)
HKLM\...\Run: [PDFPrint] => E:\Program Files\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM\...\Run: [SDTray] => E:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM\...\Run: [StartCCC] => E:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => E:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2520397458-1347444898-344901188-1004\...\Run: [CCleaner Monitoring] => E:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2520397458-1347444898-344901188-1004\...\MountPoints2: {4a27eaa7-5b3d-11e4-bab8-001a92821421} - I:\SetupWi-Fi.exe
HKU\S-1-5-21-2520397458-1347444898-344901188-1004\...\MountPoints2: {d94ce83b-5ad4-11e4-b3f5-001a92821421} - I:\SetupWi-Fi.exe
HKU\S-1-5-21-2520397458-1347444898-344901188-1004\...\MountPoints2: {eac4ab6b-a63d-11e3-b1c7-001a92821421} - I:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2520397458-1347444898-344901188-1004\...\MountPoints2: {eac4ac1d-a63d-11e3-b1c7-001a92821421} - I:\setup_vmb_lite.exe /checkApplicationPresence
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2520397458-1347444898-344901188-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/it-it/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yahoo! Toolbar -> {EF2D6E36-5C05-4F40-B861-9E909B5BAE09} -> F:\Verwalter\AppData\Roaming\YahooToolbar\IE\YahooToolbar.dll No File
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default
FF DefaultSearchEngine: Google BRD
FF SelectedSearchEngine: Google BRD
FF Homepage: https://meta.rrzn.uni-hannover.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> E:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> E:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> E:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> E:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\-booklooker.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\-normattiva-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\-pons-wrterbuch-multilingual.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\abebooksde.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\aiuto---wikipedia.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\booklookerde.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\coniuga.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\dictcc.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ebay-annunci.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ebayclassicoit.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ebayde.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ebayit---annunci.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ebayit.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\garzanti-dizionario.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\garzanti-linguistica.undefined.undefined
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\garzanti-linguistica.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\geizhals-at.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\geizkragen.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\google-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\google-bersetzer.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\google-deutsch.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\google-usa.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\hilfebersicht--wikipedia.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\iate---suchergebnis.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ip-whois-lookup-domain-name-search-visual-trace-route---da-w.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\it-lexikon.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\itflexidict.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ixquick-web-suchen.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\kontext-wrterbuch-multilingual.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\leo-ita-de.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\lexbrowser.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\maremagnum---cerca-tra-6000000-di-libri-antichi-e-moderni.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\metacrawlerweb-search-home-page.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\metager-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\metager-sicher-suchen--finden-privatsphre-schtzen-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\metager-sicher-suchen--finden-privatsphre-schtzen.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\metager.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\metager2de.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\oecd-ilibrary.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\online-lexikon---wrterbuch---bersetzungen-und-synonyme.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\preissuchmaschinede---ihr-preisvergleich---deutschland.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\preissuchmaschinede.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ptc-investigations.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\query-the-ripe-database.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\selfhtml.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\treccani-vocabolario-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\trova-prezzi.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wikimedia-commons.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wikipedia-en-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wikipedia-italiano.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wikizionario-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wikizionario.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wiktionary-de.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wortschatz.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wrterbuch-canoonet.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\xvideoscom.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\yahoo-babel-fish.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\youtubede.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\zvab.xml
FF Extension: FoxyDeal - F:\Benutzer1\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-03-27]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\artur.dubovoy@gmail.com [2015-01-08]
FF Extension: German Dictionary - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-11]
FF Extension: British English Dictionary - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2011-03-05]
FF Extension: United States English Spellchecker - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-24]
FF Extension: Italian dictionary - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\it-IT@dictionaries.addons.mozilla.org [2014-08-05]
FF Extension: Organize Search Engines - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\organize-search-engines@maltekraus.de [2011-03-16]
FF Extension: Firefox OS Simulator - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\r2d2b2g@mozilla.org [2014-07-03]
FF Extension: IE Tab 2 (FF 3.6+) - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-16]
FF Extension: Add to Search Bar - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2013-11-09]
FF Extension: Ghostery - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\firefox@ghostery.com.xpi [2013-08-17]
FF Extension: Google search link fix - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2012-02-09]
FF Extension: Flagfox - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-09]
FF Extension: ScrapBook - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-07-16]
FF Extension: Context Search - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi [2013-10-04]
FF Extension: Cookie Controller - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2012-02-17]
FF Extension: Update Scanner - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi [2012-02-08]
FF Extension: Adblock Plus - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-28]
FF Extension: BetterPrivacy - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-02-17]
FF Extension: Tab Mix Plus - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-02-10]
FF Extension: No Name - E:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-11]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-11]
CHR Extension: (Google Docs) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-11]
CHR Extension: (Google Drive) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-24]
CHR Extension: (YouTube) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-11]
CHR Extension: (Google-Suche) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-11]
CHR Extension: (Google Tabellen) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-11]
CHR Extension: (Avast Online Security) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-11]
CHR Extension: (Google Wallet) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-11]
CHR Extension: (Google Mail) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-18]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software)
R2 c2cautoupdatesvc; E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 lmhosts; E:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; E:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; E:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 SDScannerService; E:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; E:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; E:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 uCamMonitor; E:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 WinDefend; E:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; E:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 ArcSoftKsUFilter; E:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.)
R2 aswHwid; E:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-18] ()
R2 aswMonFlt; E:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-18] (AVAST Software)
R1 aswRdr; E:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-18] (AVAST Software)
R0 aswRvrt; E:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-18] ()
R1 aswSnx; E:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; E:\Windows\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
S2 aswStm; E:\Windows\system32\drivers\aswStm.sys [91496 2014-11-18] (AVAST Software)
R0 aswVmm; E:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-18] ()
S3 huawei_cdcacm; E:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2013-01-30] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; E:\Windows\System32\DRIVERS\ew_jucdcecm.sys [69760 2013-01-30] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; E:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-01-30] (Huawei Technologies Co., Ltd.)
R0 JRAID; E:\Windows\System32\DRIVERS\jraid.sys [103000 2011-02-19] (JMicron Technology Corp.)
S3 MBAMSwissArmy; E:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-11-17] (Malwarebytes Corporation)
R3 MTsensor; E:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
U1 nm3; E:\Windows\System32\DRIVERS\nm3.sys [39736 2010-06-09] (Microsoft Corporation)
S3 SNP2STD; E:\Windows\System32\DRIVERS\snp2sxp.sys [10446720 2006-02-20] ()
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
S3 BS_DEF; \??\E:\Windows\system32\drivers\BS_DEF.sys [X]
S3 cmuda3; system32\drivers\cmudax3.sys [X]
S3 S3GIGP; system32\DRIVERS\VTGKModeDX32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 20:27 - 2015-01-18 20:28 - 00025659 _____ () F:\Benutzer1\Downloads\FRST.txt
2015-01-18 20:27 - 2015-01-18 20:27 - 00000000 ____D () E:\FRST
2015-01-18 20:25 - 2015-01-18 20:25 - 01118208 _____ (Farbar) F:\Benutzer1\Downloads\FRST.exe
2015-01-18 20:05 - 2015-01-18 20:05 - 00000000 _____ () F:\Benutzer1\Desktop\Trojaner Board.txt
2015-01-18 19:38 - 2015-01-18 19:38 - 00000480 _____ () F:\Benutzer1\Downloads\defogger_disable.log
2015-01-18 19:38 - 2015-01-18 19:38 - 00000000 _____ () F:\Verwalter\defogger_reenable
2015-01-18 19:36 - 2015-01-18 19:36 - 00050477 _____ () F:\Benutzer1\Downloads\Defogger.exe
2015-01-18 18:58 - 2015-01-18 18:58 - 00102330 _____ () F:\Benutzer1\Desktop\CVInstructions.pdf
2015-01-18 16:21 - 2015-01-18 16:21 - 00420726 _____ () F:\Benutzer1\Documents\Nokia_2730_classic_UG_de.pdf
2015-01-18 16:01 - 2015-01-18 16:01 - 00001905 _____ () F:\Öffentlich\Desktop\Nokia Suite.lnk
2015-01-18 16:01 - 2015-01-18 16:01 - 00000000 ____D () E:\Program Files\Common Files\Nokia
2015-01-18 13:48 - 2015-01-18 13:48 - 00774712 _____ () F:\Benutzer1\Downloads\passreccommandline.zip
2015-01-18 13:48 - 2015-01-18 13:48 - 00000000 ____D () F:\Benutzer1\Downloads\passreccommandline
2015-01-18 13:28 - 2015-01-18 13:29 - 00000009 _____ () F:\Benutzer1\Desktop\BarbaraThurin.txt
2015-01-17 18:15 - 2015-01-17 18:15 - 00102630 _____ () F:\Benutzer1\Downloads\CVInstructions.pdf
2015-01-17 16:29 - 2015-01-17 16:29 - 00000000 ____D () E:\Program Files\Everest Ultimate Edition-550-2100-portable
2015-01-17 16:23 - 2015-01-17 16:23 - 00121713 _____ () F:\Benutzer1\Documents\Unbenannt.wma
2015-01-17 16:19 - 2015-01-17 16:19 - 00000000 ____D () F:\Verwalter\AppData\Local\ElevatedDiagnostics
2015-01-17 16:15 - 2015-01-17 16:15 - 00074896 _____ () F:\Benutzer1\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-16 15:28 - 2015-01-16 17:25 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\PWGen
2015-01-16 15:28 - 2015-01-16 15:28 - 00000813 _____ () F:\Öffentlich\Desktop\PWGen.lnk
2015-01-16 15:27 - 2015-01-16 15:27 - 01403459 _____ (Christian Thoeing ) F:\Benutzer1\Downloads\PWGen-2.5.2-Setup.exe
2015-01-16 14:33 - 2015-01-16 14:33 - 00000000 ____D () F:\Benutzer1\Documents\CrypTool 2 Projects
2015-01-16 14:33 - 2015-01-16 14:33 - 00000000 ____D () F:\Benutzer1\AppData\Local\Distributed_Systems_Group
2015-01-16 14:31 - 2015-01-16 14:31 - 00000000 ____D () F:\Benutzer1\AppData\Local\CrypTool2
2015-01-16 14:30 - 2015-01-16 14:31 - 00000000 ____D () F:\Benutzer1\AppData\Local\CrypTool 2
2015-01-16 14:30 - 2015-01-16 14:30 - 00001054 _____ () F:\Benutzer1\Desktop\CrypTool 2.0 (Stable Build 6222.1).lnk
2015-01-16 14:30 - 2015-01-16 14:30 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrypTool 2
2015-01-16 14:28 - 2015-01-16 14:30 - 61235752 _____ () F:\Benutzer1\Downloads\Setup CrypTool 2.0 (Stable Build 6222.1).exe
2015-01-15 17:47 - 2015-01-15 17:47 - 00000000 ____D () F:\Verwalter\AppData\Roaming\AMD
2015-01-15 17:44 - 2015-01-15 17:44 - 01048928 _____ () F:\Benutzer1\Downloads\Webcam-Test-lnstall.exe
2015-01-15 16:13 - 2015-01-15 16:13 - 00074896 _____ () F:\Verwalter\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 16:09 - 2015-01-15 16:09 - 06431728 _____ (Microsoft Corporation) F:\Benutzer1\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
2015-01-15 15:18 - 2015-01-15 15:19 - 00000000 ____D () E:\Program Files\Mozilla Thunderbird
2015-01-15 14:19 - 2015-01-15 14:21 - 28488056 _____ (Sony Mobile Communications ) F:\Benutzer1\Downloads\Sony PC Companion_Web.exe
2015-01-15 01:57 - 2015-01-15 01:57 - 00000000 ____D () E:\Program Files\Mozilla Firefox
2015-01-15 01:47 - 2015-01-15 01:47 - 00000000 ____D () E:\Program Files\Common Files\Java
2015-01-15 01:46 - 2015-01-15 01:46 - 00096680 _____ (Oracle Corporation) E:\Windows\system32\WindowsAccessBridge.dll
2015-01-15 01:44 - 2015-01-15 01:44 - 00638888 _____ (Oracle Corporation) F:\Benutzer1\Downloads\jxpiinstall.exe
2015-01-14 21:48 - 2015-01-14 21:50 - 00524288 ___SH () F:\Verwalter\NTUSER.DAT{237f2e0a-9be3-11e4-9560-001a92821421}.TMContainer00000000000000000002.regtrans-ms
2015-01-14 21:48 - 2015-01-14 21:50 - 00524288 ___SH () F:\Verwalter\NTUSER.DAT{237f2e0a-9be3-11e4-9560-001a92821421}.TMContainer00000000000000000001.regtrans-ms
2015-01-14 21:48 - 2015-01-14 21:50 - 00065536 ___SH () F:\Verwalter\NTUSER.DAT{237f2e0a-9be3-11e4-9560-001a92821421}.TM.blf
2015-01-14 12:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) E:\Windows\system32\profsvc.dll
2015-01-14 12:57 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) E:\Windows\system32\ntkrnlpa.exe
2015-01-14 12:57 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) E:\Windows\system32\ntoskrnl.exe
2015-01-14 12:57 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) E:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:56 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) E:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:56 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) E:\Windows\system32\nlasvc.dll
2015-01-11 19:32 - 2015-01-11 19:32 - 00001312 _____ () F:\Öffentlich\Desktop\LibreOffice 4.3.lnk
2015-01-11 19:25 - 2015-01-11 19:32 - 00000000 ____D () E:\Program Files\LibreOffice 4
2015-01-11 18:50 - 2015-01-11 18:50 - 00001013 _____ () F:\Benutzer1\Desktop\everest - Verknüpfung.lnk
2015-01-11 18:49 - 2015-01-11 18:49 - 00000000 ____D () E:\EVEREST Corporate Edition
2015-01-11 18:06 - 2015-01-18 19:43 - 00007321 _____ () E:\Windows\setupact.log
2015-01-11 18:06 - 2015-01-11 18:06 - 00000000 _____ () E:\Windows\setuperr.log
2015-01-11 18:05 - 2015-01-12 09:15 - 00331800 _____ () E:\Windows\system32\FNTCACHE.DAT
2015-01-11 18:05 - 2015-01-11 18:05 - 00000556 _____ () E:\Windows\PFRO.log
2015-01-08 14:20 - 2015-01-08 14:20 - 00000000 ____D () F:\Verwalter\AppData\Roaming\AVAST Software
2015-01-07 21:25 - 2015-01-07 21:25 - 00000000 __SHD () F:\$RECYCLE.BIN\S-1-5-21-716629682-580113450-550959826-1000
2015-01-02 15:14 - 2015-01-02 15:14 - 00000136 _____ () E:\Windows\system\Dlap.pfx
2015-01-02 15:14 - 2009-04-02 16:59 - 00143360 _____ () E:\Windows\system\VmixP6.dll
2015-01-02 15:12 - 2009-08-19 16:00 - 00303104 _____ () E:\Windows\system32\CmiInstallResAll.dll
2015-01-02 15:12 - 2006-10-06 05:47 - 00319968 _____ (Microsoft Corporation) E:\Windows\difxapi.dll
2014-12-19 18:07 - 2014-12-20 00:21 - 00000000 ____D () F:\Benutzer1\Documents\Radar Colle Santa Lucia
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 20:28 - 2011-03-01 17:41 - 07602176 ___SH () F:\Benutzer1\NTUSER.DAT
2015-01-18 20:28 - 2011-03-01 17:41 - 07602176 ___SH () F:\Benutzer1\NTUSER.DAT
2015-01-18 20:28 - 2011-03-01 17:41 - 00000000 ____D () F:\Benutzer1\AppData\Local\Temp
2015-01-18 20:27 - 2011-03-01 17:41 - 00262144 ___SH () F:\Benutzer1\ntuser.dat.LOG1
2015-01-18 20:27 - 2011-03-01 17:41 - 00262144 ___SH () F:\Benutzer1\ntuser.dat.LOG1
2015-01-18 20:27 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Downloads
2015-01-18 20:27 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Downloads
2015-01-18 20:05 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Desktop
2015-01-18 20:05 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Desktop
2015-01-18 20:02 - 2012-09-02 12:00 - 00000884 _____ () E:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 19:51 - 2009-07-14 05:34 - 00023056 ____H () E:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 19:51 - 2009-07-14 05:34 - 00023056 ____H () E:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 19:47 - 2011-02-19 16:56 - 01517359 _____ () E:\Windows\WindowsUpdate.log
2015-01-18 19:44 - 2011-03-01 17:41 - 00000000 ____D () F:\Benutzer1\AppData\Local
2015-01-18 19:43 - 2014-11-11 08:50 - 00001094 _____ () E:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 19:43 - 2009-07-14 05:53 - 00000006 ____H () E:\Windows\Tasks\SA.DAT
2015-01-18 19:42 - 2011-03-05 15:36 - 06029312 ___SH () F:\Verwalter\NTUSER.DAT
2015-01-18 19:41 - 2014-11-11 11:29 - 03976572 ____H () F:\Benutzer1\AppData\Local\IconCache.db
2015-01-18 19:40 - 2011-02-27 15:55 - 00000000 __SHD () F:\$RECYCLE.BIN\S-1-5-21-2520397458-1347444898-344901188-1004
2015-01-18 19:32 - 2014-11-11 08:51 - 00001098 _____ () E:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 19:31 - 2011-03-03 11:43 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\Macromedia
2015-01-18 18:59 - 2011-03-01 13:31 - 00000000 ____D () F:\Benutzer1\Documents\Lebenslauf
2015-01-18 16:21 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Documents
2015-01-18 16:21 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Documents
2015-01-18 16:04 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Pictures
2015-01-18 16:04 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Pictures
2015-01-18 16:02 - 2011-03-05 15:36 - 00262144 ___SH () F:\Verwalter\ntuser.dat.LOG1
2015-01-18 16:02 - 2011-03-05 15:36 - 00000000 ____D () F:\Verwalter\AppData\Local\Temp
2015-01-18 16:01 - 2011-03-03 13:42 - 00000000 __RHD () F:\Öffentlich\Desktop
2015-01-18 13:04 - 2014-03-21 13:24 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\TeamViewer
2015-01-17 19:30 - 2013-04-18 14:03 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\vlc
2015-01-17 16:19 - 2011-03-05 15:36 - 00000000 ____D () F:\Verwalter\AppData\Local
2015-01-17 16:10 - 2014-05-14 18:22 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\Skype
2015-01-16 15:28 - 2011-03-01 17:41 - 00000000 ____D () F:\Benutzer1\AppData\Roaming
2015-01-16 14:30 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2015-01-16 11:43 - 2012-07-24 13:24 - 00000000 ____D () E:\Program Files\Mozilla Maintenance Service
2015-01-15 18:29 - 2014-02-25 23:37 - 00000000 ____D () E:\Program Files\Spybot - Search & Destroy 2
2015-01-15 18:01 - 2011-03-05 15:36 - 00000000 ___RD () F:\Verwalter\Downloads
2015-01-15 17:47 - 2011-03-05 15:36 - 00000000 ____D () F:\Verwalter\AppData\Roaming
2015-01-15 16:39 - 2011-03-05 15:38 - 02423249 ____H () F:\Verwalter\AppData\Local\IconCache.db
2015-01-15 16:13 - 2011-03-05 15:36 - 00000000 ____D () F:\Verwalter\AppData\Local\Microsoft
2015-01-15 14:34 - 2014-11-11 08:52 - 00001971 _____ () F:\Öffentlich\Desktop\Google Chrome.lnk
2015-01-15 02:13 - 2013-08-03 15:06 - 00000000 ____D () E:\Windows\system32\MRT
2015-01-15 02:10 - 2011-03-03 13:26 - 00262144 ___SH () F:\Administrator\ntuser.dat.LOG1
2015-01-15 02:01 - 2011-02-19 19:09 - 110348472 _____ (Microsoft Corporation) E:\Windows\system32\MRT.exe
2015-01-15 01:03 - 2011-03-01 11:27 - 00003778 _____ () F:\Benutzer1\Documents\_PASS.txt
2015-01-14 19:44 - 2012-07-24 13:31 - 00701616 _____ (Adobe Systems Incorporated) E:\Windows\system32\FlashPlayerApp.exe
2015-01-14 19:44 - 2011-06-23 11:41 - 00071344 _____ (Adobe Systems Incorporated) E:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-12 13:38 - 2011-03-02 12:04 - 00000000 ____D () F:\Benutzer1\Documents\Honorarnoten
2015-01-12 13:01 - 2011-03-01 14:56 - 00000000 ____D () F:\Benutzer1\Documents\Bank
2015-01-12 11:08 - 2013-05-16 13:46 - 00000000 ____D () F:\Benutzer1\Documents\NISF
2015-01-11 19:29 - 2011-03-24 10:13 - 00007635 _____ () F:\Verwalter\AppData\Local\Resmon.ResmonCfg
2015-01-11 18:14 - 2013-11-16 12:59 - 00630272 ___SH () F:\Benutzer1\Documents\Thumbs.db
2015-01-11 17:59 - 2011-03-02 13:42 - 00000000 ____D () E:\Windows\Minidump
2015-01-11 17:57 - 2014-12-17 09:33 - 00000000 ____D () E:\Program Files\Raptr
2015-01-11 17:46 - 2009-07-14 03:37 - 00000000 ____D () E:\Windows\system
2015-01-11 17:20 - 2014-12-17 09:58 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\Raptr
2015-01-09 13:58 - 2011-03-01 17:41 - 00000000 ____D () F:\Benutzer1\AppData\LocalLow
2015-01-09 12:57 - 2011-03-01 13:31 - 00000000 ____D () F:\Benutzer1\Documents\Kurse
2015-01-08 14:28 - 2011-03-05 15:36 - 00000000 ___RD () F:\Verwalter\Desktop
2015-01-08 13:51 - 2009-07-14 03:37 - 00000000 ____D () E:\Windows\system32\NDF
2015-01-07 20:28 - 2011-02-19 19:43 - 00000000 ___HD () E:\Program Files\InstallShield Installation Information
2015-01-07 20:22 - 2006-12-15 00:29 - 00593920 _____ (Andrea Electronics Corporation) E:\Windows\system32\AEADIExt.dll
2015-01-07 20:22 - 2006-12-15 00:24 - 00119808 _____ (Andrea Electronics Corporation) E:\Windows\system32\AEADIAPO.dll
2015-01-02 13:37 - 2014-05-14 18:22 - 00000000 ___RD () E:\Program Files\Skype
2014-12-24 21:02 - 2014-01-23 23:56 - 00000000 ____D () F:\Benutzer1\Documents\Carsharing
2014-12-19 19:02 - 2014-05-14 18:18 - 00000000 ____D () F:\Benutzer1\Tracing
2014-12-19 19:02 - 2014-05-14 18:18 - 00000000 ____D () F:\Benutzer1\Tracing
2014-12-19 18:50 - 2014-05-06 17:14 - 00000845 _____ () F:\Öffentlich\Desktop\CCleaner.lnk
2014-12-19 18:50 - 2013-03-28 18:55 - 00000000 ____D () E:\Program Files\CCleaner
2014-12-19 18:38 - 2011-02-19 19:20 - 00000000 ____D () E:\Program Files\Java
2014-12-19 18:08 - 2011-03-01 13:31 - 00000000 ____D () F:\Benutzer1\Documents\Krankengeschichte
==================== Files in the root of some directories =======
2011-03-05 14:15 - 2014-11-04 07:52 - 0197632 _____ () F:\Benutzer1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Files to move or delete:
====================
F:\de54a904ca19b08bc72781e2799f3c\mrtstub.exe
F:\Downloads\11-2_xp32_dd_ccc_ocl.exe
F:\GERMAN\LANG.DAT
F:\GERMAN\OS.DAT
F:\GERMAN\SETUP.EXE
F:\GERMAN\_ISDEL.EXE
F:\GERMAN\_SETUP.DLL
Some content of TEMP:
====================
F:\Benutzer1\AppData\Local\Temp\NOSEventMessages.dll
F:\Verwalter\AppData\Local\Temp\NOSEventMessages.dll
F:\Verwalter\AppData\Local\Temp\sdan.exe
F:\Verwalter\AppData\Local\Temp\sdapk.exe
F:\Verwalter\AppData\Local\Temp\sdaspwn.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
E:\Windows\explorer.exe => File is digitally signed
E:\Windows\system32\winlogon.exe => File is digitally signed
E:\Windows\system32\wininit.exe => File is digitally signed
E:\Windows\system32\svchost.exe => File is digitally signed
E:\Windows\system32\services.exe => File is digitally signed
E:\Windows\system32\User32.dll => File is digitally signed
E:\Windows\system32\userinit.exe => File is digitally signed
E:\Windows\system32\rpcss.dll => File is digitally signed
E:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-01-2015 01
Ran by Benutzer1 at 2015-01-18 20:29:04
Running from F:\Benutzer1\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.30 (HKLM\...\{23170F69-40C1-2701-0930-000001000000}) (Version: 9.30.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ATI AVIVO Codecs (Version: 11.6.0.50706 - ATI Technologies Inc.) Hidden
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Canon LBP5000 (HKLM\...\Canon LBP5000) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
Epson Easy Photo Print 2 (HKLM\...\{94FA9FA6-5294-494D-A8F1-1E654CBB5736}) (Version: 2.2.3.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{D02F30FB-0BC4-419A-9B9C-ADC610029B50}) (Version: 1.3.2.0 - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hama Webcam Suite (HKLM\...\{4AEFE4FD-8EF1-4D61-B3CF-52016EAE6692}) (Version: 1.0.5.5 - ArcSoft)
Hexonic ScanToPDF Version 1.0 (HKLM\...\{EC78E48C-555F-11E1-A994-5FF64724019B}_is1) (Version: 1.0 - Hexonic Software)
Horland's Scan2Pdf (check your license!) (HKLM\...\Horlands Scan2Pdf 3_is1) (Version: 3.8.0.0 - Horland Software)
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.2.0 - Intel)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron JMB36X Driver (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.62.0 - JMicron Technology Corp.)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LibreOffice 4.3 Help Pack (German) (HKLM\...\{F2C505D0-1A4B-43B4-887E-D9E517A362B8}) (Version: 4.3.5.2 - The Document Foundation)
LibreOffice 4.3.5.2 (HKLM\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: - )
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2520397458-1347444898-344901188-1004\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.4.10 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKU\S-1-5-21-2520397458-1347444898-344901188-1004\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (Version: 3.8.54.0 - Nokia) Hidden
Patrizier II Gold (HKLM\...\Patrizier II Gold_is1) (Version: - )
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Composer (HKLM\...\{2B32DC38-48FE-454C-9C5E-C85C11859F65}) (Version: 1.3.0 - Impressions Future Media)
PDF24 Creator 6.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PWGen 2.5.2 (HKLM\...\{8A5E6B59-2804-4677-8A5F-DEBC218CE4E0}_is1) (Version: - Christian Thoeing)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SNTool (remove only) (HKLM\...\LFP_SNTool) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Lord of the Rings FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinHTTrack Website Copier 3.48-19 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2014-11-11 20:05 - 00450834 ____R E:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: E:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: E:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: E:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
2014-02-25 23:37 - 2013-05-16 10:55 - 00113496 _____ () E:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-25 23:37 - 2013-05-16 10:55 - 00416600 _____ () E:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-18 14:15 - 2014-11-18 14:15 - 38562088 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () E:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-15 01:57 - 2015-01-15 01:57 - 03925104 _____ () E:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-15 15:18 - 2015-01-15 15:18 - 03347056 _____ () E:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-01-15 15:18 - 2015-01-15 15:18 - 00158832 _____ () E:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-15 15:18 - 2015-01-15 15:18 - 00023152 _____ () E:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: PDFPrint => E:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: StartCCC => "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
========================= Accounts: ==========================
Administrator (S-1-5-21-2520397458-1347444898-344901188-500 - Administrator - Disabled) => F:\Administrator
Benutzer1 (S-1-5-21-2520397458-1347444898-344901188-1004 - Limited - Enabled) => F:\Benutzer1
Gast (S-1-5-21-2520397458-1347444898-344901188-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2520397458-1347444898-344901188-1006 - Limited - Enabled)
Verwalter (S-1-5-21-2520397458-1347444898-344901188-1005 - Administrator - Enabled) => F:\Verwalter
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/16/2015 00:30:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/16/2015 00:28:55 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/11/2015 06:51:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x04830fef
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (01/11/2015 06:23:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 6e8
Startzeit: 01d02dc0e5803887
Endzeit: 0
Anwendungspfad: E:\Windows\Explorer.EXE
Berichts-ID: 7f6f5f74-99b6-11e4-969d-001a92821421
Error: (01/11/2015 05:50:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0f640f0f-fee9-4dd2-95f6-15d6fbc43158}
Error: (01/09/2015 00:59:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/09/2015 00:57:44 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/08/2015 07:29:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/08/2015 07:27:30 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/08/2015 01:50:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TeamViewer.exe, Version: 9.0.32494.0, Zeitstempel: 0x541337c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d37
ID des fehlerhaften Prozesses: 0x3bc
Startzeit der fehlerhaften Anwendung: 0xTeamViewer.exe0
Pfad der fehlerhaften Anwendung: TeamViewer.exe1
Pfad des fehlerhaften Moduls: TeamViewer.exe2
Berichtskennung: TeamViewer.exe3
System errors:
=============
Error: (01/18/2015 07:41:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/18/2015 00:35:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.
Error: (01/17/2015 06:26:37 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.
Error: (01/17/2015 04:14:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.
Error: (01/17/2015 04:11:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/17/2015 01:37:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.
Error: (01/16/2015 06:26:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (01/16/2015 11:44:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/16/2015 11:44:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (01/16/2015 06:44:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Microsoft Office Sessions:
=========================
Error: (01/16/2015 00:30:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"e:\program files\AMD\ATI.ACE\core-static\SLSTaskbar64.exe
Error: (01/16/2015 00:28:55 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*e:\program files\mozbackup\dll\DelZip179.dlle:\program files\mozbackup\dll\DelZip179.dll8
Error: (01/11/2015 06:51:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d6727a7unknown0.0.0.000000000c000000504830fef
Error: (01/11/2015 06:23:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175676e801d02dc0e58038870E:\Windows\Explorer.EXE7f6f5f74-99b6-11e4-969d-001a92821421
Error: (01/11/2015 05:50:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0f640f0f-fee9-4dd2-95f6-15d6fbc43158}
Error: (01/09/2015 00:59:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"e:\program files\AMD\ATI.ACE\core-static\SLSTaskbar64.exe
Error: (01/09/2015 00:57:44 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*e:\program files\mozbackup\dll\DelZip179.dlle:\program files\mozbackup\dll\DelZip179.dll8
Error: (01/08/2015 07:29:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"e:\program files\AMD\ATI.ACE\core-static\SLSTaskbar64.exe
Error: (01/08/2015 07:27:30 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*e:\program files\mozbackup\dll\DelZip179.dlle:\program files\mozbackup\dll\DelZip179.dll8
Error: (01/08/2015 01:50:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TeamViewer.exe9.0.32494.0541337c3ntdll.dll6.1.7601.18247521ea91cc000000500052d373bc01d02b3fd5fa83b6E:\Program Files\TeamViewer\Version9\TeamViewer.exeE:\Windows\SYSTEM32\ntdll.dllf1ccf31e-9734-11e4-9676-001a92821421
CodeIntegrity Errors:
===================================
Date: 2015-01-12 14:06:05.353
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 14:06:03.715
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 14:06:02.545
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 14:06:01.297
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 14:05:59.893
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 14:05:58.692
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 14:05:57.522
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 14:05:56.320
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 13:08:36.190
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-12 13:08:35.020
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU E1400 @ 2.00GHz
Percentage of memory in use: 49%
Total physical RAM: 3006.49 MB
Available physical RAM: 1523 MB
Total Pagefile: 6011.27 MB
Available Pagefile: 4116.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.09 MB
==================== Drives ================================
Drive c: (SystemXP) (Fixed) (Total:48.82 GB) (Free:28.82 GB) NTFS
Drive d: (SystemVista) (Fixed) (Total:48.83 GB) (Free:17.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (SystemWin7) (Fixed) (Total:48.83 GB) (Free:16.05 GB) NTFS
Drive f: (Daten) (Fixed) (Total:319.28 GB) (Free:143.07 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:38 on 18/01/2015 (Verwalter)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-18 22:46:05
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500620AS rev.LC11 465,76GB
Running: zf9yl5zv.exe; Driver: F:\VERWAL~1\AppData\Local\Temp\uxrdipow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8B8E0AC4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x8B99C0BA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8B8E15A2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8B8ED63C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8B8ED688]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8B8ED822]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8B8ED5AA]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8B99C494]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8B8ED5F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8B99C724]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8B99C80E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8B8ED7DC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8B8E2390]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8B8E0B2A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8B8E5B86]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8B8E0716]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8B99C574]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8B8E0B90]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8B8E5F7C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8B8E2E78]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8B8ED666]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8B8ED6AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8B8ED846]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8B8ED5D0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8B8E547E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8B8ED75A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8B8ED61A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8B8E586A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8B8ED800]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8B99C312]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8B8E2CEC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8B8E29FA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8B8E0BF6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8B8E0C5C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8B99C670]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8B8E07B0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8B8E0982]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8B8E0910]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8B8E255A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8B8E26BC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8B8E0A0A]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8B99C3E0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8B8E21EA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8B8E0CC2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8B99C244]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRequestWaitReplyPort + 14A5 8308BA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C5372 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 830CC5C0 4 Bytes [C4, 0A, 8E, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 830CC5E8 4 Bytes [BA, C0, 99, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 830CC648 4 Bytes [A2, 15, 8E, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 830CC69C 8 Bytes [3C, D6, 8E, 8B, 88, D6, 8E, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 830CC6A8 4 Bytes [22, D8, 8E, 8B]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 83287553 4 Bytes CALL 8B8E355F \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 832A13BB 4 Bytes CALL 8B8E3575 \SystemRoot\system32\drivers\aswSnx.sys
.text E:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x99611000, 0x17E53A, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text E:\Program Files\CCleaner\CCleaner.exe[760] USER32.dll!SetScrollRange 77268EC5 5 Bytes JMP 001C5F15 E:\Program Files\CCleaner\CCleaner.exe
.text E:\Program Files\CCleaner\CCleaner.exe[760] USER32.dll!GetScrollInfo 77272DA3 5 Bytes JMP 001C5EA8 E:\Program Files\CCleaner\CCleaner.exe
.text E:\Program Files\CCleaner\CCleaner.exe[760] USER32.dll!SetScrollInfo 772748DA 5 Bytes JMP 001C5F4C E:\Program Files\CCleaner\CCleaner.exe
.text E:\Program Files\CCleaner\CCleaner.exe[760] USER32.dll!GetScrollRange 7729045A 5 Bytes JMP 001C5E4B E:\Program Files\CCleaner\CCleaner.exe
.text E:\Program Files\CCleaner\CCleaner.exe[760] USER32.dll!SetScrollPos 772904BE 5 Bytes JMP 001C5E26 E:\Program Files\CCleaner\CCleaner.exe
.text E:\Program Files\CCleaner\CCleaner.exe[760] USER32.dll!GetScrollPos 77290E43 5 Bytes JMP 001C5E83 E:\Program Files\CCleaner\CCleaner.exe
.text E:\Program Files\CCleaner\CCleaner.exe[760] USER32.dll!EnableScrollBar 772919CE 5 Bytes JMP 001C5F80 E:\Program Files\CCleaner\CCleaner.exe
.text E:\Program Files\CCleaner\CCleaner.exe[760] USER32.dll!ShowScrollBar 77293C89 5 Bytes JMP 001C5EDB E:\Program Files\CCleaner\CCleaner.exe
.text E:\Program Files\AVAST Software\Avast\AvastSvc.exe[1460] kernel32.dll!SetUnhandledExceptionFilter 7633F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text E:\Program Files\AVAST Software\Avast\avastui.exe[3104] kernel32.dll!SetUnhandledExceptionFilter 7633F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@C930A1C6 598
---- EOF - GMER 2.1 ----
Code:
ATTFilter 01/16/2015 06:46
Prüfung aller lokalen Laufwerke
Datei C:\Dokumente und Einstellungen\Benutzer1\Desktop\wsusoffline661\wsusoffline\client\w2k\deu\windows2000-kb958470-x86-deu_cf9a4b76028985e649bb1a73e9d8b7702f34960e.exe|>_sfx_0028._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Dokumente und Einstellungen\Benutzer1\Desktop\wsusoffline661\wsusoffline\client\w2k3\deu\windowsserver2003-kb956744-x86-deu_d2560c0191d09c1ad09407fac69fc39a3a606344.exe|>_sfx_0003._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Dokumente und Einstellungen\Benutzer1\Desktop\wsusoffline661\wsusoffline\client\w2k3\deu\windowsserver2003-kb958469-x86-deu_345893806044e60ced6ca7368903c210ee3053c0.exe|>_sfx_0036._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Dokumente und Einstellungen\Benutzer1\Desktop\wsusoffline661\wsusoffline\client\wxp\deu\windowsxp-kb956744-x86-deu_c5fbd5690ad0945b40d04c6afa746313210a2d58.exe|>_sfx_0022._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Dokumente und Einstellungen\Benutzer1\Desktop\wsusoffline661\wsusoffline\client\wxp\deu\windowsxp-kb958470-x86-deu_9e7c76a40496648903f947f7884643a6b778b7c7.exe|>_sfx_0023._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\$Recycle.Bin\S-1-5-21-2520397458-1347444898-344901188-1001\$R3R6S18\libreoffice1.cab|>standard4.bau|>+BCEEHQQUBB8-\atevent.xml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\$Recycle.Bin\S-1-5-21-2520397458-1347444898-344901188-1001\$R3R6S18\libreoffice1.cab|>standard4.bau|>+BCEEFA-\atevent.xml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\$Recycle.Bin\S-1-5-21-2520397458-1347444898-344901188-1001\$R3R6S18\libreoffice1.cab|>template4.bau|>+BBcEEQ-1+BCE-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\$Recycle.Bin\S-1-5-21-2520397458-1347444898-344901188-1001\$R3R6S18\libreoffice1.cab|>template4.bau|>+BBcEEQQU-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20070904\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Draw\CdrViewer\CdrInfoFilter100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20070904\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Draw\CdrViewer\CrlShell100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20070904\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Plugins\pipnt100.eff Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20070904\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Plugins\Squizz\SQUIZZ100.eff Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20070904\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\crlfom100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20070904\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\Caphk100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20070904\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\capintl.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20070904\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\capture.exe Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20070904\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrconv.exe Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20070904\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrcpr100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20070904\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrcrv100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20071028\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Draw\CdrViewer\CdrInfoFilter100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20071028\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Draw\CdrViewer\CrlShell100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20071028\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Plugins\pipnt100.eff Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20071028\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Plugins\Squizz\SQUIZZ100.eff Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20071028\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\crlfom100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20071028\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\Caphk100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20071028\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\capintl.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20071028\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\capture.exe Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20071028\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrconv.exe Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20071028\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrcpr100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Desktop\Stick20071028\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrcrv100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\eMule\Incoming\Crack Stellar Phoenix Linux v2.1.zip|>Stellar Phoenix Linux.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\EDV\Service\CorelDraw SP1 D10sp1DE.EXE|>%MAINDIR%\Draw\CdrViewer\CdrInfoFilter100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\EDV\Service\CorelDraw SP1 D10sp1DE.EXE|>%MAINDIR%\Draw\CdrViewer\CrlShell100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\EDV\Service\CorelDraw SP1 D10sp1DE.EXE|>%MAINDIR%\Plugins\pipnt100.eff Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\EDV\Service\CorelDraw SP1 D10sp1DE.EXE|>%MAINDIR%\Plugins\Squizz\SQUIZZ100.eff Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\EDV\Service\CorelDraw SP1 D10sp1DE.EXE|>%MAINDIR%\Programs\crlfom100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\EDV\Service\CorelDraw SP1 D10sp1DE.EXE|>%MAINDIR%\Programs\Caphk100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\EDV\Service\CorelDraw SP1 D10sp1DE.EXE|>%MAINDIR%\Programs\capintl.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\EDV\Service\CorelDraw SP1 D10sp1DE.EXE|>%MAINDIR%\Programs\capture.exe Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\EDV\Service\CorelDraw SP1 D10sp1DE.EXE|>%MAINDIR%\Programs\cdrconv.exe Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\EDV\Service\CorelDraw SP1 D10sp1DE.EXE|>%MAINDIR%\Programs\cdrcpr100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\EDV\Service\CorelDraw SP1 D10sp1DE.EXE|>%MAINDIR%\Programs\cdrcrv100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\Stick 2008-01-29\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Draw\CdrViewer\CdrInfoFilter100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\Stick 2008-01-29\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Draw\CdrViewer\CrlShell100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\Stick 2008-01-29\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Plugins\pipnt100.eff Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\Stick 2008-01-29\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Plugins\Squizz\SQUIZZ100.eff Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\Stick 2008-01-29\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\crlfom100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\Stick 2008-01-29\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\Caphk100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\Stick 2008-01-29\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\capintl.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\Stick 2008-01-29\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\capture.exe Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\Stick 2008-01-29\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrconv.exe Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\Stick 2008-01-29\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrcpr100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\Stick 2008-01-29\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrcrv100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Draw\CdrViewer\CdrInfoFilter100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Draw\CdrViewer\CrlShell100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Plugins\pipnt100.eff Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Plugins\Squizz\SQUIZZ100.eff Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\crlfom100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\Caphk100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\capintl.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\capture.exe Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrconv.exe Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrcpr100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrcrv100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick 2008-01-23\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Draw\CdrViewer\CdrInfoFilter100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick 2008-01-23\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Draw\CdrViewer\CrlShell100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick 2008-01-23\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Plugins\pipnt100.eff Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick 2008-01-23\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Plugins\Squizz\SQUIZZ100.eff Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick 2008-01-23\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\crlfom100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick 2008-01-23\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\Caphk100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick 2008-01-23\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\capintl.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick 2008-01-23\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\capture.exe Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick 2008-01-23\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrconv.exe Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick 2008-01-23\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrcpr100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick 2008-01-23\Programme\Grafik\CorelDraw D10sp1DE.EXE|>%MAINDIR%\Programs\cdrcrv100.dll Fehler 42145 {Installationsarchiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick Elan1\Office2003SP3ITA.exe|>MAINSP3.msp Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\USB-Stick Elan2\Office2003SP3ITA.exe|>MAINSP3.msp Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\wsusoffline672\wsusoffline\client\w2k3\deu\windowsserver2003-kb956744-x86-deu_d2560c0191d09c1ad09407fac69fc39a3a606344.exe|>_sfx_0003._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\wsusoffline672\wsusoffline\client\w2k3\deu\windowsserver2003-kb958469-x86-deu_345893806044e60ced6ca7368903c210ee3053c0.exe|>_sfx_0036._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\wsusoffline672\wsusoffline\client\w2k3\ita\windowsserver2003-kb956744-x86-ita_aa6c22365a01e1c6622e5bb675414b575ab0ced9.exe|>_sfx_0003._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\wsusoffline672\wsusoffline\client\w2k3\ita\windowsserver2003-kb958469-x86-ita_cac520889fcf6559b15c16b3e49dc1ef736963f0.exe|>_sfx_0036._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\wsusoffline672\wsusoffline\client\wxp\deu\windowsxp-kb956744-x86-deu_c5fbd5690ad0945b40d04c6afa746313210a2d58.exe|>_sfx_0022._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\wsusoffline672\wsusoffline\client\wxp\deu\windowsxp-kb958470-x86-deu_9e7c76a40496648903f947f7884643a6b778b7c7.exe|>_sfx_0023._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\wsusoffline672\wsusoffline\client\wxp\ita\windowsxp-kb956744-x86-ita_9f3383f3ddb9e8bb9d71b5d0af224fd222fe5fb6.exe|>_sfx_0022._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Benutzer1\Documents\Software\wsusoffline672\wsusoffline\client\wxp\ita\windowsxp-kb958470-x86-ita_58894b50dad400eb9ce8c9f8772e1c5c82775f2d.exe|>_sfx_0023._p|>msrdp.ocx Fehler 42127 {CAB-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 59216
Anzahl der geprüften Dateien: 5819656
Anzahl infizierter Dateien: 0
|
|
19.01.2015, 15:55
| #4 |
| /// the machine /// TB-Ausbilder | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Unsere Tools brauchen immer Adminrechte! Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.01.2015, 13:29
| #5 |
| | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Hallo Schrauber, habe Malwarebytes Anti-Rootkit gestern den ganzen Tag scannen lassen. Es scheint als ob das Programm in einer Schleife immer wieder die selben Dateien scannt. Gestern abend habe ich dann den Scan abgebrochen. Nachdem ich in Receycle.bin auf D: und E: sämtliche Dateien gelöscht habe, das Programm erneut heruntergeladen, neu gestartet und über Nacht bis jetzt laufen gelassen habe. Es ist wieder in einer Schleife. Was nun? |
|
20.01.2015, 19:32
| #6 |
| /// the machine /// TB-Ausbilder | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Lass es weg und mach das andere bitte 
__________________ --> Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab |
|
21.01.2015, 11:24
| #7 |
| | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Hallo Schrauber, habe den Scan mit Malewarebytes abgebrochen und er meldete keine Funde(bis hierher). Es spielt doch keine Rolle, dass ich die Scans von einem eingeschränkten Konto, also ohne Administratorrechten ausführe, und dann wenn gefragt das Administratorpasswort eingebe? Code:
ATTFilter 11:03:31.0006 0x17f4 TDSS rootkit removing tool 3.0.0.43 Jan 19 2015 18:43:19
11:05:11.0472 0x17f4 ============================================================
11:05:11.0472 0x17f4 Current date / time: 2015/01/21 11:05:11.0472
11:05:11.0472 0x17f4 SystemInfo:
11:05:11.0472 0x17f4
11:05:11.0472 0x17f4 OS Version: 6.1.7601 ServicePack: 1.0
11:05:11.0472 0x17f4 Product type: Workstation
11:05:11.0472 0x17f4 ComputerName: HAL9000
11:05:11.0472 0x17f4 UserName: Verwalter
11:05:11.0472 0x17f4 Windows directory: E:\Windows
11:05:11.0472 0x17f4 System windows directory: E:\Windows
11:05:11.0472 0x17f4 Processor architecture: Intel x86
11:05:11.0472 0x17f4 Number of processors: 2
11:05:11.0472 0x17f4 Page size: 0x1000
11:05:11.0472 0x17f4 Boot type: Normal boot
11:05:11.0472 0x17f4 ============================================================
11:05:22.0705 0x17f4 KLMD registered as E:\Windows\system32\drivers\99885099.sys
11:05:23.0204 0x17f4 System UUID: {753002EC-9AF6-FC0B-3D9E-DC58DB83C1A5}
11:05:24.0265 0x17f4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:05:24.0296 0x17f4 ============================================================
11:05:24.0296 0x17f4 \Device\Harddisk0\DR0:
11:05:24.0311 0x17f4 MBR partitions:
11:05:24.0327 0x17f4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x61A3A66
11:05:24.0327 0x17f4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A7966, BlocksNum 0x61A7966
11:05:24.0327 0x17f4 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC34F2CC, BlocksNum 0x61A7966
11:05:24.0327 0x17f4 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x124F6C32, BlocksNum 0x27E8E00F
11:05:24.0327 0x17f4 ============================================================
11:05:24.0374 0x17f4 D: <-> \Device\Harddisk0\DR0\Partition2
11:05:24.0405 0x17f4 E: <-> \Device\Harddisk0\DR0\Partition3
11:05:24.0483 0x17f4 F: <-> \Device\Harddisk0\DR0\Partition4
11:05:24.0545 0x17f4 C: <-> \Device\Harddisk0\DR0\Partition1
11:05:24.0545 0x17f4 ============================================================
11:05:24.0545 0x17f4 Initialize success
11:05:24.0545 0x17f4 ============================================================
11:10:01.0976 0x1520 ============================================================
11:10:01.0976 0x1520 Scan started
11:10:01.0976 0x1520 Mode: Manual; SigCheck; TDLFS;
11:10:01.0976 0x1520 ============================================================
11:10:01.0976 0x1520 KSN ping started
11:10:04.0457 0x1520 KSN ping finished: true
11:10:05.0549 0x1520 ================ Scan system memory ========================
11:10:05.0549 0x1520 System memory - ok
11:10:05.0549 0x1520 ================ Scan services =============================
11:10:05.0689 0x1520 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci E:\Windows\system32\drivers\1394ohci.sys
11:10:05.0829 0x1520 1394ohci - ok
11:10:05.0923 0x1520 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
11:10:05.0985 0x1520 ACDaemon - ok
11:10:06.0017 0x1520 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI E:\Windows\system32\drivers\ACPI.sys
11:10:06.0063 0x1520 ACPI - ok
11:10:06.0079 0x1520 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi E:\Windows\system32\drivers\acpipmi.sys
11:10:06.0141 0x1520 AcpiPmi - ok
11:10:06.0157 0x1520 ADIHdAudAddService - ok
11:10:06.0219 0x1520 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:10:06.0251 0x1520 AdobeARMservice - ok
11:10:06.0313 0x1520 [ CB1719E3EA00A0C114A8AD2655F43754, B38D21C4A7A83904CADEBA96A56AA5D1807C412A8E0BEFC889DF20D02941E570 ] AdobeFlashPlayerUpdateSvc E:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:10:06.0360 0x1520 AdobeFlashPlayerUpdateSvc - ok
11:10:06.0422 0x1520 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx E:\Windows\system32\DRIVERS\adp94xx.sys
11:10:06.0485 0x1520 adp94xx - ok
11:10:06.0531 0x1520 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci E:\Windows\system32\DRIVERS\adpahci.sys
11:10:06.0578 0x1520 adpahci - ok
11:10:06.0609 0x1520 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 E:\Windows\system32\DRIVERS\adpu320.sys
11:10:06.0656 0x1520 adpu320 - ok
11:10:06.0687 0x1520 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc E:\Windows\System32\aelupsvc.dll
11:10:06.0750 0x1520 AeLookupSvc - ok
11:10:06.0781 0x1520 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc E:\Windows\system32\drivers\Afc.sys
11:10:06.0812 0x1520 Afc - ok
11:10:06.0859 0x1520 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD E:\Windows\system32\drivers\afd.sys
11:10:06.0953 0x1520 AFD - ok
11:10:06.0984 0x1520 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 E:\Windows\system32\drivers\agp440.sys
11:10:07.0031 0x1520 agp440 - ok
11:10:07.0046 0x1520 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx E:\Windows\system32\DRIVERS\djsvs.sys
11:10:07.0093 0x1520 aic78xx - ok
11:10:07.0109 0x1520 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG E:\Windows\System32\alg.exe
11:10:07.0171 0x1520 ALG - ok
11:10:07.0187 0x1520 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide E:\Windows\system32\drivers\aliide.sys
11:10:07.0218 0x1520 aliide - ok
11:10:07.0280 0x1520 [ 64710E6C92C0D3893EDBDA84FBCD3188, 06FF1242CECA94260E66C00EAFEE6AC338DD500EB35A3F46F7473AEA546922DE ] AMD External Events Utility E:\Windows\system32\atiesrxx.exe
11:10:07.0358 0x1520 AMD External Events Utility - ok
11:10:07.0374 0x1520 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp E:\Windows\system32\drivers\amdagp.sys
11:10:07.0405 0x1520 amdagp - ok
11:10:07.0421 0x1520 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide E:\Windows\system32\drivers\amdide.sys
11:10:07.0452 0x1520 amdide - ok
11:10:07.0467 0x1520 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 E:\Windows\system32\DRIVERS\amdk8.sys
11:10:07.0514 0x1520 AmdK8 - ok
11:10:08.0138 0x1520 [ 83240DBD6E44CC207B95D1EBB085E3A7, DD29B4F21D22D5DD7DC6F965EEADB40B958934301C74178AC3B0CB2AA59D3808 ] amdkmdag E:\Windows\system32\DRIVERS\atikmdag.sys
11:10:09.0137 0x1520 amdkmdag - ok
11:10:09.0230 0x1520 [ B6DB3BDF2CF56C60ED497104653B8A5C, 8C48866134828336EE287802B1AE6D419D97D15D71CAD12911255EF5CEFFB5A7 ] amdkmdap E:\Windows\system32\DRIVERS\atikmpag.sys
11:10:09.0339 0x1520 amdkmdap - ok
11:10:09.0355 0x1520 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM E:\Windows\system32\DRIVERS\amdppm.sys
11:10:09.0417 0x1520 AmdPPM - ok
11:10:09.0464 0x1520 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata E:\Windows\system32\drivers\amdsata.sys
11:10:09.0495 0x1520 amdsata - ok
11:10:09.0542 0x1520 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs E:\Windows\system32\DRIVERS\amdsbs.sys
11:10:09.0605 0x1520 amdsbs - ok
11:10:09.0620 0x1520 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata E:\Windows\system32\drivers\amdxata.sys
11:10:09.0651 0x1520 amdxata - ok
11:10:09.0683 0x1520 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID E:\Windows\system32\drivers\appid.sys
11:10:09.0745 0x1520 AppID - ok
11:10:09.0792 0x1520 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc E:\Windows\System32\appidsvc.dll
11:10:09.0854 0x1520 AppIDSvc - ok
11:10:09.0885 0x1520 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo E:\Windows\System32\appinfo.dll
11:10:09.0932 0x1520 Appinfo - ok
11:10:09.0948 0x1520 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc E:\Windows\system32\DRIVERS\arc.sys
11:10:09.0979 0x1520 arc - ok
11:10:10.0010 0x1520 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas E:\Windows\system32\DRIVERS\arcsas.sys
11:10:10.0041 0x1520 arcsas - ok
11:10:10.0057 0x1520 [ 857B48965A0503B7AB795D4BFE7CBD8B, CE7186DD62603C63ACB7D15B29792355D020F4C9D16DDB9C8CFE118C8CDAFA60 ] ArcSoftKsUFilter E:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
11:10:10.0088 0x1520 ArcSoftKsUFilter - ok
11:10:10.0182 0x1520 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state E:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:10:10.0213 0x1520 aspnet_state - ok
11:10:10.0260 0x1520 [ 9D23DE88C3B18BA87CD4587177CA6CEA, 46DBB867FC73E30320852F744F38B66906DD5B96C4EBB03F504CF33E867A8470 ] aswHwid E:\Windows\system32\drivers\aswHwid.sys
11:10:10.0307 0x1520 aswHwid - ok
11:10:10.0338 0x1520 [ 73A9014A9C4B19AA093DA05ED4246E27, F03C8433EB00229490BCD293CC97EF72452E156212D56C24BBA95C8E1B207D1A ] aswMonFlt E:\Windows\system32\drivers\aswMonFlt.sys
11:10:10.0369 0x1520 aswMonFlt - ok
11:10:10.0463 0x1520 [ DE8D7912469E4BC5FAED78D9D1076888, 8545139B7A7D0B672A0225686BFB03EBEA6E7202D93B772CB2F74CA9E4D7F81D ] aswRdr E:\Windows\system32\drivers\aswRdr2.sys
11:10:10.0494 0x1520 aswRdr - ok
11:10:10.0587 0x1520 [ 6544697080421E62E97AAFBD0A8AA391, BB3F492BF828A147B82FDD1FC9EB9867D96DE0481554A59745D41C6BAB551700 ] aswRvrt E:\Windows\system32\drivers\aswRvrt.sys
11:10:10.0634 0x1520 aswRvrt - ok
11:10:10.0712 0x1520 [ E73CBE3420ECFA8FF7D0467E170E335D, B994342C92AE9167908B8CA3D03DC278E919C7073512461AFFD4C25E8D2D8D66 ] aswSnx E:\Windows\system32\drivers\aswSnx.sys
11:10:10.0837 0x1520 aswSnx - ok
11:10:10.0915 0x1520 [ 1624D5AD126B8AFE2B2E85E5B8364EB6, AB97A74C1CA9921F7753D98516D7E11750D5D3ACD143C83273B0B295625440A0 ] aswSP E:\Windows\system32\drivers\aswSP.sys
11:10:10.0993 0x1520 aswSP - ok
11:10:11.0055 0x1520 [ 401E663D9CBAFB580FF37A1A44AC84D9, EFF1DA23A1F316B0FA03467F6C04B83EA39D8484A1A7EDF5FCFF20F1CF8DC2E2 ] aswStm E:\Windows\system32\drivers\aswStm.sys
11:10:11.0102 0x1520 aswStm - ok
11:10:11.0133 0x1520 [ 0EFBC2962B156E8AC267F96D4D93EF06, 8A69672CE8B68A0A683D583287473BFAB7CF8B9771C22E398607CF2A151C7124 ] aswVmm E:\Windows\system32\drivers\aswVmm.sys
11:10:11.0243 0x1520 aswVmm - ok
11:10:11.0289 0x1520 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac E:\Windows\system32\DRIVERS\asyncmac.sys
11:10:11.0367 0x1520 AsyncMac - ok
11:10:11.0399 0x1520 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi E:\Windows\system32\drivers\atapi.sys
11:10:11.0430 0x1520 atapi - ok
11:10:11.0555 0x1520 [ 04F1A13265313C0E0A4F9D8C2CDC0F76, 8EB81405CFFAD619CAD6FDD8F62AF66AA1741A4EA38D6C4DF9A3151E8C35AFF7 ] AtiHDAudioService E:\Windows\system32\drivers\AtihdW73.sys
11:10:11.0711 0x1520 AtiHDAudioService - ok
11:10:11.0757 0x1520 [ 8DF873D0587596C1D35A9CECECC61DA1, 41974FCA452CE48C5A6040BF99D1AC9A1C13FF38DF341443CCE2D2ABBC4C9453 ] AtiHdmiService E:\Windows\system32\drivers\AtiHdmi.sys
11:10:11.0820 0x1520 AtiHdmiService - ok
11:10:11.0929 0x1520 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder E:\Windows\System32\Audiosrv.dll
11:10:12.0054 0x1520 AudioEndpointBuilder - ok
11:10:12.0085 0x1520 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv E:\Windows\System32\Audiosrv.dll
11:10:12.0163 0x1520 Audiosrv - ok
11:10:12.0225 0x1520 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus E:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:10:12.0257 0x1520 avast! Antivirus - ok
11:10:12.0288 0x1520 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV E:\Windows\System32\AxInstSV.dll
11:10:12.0350 0x1520 AxInstSV - ok
11:10:12.0397 0x1520 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv E:\Windows\system32\DRIVERS\bxvbdx.sys
11:10:12.0506 0x1520 b06bdrv - ok
11:10:12.0553 0x1520 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x E:\Windows\system32\DRIVERS\b57nd60x.sys
11:10:12.0600 0x1520 b57nd60x - ok
11:10:12.0631 0x1520 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC E:\Windows\System32\bdesvc.dll
11:10:12.0693 0x1520 BDESVC - ok
11:10:12.0725 0x1520 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep E:\Windows\system32\drivers\Beep.sys
11:10:12.0771 0x1520 Beep - ok
11:10:12.0834 0x1520 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE E:\Windows\System32\bfe.dll
11:10:12.0927 0x1520 BFE - ok
11:10:12.0974 0x1520 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS E:\Windows\System32\qmgr.dll
11:10:13.0083 0x1520 BITS - ok
11:10:13.0115 0x1520 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive E:\Windows\system32\DRIVERS\blbdrive.sys
11:10:13.0161 0x1520 blbdrive - ok
11:10:13.0177 0x1520 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser E:\Windows\system32\DRIVERS\bowser.sys
11:10:13.0224 0x1520 bowser - ok
11:10:13.0255 0x1520 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo E:\Windows\system32\DRIVERS\BrFiltLo.sys
11:10:13.0317 0x1520 BrFiltLo - ok
11:10:13.0349 0x1520 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp E:\Windows\system32\DRIVERS\BrFiltUp.sys
11:10:13.0489 0x1520 BrFiltUp - ok
11:10:13.0536 0x1520 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser E:\Windows\System32\browser.dll
11:10:13.0614 0x1520 Browser - ok
11:10:13.0645 0x1520 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid E:\Windows\System32\Drivers\Brserid.sys
11:10:13.0739 0x1520 Brserid - ok
11:10:13.0770 0x1520 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm E:\Windows\System32\Drivers\BrSerWdm.sys
11:10:13.0832 0x1520 BrSerWdm - ok
11:10:13.0848 0x1520 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm E:\Windows\System32\Drivers\BrUsbMdm.sys
11:10:13.0910 0x1520 BrUsbMdm - ok
11:10:13.0941 0x1520 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer E:\Windows\System32\Drivers\BrUsbSer.sys
11:10:14.0004 0x1520 BrUsbSer - ok
11:10:14.0113 0x1520 BS_DEF - ok
11:10:14.0129 0x1520 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM E:\Windows\system32\DRIVERS\bthmodem.sys
11:10:14.0207 0x1520 BTHMODEM - ok
11:10:14.0253 0x1520 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv E:\Windows\system32\bthserv.dll
11:10:14.0347 0x1520 bthserv - ok
11:10:14.0519 0x1520 [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
11:10:14.0706 0x1520 c2cautoupdatesvc - ok
11:10:14.0862 0x1520 [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
11:10:15.0065 0x1520 c2cpnrsvc - ok
11:10:15.0111 0x1520 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs E:\Windows\system32\DRIVERS\cdfs.sys
11:10:15.0205 0x1520 cdfs - ok
11:10:15.0236 0x1520 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom E:\Windows\system32\DRIVERS\cdrom.sys
11:10:15.0314 0x1520 cdrom - ok
11:10:15.0423 0x1520 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc E:\Windows\System32\certprop.dll
11:10:15.0533 0x1520 CertPropSvc - ok
11:10:15.0564 0x1520 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass E:\Windows\system32\DRIVERS\circlass.sys
11:10:15.0595 0x1520 circlass - ok
11:10:15.0626 0x1520 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS E:\Windows\system32\CLFS.sys
11:10:15.0673 0x1520 CLFS - ok
11:10:15.0751 0x1520 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:10:15.0782 0x1520 clr_optimization_v2.0.50727_32 - ok
11:10:15.0813 0x1520 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:10:15.0845 0x1520 clr_optimization_v4.0.30319_32 - ok
11:10:15.0860 0x1520 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt E:\Windows\system32\DRIVERS\CmBatt.sys
11:10:15.0891 0x1520 CmBatt - ok
11:10:15.0923 0x1520 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide E:\Windows\system32\drivers\cmdide.sys
11:10:15.0954 0x1520 cmdide - ok
11:10:15.0969 0x1520 cmuda3 - ok
11:10:16.0016 0x1520 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG E:\Windows\system32\Drivers\cng.sys
11:10:16.0079 0x1520 CNG - ok
11:10:16.0079 0x1520 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt E:\Windows\system32\DRIVERS\compbatt.sys
11:10:16.0110 0x1520 Compbatt - ok
11:10:16.0157 0x1520 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus E:\Windows\system32\drivers\CompositeBus.sys
11:10:16.0203 0x1520 CompositeBus - ok
11:10:16.0219 0x1520 COMSysApp - ok
11:10:16.0235 0x1520 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk E:\Windows\system32\DRIVERS\crcdisk.sys
11:10:16.0266 0x1520 crcdisk - ok
11:10:16.0313 0x1520 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc E:\Windows\system32\cryptsvc.dll
11:10:16.0359 0x1520 CryptSvc - ok
11:10:16.0406 0x1520 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch E:\Windows\system32\rpcss.dll
11:10:16.0500 0x1520 DcomLaunch - ok
11:10:16.0531 0x1520 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc E:\Windows\System32\defragsvc.dll
11:10:16.0609 0x1520 defragsvc - ok
11:10:16.0640 0x1520 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC E:\Windows\system32\Drivers\dfsc.sys
11:10:16.0703 0x1520 DfsC - ok
11:10:16.0749 0x1520 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp E:\Windows\system32\dhcpcore.dll
11:10:16.0812 0x1520 Dhcp - ok
11:10:16.0827 0x1520 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache E:\Windows\system32\drivers\discache.sys
11:10:16.0890 0x1520 discache - ok
11:10:16.0937 0x1520 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk E:\Windows\system32\DRIVERS\disk.sys
11:10:16.0968 0x1520 Disk - ok
11:10:16.0983 0x1520 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache E:\Windows\System32\dnsrslvr.dll
11:10:17.0046 0x1520 Dnscache - ok
11:10:17.0093 0x1520 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc E:\Windows\System32\dot3svc.dll
11:10:17.0171 0x1520 dot3svc - ok
11:10:17.0217 0x1520 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS E:\Windows\system32\dps.dll
11:10:17.0295 0x1520 DPS - ok
11:10:17.0342 0x1520 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud E:\Windows\system32\drivers\drmkaud.sys
11:10:17.0373 0x1520 drmkaud - ok
11:10:17.0420 0x1520 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl E:\Windows\System32\drivers\dxgkrnl.sys
11:10:17.0498 0x1520 DXGKrnl - ok
11:10:17.0529 0x1520 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost E:\Windows\System32\eapsvc.dll
11:10:17.0592 0x1520 EapHost - ok
11:10:17.0748 0x1520 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv E:\Windows\system32\DRIVERS\evbdx.sys
11:10:17.0997 0x1520 ebdrv - ok
11:10:18.0029 0x1520 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS E:\Windows\System32\lsass.exe
11:10:18.0075 0x1520 EFS - ok
11:10:18.0153 0x1520 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr E:\Windows\ehome\ehRecvr.exe
11:10:18.0263 0x1520 ehRecvr - ok
11:10:18.0294 0x1520 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched E:\Windows\ehome\ehsched.exe
11:10:18.0341 0x1520 ehSched - ok
11:10:18.0372 0x1520 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor E:\Windows\system32\DRIVERS\elxstor.sys
11:10:18.0450 0x1520 elxstor - ok
11:10:18.0465 0x1520 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev E:\Windows\system32\drivers\errdev.sys
11:10:18.0512 0x1520 ErrDev - ok
11:10:18.0559 0x1520 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem E:\Windows\system32\es.dll
11:10:18.0637 0x1520 EventSystem - ok
11:10:18.0684 0x1520 [ 3F308DEA2FC04BABBE6460248F52B3F3, 4B65E9EEC8D2F48049CC5AA3330C10B16F3D3C6751CA73891AEA68A178F3D853 ] ewusbnet E:\Windows\system32\DRIVERS\ewusbnet.sys
11:10:18.0762 0x1520 ewusbnet - ok
11:10:18.0793 0x1520 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7, 9AAF39AA22372FB8582C1422581C08E61444BF843E1CE2E199EB00FBEA6F9C06 ] ew_hwusbdev E:\Windows\system32\DRIVERS\ew_hwusbdev.sys
11:10:18.0840 0x1520 ew_hwusbdev - ok
11:10:18.0871 0x1520 [ 61A973F60E94A551BA7B15F3460444FB, FC2FB69978D99D75673AFE9F08176F3139DCBAEDE4D339BD09DA29CD3EC01005 ] ew_usbenumfilter E:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
11:10:18.0918 0x1520 ew_usbenumfilter - ok
11:10:18.0933 0x1520 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat E:\Windows\system32\drivers\exfat.sys
11:10:19.0011 0x1520 exfat - ok
11:10:19.0043 0x1520 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat E:\Windows\system32\drivers\fastfat.sys
11:10:19.0105 0x1520 fastfat - ok
11:10:19.0152 0x1520 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax E:\Windows\system32\fxssvc.exe
11:10:19.0261 0x1520 Fax - ok
11:10:19.0277 0x1520 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc E:\Windows\system32\DRIVERS\fdc.sys
11:10:19.0323 0x1520 fdc - ok
11:10:19.0355 0x1520 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost E:\Windows\system32\fdPHost.dll
11:10:19.0401 0x1520 fdPHost - ok
11:10:19.0417 0x1520 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub E:\Windows\system32\fdrespub.dll
11:10:19.0479 0x1520 FDResPub - ok
11:10:19.0495 0x1520 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo E:\Windows\system32\drivers\fileinfo.sys
11:10:19.0526 0x1520 FileInfo - ok
11:10:19.0542 0x1520 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace E:\Windows\system32\drivers\filetrace.sys
11:10:19.0604 0x1520 Filetrace - ok
11:10:19.0620 0x1520 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk E:\Windows\system32\DRIVERS\flpydisk.sys
11:10:19.0667 0x1520 flpydisk - ok
11:10:19.0682 0x1520 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr E:\Windows\system32\drivers\fltmgr.sys
11:10:19.0729 0x1520 FltMgr - ok
11:10:19.0791 0x1520 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache E:\Windows\system32\FntCache.dll
11:10:19.0916 0x1520 FontCache - ok
11:10:19.0963 0x1520 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 E:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:10:20.0010 0x1520 FontCache3.0.0.0 - ok
11:10:20.0025 0x1520 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends E:\Windows\system32\drivers\FsDepends.sys
11:10:20.0057 0x1520 FsDepends - ok
11:10:20.0103 0x1520 [ 2262614848962DDB38FFB7C883E6FB55, 13A0FD679B96A1475FDAD5F64B0A9B07A3B132734888004276481E1060048A59 ] fssfltr E:\Windows\system32\DRIVERS\fssfltr.sys
11:10:20.0135 0x1520 fssfltr - ok
11:10:20.0244 0x1520 [ 7B4C82899A967A7EB22DAB502770AE8E, 209FB59669070FCAAACB24B0CE81C375362BF1C519B15FDB5AA3EC2C87E2069B ] fsssvc E:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:10:20.0400 0x1520 fsssvc - ok
11:10:20.0431 0x1520 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec E:\Windows\system32\drivers\Fs_Rec.sys
11:10:20.0462 0x1520 Fs_Rec - ok
11:10:20.0493 0x1520 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol E:\Windows\system32\DRIVERS\fvevol.sys
11:10:20.0556 0x1520 fvevol - ok
11:10:20.0571 0x1520 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx E:\Windows\system32\DRIVERS\gagp30kx.sys
11:10:20.0603 0x1520 gagp30kx - ok
11:10:20.0649 0x1520 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc E:\Windows\System32\gpsvc.dll
11:10:20.0774 0x1520 gpsvc - ok
11:10:20.0837 0x1520 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate E:\Program Files\Google\Update\GoogleUpdate.exe
11:10:20.0868 0x1520 gupdate - ok
11:10:20.0883 0x1520 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem E:\Program Files\Google\Update\GoogleUpdate.exe
11:10:20.0915 0x1520 gupdatem - ok
11:10:20.0930 0x1520 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir E:\Windows\system32\drivers\hcw85cir.sys
11:10:20.0977 0x1520 hcw85cir - ok
11:10:21.0024 0x1520 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService E:\Windows\system32\drivers\HdAudio.sys
11:10:21.0102 0x1520 HdAudAddService - ok
11:10:21.0133 0x1520 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus E:\Windows\system32\drivers\HDAudBus.sys
11:10:21.0180 0x1520 HDAudBus - ok
11:10:21.0195 0x1520 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt E:\Windows\system32\DRIVERS\HidBatt.sys
11:10:21.0242 0x1520 HidBatt - ok
11:10:21.0258 0x1520 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth E:\Windows\system32\DRIVERS\hidbth.sys
11:10:21.0320 0x1520 HidBth - ok
11:10:21.0351 0x1520 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr E:\Windows\system32\DRIVERS\hidir.sys
11:10:21.0383 0x1520 HidIr - ok
11:10:21.0414 0x1520 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv E:\Windows\system32\hidserv.dll
11:10:21.0476 0x1520 hidserv - ok
11:10:21.0492 0x1520 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb E:\Windows\system32\DRIVERS\hidusb.sys
11:10:21.0539 0x1520 HidUsb - ok
11:10:21.0570 0x1520 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc E:\Windows\system32\kmsvc.dll
11:10:21.0632 0x1520 hkmsvc - ok
11:10:21.0663 0x1520 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener E:\Windows\system32\ListSvc.dll
11:10:21.0726 0x1520 HomeGroupListener - ok
11:10:21.0773 0x1520 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider E:\Windows\system32\provsvc.dll
11:10:21.0835 0x1520 HomeGroupProvider - ok
11:10:21.0851 0x1520 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD E:\Windows\system32\drivers\HpSAMD.sys
11:10:21.0897 0x1520 HpSAMD - ok
11:10:21.0975 0x1520 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP E:\Windows\system32\drivers\HTTP.sys
11:10:22.0069 0x1520 HTTP - ok
11:10:22.0147 0x1520 [ 8A670E1FC2B308C6023E009728CE1B16, DCE9A99F2B9B2A54B75A3C09CBD0D04141D53F82157493E8E3B9F7E63E0C8122 ] huawei_cdcacm E:\Windows\system32\DRIVERS\ew_jucdcacm.sys
11:10:22.0209 0x1520 huawei_cdcacm - ok
11:10:22.0256 0x1520 [ 54407CB2EFDA98053DEC65FC5760105F, D907CA6949C545BFC30C0710B0A829A5C64B87C544191727371D7D0AEA8EC1E8 ] huawei_cdcecm E:\Windows\system32\DRIVERS\ew_jucdcecm.sys
11:10:22.0303 0x1520 huawei_cdcecm - ok
11:10:22.0334 0x1520 [ 4F3C8140A1725FBAAA786A351AF13437, 98E03B18CD1D01E5FF12C54B80655CFAE98E19A84F862DF14D6E6A130469FF77 ] huawei_enumerator E:\Windows\system32\DRIVERS\ew_jubusenum.sys
11:10:22.0381 0x1520 huawei_enumerator - ok
11:10:22.0397 0x1520 [ E43FBF827B32F11BF4E33FE67C52FE0C, 7FF0D9CFF65F97D29B72DCA2C92E58833A23234096BB78E24CE9BC041D322817 ] huawei_ext_ctrl E:\Windows\system32\DRIVERS\ew_juextctrl.sys
11:10:22.0443 0x1520 huawei_ext_ctrl - ok
11:10:22.0490 0x1520 [ 8ABB5F714050209E5C7537DE18F7FB7B, 8AAA8F5BDF167F62958F98E0750940AFFD9D01D1879BF8E17DE034E2991FDA8C ] hwdatacard E:\Windows\system32\DRIVERS\ewusbmdm.sys
11:10:22.0537 0x1520 hwdatacard - ok
11:10:22.0553 0x1520 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy E:\Windows\system32\drivers\hwpolicy.sys
11:10:22.0584 0x1520 hwpolicy - ok
11:10:22.0599 0x1520 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt E:\Windows\system32\drivers\i8042prt.sys
11:10:22.0646 0x1520 i8042prt - ok
11:10:22.0693 0x1520 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV E:\Windows\system32\drivers\iaStorV.sys
11:10:22.0740 0x1520 iaStorV - ok
11:10:22.0802 0x1520 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc E:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:10:22.0896 0x1520 idsvc - ok
11:10:22.0927 0x1520 IEEtwCollectorService - ok
11:10:22.0943 0x1520 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp E:\Windows\system32\DRIVERS\iirsp.sys
11:10:22.0974 0x1520 iirsp - ok
11:10:23.0036 0x1520 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT E:\Windows\System32\ikeext.dll
11:10:23.0145 0x1520 IKEEXT - ok
11:10:23.0161 0x1520 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide E:\Windows\system32\drivers\intelide.sys
11:10:23.0192 0x1520 intelide - ok
11:10:23.0223 0x1520 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm E:\Windows\system32\DRIVERS\intelppm.sys
11:10:23.0301 0x1520 intelppm - ok
11:10:23.0317 0x1520 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum E:\Windows\system32\ipbusenum.dll
11:10:23.0379 0x1520 IPBusEnum - ok
11:10:23.0395 0x1520 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver E:\Windows\system32\DRIVERS\ipfltdrv.sys
11:10:23.0457 0x1520 IpFilterDriver - ok
11:10:23.0489 0x1520 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc E:\Windows\System32\iphlpsvc.dll
11:10:23.0598 0x1520 iphlpsvc - ok
11:10:23.0629 0x1520 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV E:\Windows\system32\drivers\IPMIDrv.sys
11:10:23.0660 0x1520 IPMIDRV - ok
11:10:23.0691 0x1520 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT E:\Windows\system32\drivers\ipnat.sys
11:10:23.0754 0x1520 IPNAT - ok
11:10:23.0801 0x1520 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM E:\Windows\system32\drivers\irenum.sys
11:10:23.0863 0x1520 IRENUM - ok
11:10:23.0894 0x1520 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp E:\Windows\system32\drivers\isapnp.sys
11:10:23.0925 0x1520 isapnp - ok
11:10:23.0972 0x1520 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt E:\Windows\system32\drivers\msiscsi.sys
11:10:24.0035 0x1520 iScsiPrt - ok
11:10:24.0066 0x1520 [ 66A54519ED42EC2CCCA592F47EB02C5D, CB4FBEFB7632895D5D8F8593CC6379FD86542205FEE63ECAE5153BB4B008CFEC ] JRAID E:\Windows\system32\DRIVERS\jraid.sys
11:10:24.0097 0x1520 JRAID - ok
11:10:24.0128 0x1520 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass E:\Windows\system32\drivers\kbdclass.sys
11:10:24.0159 0x1520 kbdclass - ok
11:10:24.0191 0x1520 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid E:\Windows\system32\drivers\kbdhid.sys
11:10:24.0237 0x1520 kbdhid - ok
11:10:24.0253 0x1520 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso E:\Windows\system32\lsass.exe
11:10:24.0284 0x1520 KeyIso - ok
11:10:24.0315 0x1520 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD E:\Windows\system32\Drivers\ksecdd.sys
11:10:24.0347 0x1520 KSecDD - ok
11:10:24.0378 0x1520 [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg E:\Windows\system32\Drivers\ksecpkg.sys
11:10:24.0425 0x1520 KSecPkg - ok
11:10:24.0456 0x1520 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm E:\Windows\system32\msdtckrm.dll
11:10:24.0549 0x1520 KtmRm - ok
11:10:24.0565 0x1520 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer E:\Windows\system32\srvsvc.dll
11:10:24.0643 0x1520 LanmanServer - ok
11:10:24.0674 0x1520 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation E:\Windows\System32\wkssvc.dll
11:10:24.0752 0x1520 LanmanWorkstation - ok
11:10:24.0783 0x1520 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio E:\Windows\system32\DRIVERS\lltdio.sys
11:10:24.0846 0x1520 lltdio - ok
11:10:24.0877 0x1520 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc E:\Windows\System32\lltdsvc.dll
11:10:24.0955 0x1520 lltdsvc - ok
11:10:24.0971 0x1520 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts E:\Windows\System32\lmhsvc.dll
11:10:25.0033 0x1520 lmhosts - ok
11:10:25.0049 0x1520 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC E:\Windows\system32\DRIVERS\lsi_fc.sys
11:10:25.0095 0x1520 LSI_FC - ok
11:10:25.0095 0x1520 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS E:\Windows\system32\DRIVERS\lsi_sas.sys
11:10:25.0142 0x1520 LSI_SAS - ok
11:10:25.0158 0x1520 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 E:\Windows\system32\DRIVERS\lsi_sas2.sys
11:10:25.0189 0x1520 LSI_SAS2 - ok
11:10:25.0205 0x1520 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI E:\Windows\system32\DRIVERS\lsi_scsi.sys
11:10:25.0251 0x1520 LSI_SCSI - ok
11:10:25.0267 0x1520 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv E:\Windows\system32\drivers\luafv.sys
11:10:25.0345 0x1520 luafv - ok
11:10:25.0376 0x1520 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc E:\Windows\system32\Mcx2Svc.dll
11:10:25.0439 0x1520 Mcx2Svc - ok
11:10:25.0470 0x1520 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas E:\Windows\system32\DRIVERS\megasas.sys
11:10:25.0501 0x1520 megasas - ok
11:10:25.0517 0x1520 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR E:\Windows\system32\DRIVERS\MegaSR.sys
11:10:25.0579 0x1520 MegaSR - ok
11:10:25.0595 0x1520 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS E:\Windows\system32\mmcss.dll
11:10:25.0657 0x1520 MMCSS - ok
11:10:25.0673 0x1520 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem E:\Windows\system32\drivers\modem.sys
11:10:25.0735 0x1520 Modem - ok
11:10:25.0782 0x1520 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor E:\Windows\system32\DRIVERS\monitor.sys
11:10:25.0829 0x1520 monitor - ok
11:10:25.0860 0x1520 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass E:\Windows\system32\drivers\mouclass.sys
11:10:25.0891 0x1520 mouclass - ok
11:10:25.0907 0x1520 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid E:\Windows\system32\DRIVERS\mouhid.sys
11:10:25.0953 0x1520 mouhid - ok
11:10:26.0000 0x1520 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr E:\Windows\system32\drivers\mountmgr.sys
11:10:26.0031 0x1520 mountmgr - ok
11:10:26.0094 0x1520 [ 9E587AFE2AD4873C809F1E0C598AB435, 0B0ECFF265120BCBAC37CF9B53B18462725AB991D00B90DBEE8DD9375121DA4F ] MozillaMaintenance E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:10:26.0141 0x1520 MozillaMaintenance - ok
11:10:26.0187 0x1520 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio E:\Windows\system32\drivers\mpio.sys
11:10:26.0234 0x1520 mpio - ok
11:10:26.0250 0x1520 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv E:\Windows\system32\drivers\mpsdrv.sys
11:10:26.0312 0x1520 mpsdrv - ok
11:10:26.0359 0x1520 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc E:\Windows\system32\mpssvc.dll
11:10:26.0484 0x1520 MpsSvc - ok
11:10:26.0515 0x1520 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV E:\Windows\system32\drivers\mrxdav.sys
11:10:26.0562 0x1520 MRxDAV - ok
11:10:26.0593 0x1520 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb E:\Windows\system32\DRIVERS\mrxsmb.sys
11:10:26.0640 0x1520 mrxsmb - ok
11:10:26.0687 0x1520 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 E:\Windows\system32\DRIVERS\mrxsmb10.sys
11:10:26.0749 0x1520 mrxsmb10 - ok
11:10:26.0765 0x1520 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 E:\Windows\system32\DRIVERS\mrxsmb20.sys
11:10:26.0827 0x1520 mrxsmb20 - ok
11:10:26.0843 0x1520 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci E:\Windows\system32\drivers\msahci.sys
11:10:26.0874 0x1520 msahci - ok
11:10:26.0889 0x1520 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm E:\Windows\system32\drivers\msdsm.sys
11:10:26.0921 0x1520 msdsm - ok
11:10:26.0952 0x1520 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC E:\Windows\System32\msdtc.exe
11:10:27.0014 0x1520 MSDTC - ok
11:10:27.0045 0x1520 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs E:\Windows\system32\drivers\Msfs.sys
11:10:27.0092 0x1520 Msfs - ok
11:10:27.0108 0x1520 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf E:\Windows\System32\drivers\mshidkmdf.sys
11:10:27.0170 0x1520 mshidkmdf - ok
11:10:27.0186 0x1520 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv E:\Windows\system32\drivers\msisadrv.sys
11:10:27.0217 0x1520 msisadrv - ok
11:10:27.0248 0x1520 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI E:\Windows\system32\iscsiexe.dll
11:10:27.0326 0x1520 MSiSCSI - ok
11:10:27.0326 0x1520 msiserver - ok
11:10:27.0373 0x1520 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV E:\Windows\system32\drivers\MSKSSRV.sys
11:10:27.0420 0x1520 MSKSSRV - ok
11:10:27.0435 0x1520 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK E:\Windows\system32\drivers\MSPCLOCK.sys
11:10:27.0498 0x1520 MSPCLOCK - ok
11:10:27.0513 0x1520 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM E:\Windows\system32\drivers\MSPQM.sys
11:10:27.0576 0x1520 MSPQM - ok
11:10:27.0607 0x1520 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC E:\Windows\system32\drivers\MsRPC.sys
11:10:27.0638 0x1520 MsRPC - ok
11:10:27.0654 0x1520 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios E:\Windows\system32\drivers\mssmbios.sys
11:10:27.0685 0x1520 mssmbios - ok
11:10:27.0701 0x1520 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE E:\Windows\system32\drivers\MSTEE.sys
11:10:27.0747 0x1520 MSTEE - ok
11:10:27.0763 0x1520 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig E:\Windows\system32\DRIVERS\MTConfig.sys
11:10:27.0810 0x1520 MTConfig - ok
11:10:27.0825 0x1520 [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor E:\Windows\system32\DRIVERS\ASACPI.sys
11:10:27.0857 0x1520 MTsensor - ok
11:10:27.0872 0x1520 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup E:\Windows\system32\Drivers\mup.sys
11:10:27.0903 0x1520 Mup - ok
11:10:27.0981 0x1520 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent E:\Windows\system32\qagentRT.dll
11:10:28.0059 0x1520 napagent - ok
11:10:28.0091 0x1520 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP E:\Windows\system32\DRIVERS\nwifi.sys
11:10:28.0169 0x1520 NativeWifiP - ok
11:10:28.0215 0x1520 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS E:\Windows\system32\drivers\ndis.sys
11:10:28.0293 0x1520 NDIS - ok
11:10:28.0309 0x1520 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap E:\Windows\system32\DRIVERS\ndiscap.sys
11:10:28.0371 0x1520 NdisCap - ok
11:10:28.0403 0x1520 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi E:\Windows\system32\DRIVERS\ndistapi.sys
11:10:28.0449 0x1520 NdisTapi - ok
11:10:28.0512 0x1520 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio E:\Windows\system32\DRIVERS\ndisuio.sys
11:10:28.0574 0x1520 Ndisuio - ok
11:10:28.0605 0x1520 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan E:\Windows\system32\DRIVERS\ndiswan.sys
11:10:28.0668 0x1520 NdisWan - ok
11:10:28.0683 0x1520 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy E:\Windows\system32\drivers\NDProxy.sys
11:10:28.0746 0x1520 NDProxy - ok
11:10:28.0761 0x1520 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS E:\Windows\system32\DRIVERS\netbios.sys
11:10:28.0824 0x1520 NetBIOS - ok
11:10:28.0855 0x1520 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT E:\Windows\system32\DRIVERS\netbt.sys
11:10:28.0933 0x1520 NetBT - ok
11:10:28.0949 0x1520 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon E:\Windows\system32\lsass.exe
11:10:28.0980 0x1520 Netlogon - ok
11:10:29.0011 0x1520 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman E:\Windows\System32\netman.dll
11:10:29.0105 0x1520 Netman - ok
11:10:29.0136 0x1520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator E:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:10:29.0183 0x1520 NetMsmqActivator - ok
11:10:29.0198 0x1520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator E:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:10:29.0245 0x1520 NetPipeActivator - ok
11:10:29.0276 0x1520 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm E:\Windows\System32\netprofm.dll
11:10:29.0354 0x1520 netprofm - ok
11:10:29.0370 0x1520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator E:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:10:29.0417 0x1520 NetTcpActivator - ok
11:10:29.0432 0x1520 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing E:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:10:29.0463 0x1520 NetTcpPortSharing - ok
11:10:29.0495 0x1520 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 E:\Windows\system32\DRIVERS\nfrd960.sys
11:10:29.0526 0x1520 nfrd960 - ok
11:10:29.0557 0x1520 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc E:\Windows\System32\nlasvc.dll
11:10:29.0635 0x1520 NlaSvc - ok
11:10:29.0697 0x1520 [ D8F75DC28A480E1BA288F217CC7144D2, 36838F9BC402DF26B19919EC6A616BC35A336F9E8B47868F01C71C64F290FAC7 ] nm3 E:\Windows\system32\DRIVERS\nm3.sys
11:10:29.0729 0x1520 nm3 - ok
11:10:29.0760 0x1520 [ A00877C05933FBA8AFB3390DD72D4679, 684D9642173C4BF4B752F259D5E89F16BC8B4B1608F1E6E176AA692A9775CE38 ] nmwcd E:\Windows\system32\drivers\ccdcmb.sys
11:10:29.0822 0x1520 nmwcd - ok
11:10:29.0838 0x1520 [ 9FF15F18E4E8758AC57BDB910D0238B3, F27C40BDD3818C54E1099AD525C7C19B424E0C4676DB366DE0E905CA3F82A310 ] nmwcdc E:\Windows\system32\drivers\ccdcmbo.sys
11:10:29.0900 0x1520 nmwcdc - ok
11:10:29.0931 0x1520 [ B0575681498D75E0C0432200702B4A0A, EE6037B038265562A4F59E92A9F665C7A8AA8E8C5DEB3481F1F7B6D39A4E4954 ] nmwcdnsu E:\Windows\system32\drivers\nmwcdnsu.sys
11:10:29.0994 0x1520 nmwcdnsu - ok
11:10:30.0009 0x1520 [ 9699486E10F89163979FCD48A40FE805, 04D05666920C91106FFF60F1DCE7D8B89F6F1419D0035A5BF7AB5F0BA5C39B31 ] nmwcdnsuc E:\Windows\system32\drivers\nmwcdnsuc.sys
11:10:30.0072 0x1520 nmwcdnsuc - ok
11:10:30.0103 0x1520 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs E:\Windows\system32\drivers\Npfs.sys
11:10:30.0150 0x1520 Npfs - ok
11:10:30.0197 0x1520 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi E:\Windows\system32\nsisvc.dll
11:10:30.0259 0x1520 nsi - ok
11:10:30.0290 0x1520 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy E:\Windows\system32\drivers\nsiproxy.sys
11:10:30.0337 0x1520 nsiproxy - ok
11:10:30.0399 0x1520 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs E:\Windows\system32\drivers\Ntfs.sys
11:10:30.0555 0x1520 Ntfs - ok
11:10:30.0587 0x1520 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null E:\Windows\system32\drivers\Null.sys
11:10:30.0649 0x1520 Null - ok
11:10:30.0680 0x1520 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid E:\Windows\system32\drivers\nvraid.sys
11:10:30.0727 0x1520 nvraid - ok
11:10:30.0758 0x1520 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor E:\Windows\system32\drivers\nvstor.sys
11:10:30.0789 0x1520 nvstor - ok
11:10:30.0821 0x1520 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp E:\Windows\system32\drivers\nv_agp.sys
11:10:30.0852 0x1520 nv_agp - ok
11:10:30.0867 0x1520 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 E:\Windows\system32\drivers\ohci1394.sys
11:10:30.0914 0x1520 ohci1394 - ok
11:10:30.0945 0x1520 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc E:\Windows\system32\pnrpsvc.dll
11:10:31.0023 0x1520 p2pimsvc - ok
11:10:31.0055 0x1520 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc E:\Windows\system32\p2psvc.dll
11:10:31.0148 0x1520 p2psvc - ok
11:10:31.0179 0x1520 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport E:\Windows\system32\DRIVERS\parport.sys
11:10:31.0226 0x1520 Parport - ok
11:10:31.0242 0x1520 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr E:\Windows\system32\drivers\partmgr.sys
11:10:31.0273 0x1520 partmgr - ok
11:10:31.0289 0x1520 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm E:\Windows\system32\DRIVERS\parvdm.sys
11:10:31.0320 0x1520 Parvdm - ok
11:10:31.0351 0x1520 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc E:\Windows\System32\pcasvc.dll
11:10:31.0413 0x1520 PcaSvc - ok
11:10:31.0460 0x1520 [ F451DCACBAA67F3307305EBD4A39EA07, C4435BF4C2D16F3DC0B35732BE3602FFA28DB0A5BC5576F45E0D32E5F4CD2DEA ] pccsmcfd E:\Windows\system32\DRIVERS\pccsmcfd.sys
11:10:31.0507 0x1520 pccsmcfd - ok
11:10:31.0523 0x1520 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci E:\Windows\system32\drivers\pci.sys
11:10:31.0569 0x1520 pci - ok
11:10:31.0585 0x1520 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide E:\Windows\system32\drivers\pciide.sys
11:10:31.0601 0x1520 pciide - ok
11:10:31.0632 0x1520 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia E:\Windows\system32\DRIVERS\pcmcia.sys
11:10:31.0679 0x1520 pcmcia - ok
11:10:31.0679 0x1520 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw E:\Windows\system32\drivers\pcw.sys
11:10:31.0710 0x1520 pcw - ok
11:10:31.0757 0x1520 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH E:\Windows\system32\drivers\peauth.sys
11:10:31.0866 0x1520 PEAUTH - ok
11:10:31.0959 0x1520 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla E:\Windows\system32\pla.dll
11:10:32.0147 0x1520 pla - ok
11:10:32.0193 0x1520 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay E:\Windows\system32\umpnpmgr.dll
11:10:32.0271 0x1520 PlugPlay - ok
11:10:32.0287 0x1520 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg E:\Windows\system32\pnrpauto.dll
11:10:32.0334 0x1520 PNRPAutoReg - ok
11:10:32.0365 0x1520 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc E:\Windows\system32\pnrpsvc.dll
11:10:32.0412 0x1520 PNRPsvc - ok
11:10:32.0459 0x1520 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent E:\Windows\System32\ipsecsvc.dll
11:10:32.0552 0x1520 PolicyAgent - ok
11:10:32.0583 0x1520 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power E:\Windows\system32\umpo.dll
11:10:32.0661 0x1520 Power - ok
11:10:32.0693 0x1520 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport E:\Windows\system32\DRIVERS\raspptp.sys
11:10:32.0739 0x1520 PptpMiniport - ok
11:10:32.0755 0x1520 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor E:\Windows\system32\DRIVERS\processr.sys
11:10:32.0802 0x1520 Processor - ok
11:10:32.0833 0x1520 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc E:\Windows\system32\profsvc.dll
11:10:32.0911 0x1520 ProfSvc - ok
11:10:32.0927 0x1520 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage E:\Windows\system32\lsass.exe
11:10:32.0973 0x1520 ProtectedStorage - ok
11:10:32.0989 0x1520 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched E:\Windows\system32\DRIVERS\pacer.sys
11:10:33.0051 0x1520 Psched - ok
11:10:33.0114 0x1520 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 E:\Windows\system32\DRIVERS\ql2300.sys
11:10:33.0239 0x1520 ql2300 - ok
11:10:33.0270 0x1520 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx E:\Windows\system32\DRIVERS\ql40xx.sys
11:10:33.0301 0x1520 ql40xx - ok
11:10:33.0332 0x1520 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE E:\Windows\system32\qwave.dll
11:10:33.0395 0x1520 QWAVE - ok
11:10:33.0410 0x1520 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv E:\Windows\system32\drivers\qwavedrv.sys
11:10:33.0457 0x1520 QWAVEdrv - ok
11:10:33.0473 0x1520 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd E:\Windows\system32\DRIVERS\rasacd.sys
11:10:33.0519 0x1520 RasAcd - ok
11:10:33.0535 0x1520 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn E:\Windows\system32\DRIVERS\AgileVpn.sys
11:10:33.0582 0x1520 RasAgileVpn - ok
11:10:33.0597 0x1520 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto E:\Windows\System32\rasauto.dll
11:10:33.0675 0x1520 RasAuto - ok
11:10:33.0707 0x1520 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp E:\Windows\system32\DRIVERS\rasl2tp.sys
11:10:33.0769 0x1520 Rasl2tp - ok
11:10:33.0800 0x1520 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan E:\Windows\System32\rasmans.dll
11:10:33.0894 0x1520 RasMan - ok
11:10:33.0925 0x1520 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe E:\Windows\system32\DRIVERS\raspppoe.sys
11:10:33.0972 0x1520 RasPppoe - ok
11:10:34.0003 0x1520 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp E:\Windows\system32\DRIVERS\rassstp.sys
11:10:34.0065 0x1520 RasSstp - ok
11:10:34.0112 0x1520 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss E:\Windows\system32\DRIVERS\rdbss.sys
11:10:34.0175 0x1520 rdbss - ok
11:10:34.0206 0x1520 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus E:\Windows\system32\DRIVERS\rdpbus.sys
11:10:34.0253 0x1520 rdpbus - ok
11:10:34.0268 0x1520 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD E:\Windows\system32\DRIVERS\RDPCDD.sys
11:10:34.0331 0x1520 RDPCDD - ok
11:10:34.0362 0x1520 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD E:\Windows\system32\drivers\rdpencdd.sys
11:10:34.0409 0x1520 RDPENCDD - ok
11:10:34.0424 0x1520 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP E:\Windows\system32\drivers\rdprefmp.sys
11:10:34.0487 0x1520 RDPREFMP - ok
11:10:34.0565 0x1520 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport E:\Windows\system32\drivers\rdpvideominiport.sys
11:10:34.0611 0x1520 RdpVideoMiniport - ok
11:10:34.0643 0x1520 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD E:\Windows\system32\drivers\RDPWD.sys
11:10:34.0705 0x1520 RDPWD - ok
11:10:34.0736 0x1520 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost E:\Windows\system32\drivers\rdyboost.sys
11:10:34.0783 0x1520 rdyboost - ok
11:10:34.0814 0x1520 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess E:\Windows\System32\mprdim.dll
11:10:34.0877 0x1520 RemoteAccess - ok
11:10:34.0892 0x1520 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry E:\Windows\system32\regsvc.dll
11:10:34.0955 0x1520 RemoteRegistry - ok
11:10:34.0970 0x1520 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper E:\Windows\System32\RpcEpMap.dll
11:10:35.0048 0x1520 RpcEptMapper - ok
11:10:35.0064 0x1520 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator E:\Windows\system32\locator.exe
11:10:35.0111 0x1520 RpcLocator - ok
11:10:35.0142 0x1520 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs E:\Windows\system32\rpcss.dll
11:10:35.0220 0x1520 RpcSs - ok
11:10:35.0251 0x1520 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr E:\Windows\system32\DRIVERS\rspndr.sys
11:10:35.0313 0x1520 rspndr - ok
11:10:35.0345 0x1520 [ 4E20765744BFBC16F6D6E5BD5598786B, CDB5AB7F8BE3C0085D08DC00CC8DB3266ABA16228B2F022380482C9D05070839 ] RTL8023xp E:\Windows\system32\DRIVERS\Rtnicxp.sys
11:10:35.0376 0x1520 RTL8023xp - ok
11:10:35.0423 0x1520 [ 5283B9A27FF230F2FF70D92451FF409A, B8BAC70E1DE4485C79CA7B47D4DCFE0223CECEA8ED75CE4F128D47051F95FE5D ] RTL8167 E:\Windows\system32\DRIVERS\Rt86win7.sys
11:10:35.0469 0x1520 RTL8167 - ok
11:10:35.0469 0x1520 S3GIGP - ok
11:10:35.0501 0x1520 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs E:\Windows\system32\lsass.exe
11:10:35.0532 0x1520 SamSs - ok
11:10:35.0563 0x1520 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port E:\Windows\system32\drivers\sbp2port.sys
11:10:35.0594 0x1520 sbp2port - ok
11:10:35.0625 0x1520 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr E:\Windows\System32\SCardSvr.dll
11:10:35.0719 0x1520 SCardSvr - ok
11:10:35.0735 0x1520 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter E:\Windows\system32\DRIVERS\scfilter.sys
11:10:35.0813 0x1520 scfilter - ok
11:10:35.0875 0x1520 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule E:\Windows\system32\schedsvc.dll
11:10:36.0000 0x1520 Schedule - ok
11:10:36.0015 0x1520 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc E:\Windows\System32\certprop.dll
11:10:36.0078 0x1520 SCPolicySvc - ok
11:10:36.0109 0x1520 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC E:\Windows\System32\SDRSVC.dll
11:10:36.0171 0x1520 SDRSVC - ok
11:10:36.0374 0x1520 [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService E:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
11:10:36.0593 0x1520 SDScannerService - ok
11:10:36.0686 0x1520 [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService E:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:10:36.0780 0x1520 SDUpdateService - ok
11:10:36.0795 0x1520 [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService E:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
11:10:36.0842 0x1520 SDWSCService - ok
11:10:36.0858 0x1520 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv E:\Windows\system32\drivers\secdrv.sys
11:10:36.0920 0x1520 secdrv - ok
11:10:36.0951 0x1520 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon E:\Windows\system32\seclogon.dll
11:10:37.0014 0x1520 seclogon - ok
11:10:37.0029 0x1520 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS E:\Windows\System32\sens.dll
11:10:37.0107 0x1520 SENS - ok
11:10:37.0139 0x1520 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc E:\Windows\system32\sensrsvc.dll
11:10:37.0185 0x1520 SensrSvc - ok
11:10:37.0201 0x1520 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum E:\Windows\system32\DRIVERS\serenum.sys
11:10:37.0248 0x1520 Serenum - ok
11:10:37.0263 0x1520 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial E:\Windows\system32\DRIVERS\serial.sys
11:10:37.0310 0x1520 Serial - ok
11:10:37.0326 0x1520 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse E:\Windows\system32\DRIVERS\sermouse.sys
11:10:37.0373 0x1520 sermouse - ok
11:10:37.0451 0x1520 [ 78F7BB9F4924BE164294C59B8C3FC096, 75051A6A8B0DBB16CD70855A408134270EEAF0C127BAAE5B592DB53BB87C085B ] ServiceLayer E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
11:10:37.0544 0x1520 ServiceLayer - ok
11:10:37.0591 0x1520 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv E:\Windows\system32\sessenv.dll
11:10:37.0653 0x1520 SessionEnv - ok
11:10:37.0669 0x1520 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk E:\Windows\system32\drivers\sffdisk.sys
11:10:37.0716 0x1520 sffdisk - ok
11:10:37.0716 0x1520 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc E:\Windows\system32\drivers\sffp_mmc.sys
11:10:37.0763 0x1520 sffp_mmc - ok
11:10:37.0778 0x1520 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd E:\Windows\system32\drivers\sffp_sd.sys
11:10:37.0825 0x1520 sffp_sd - ok
11:10:37.0825 0x1520 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy E:\Windows\system32\DRIVERS\sfloppy.sys
11:10:37.0887 0x1520 sfloppy - ok
11:10:37.0934 0x1520 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess E:\Windows\System32\ipnathlp.dll
11:10:38.0043 0x1520 SharedAccess - ok
11:10:38.0075 0x1520 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection E:\Windows\System32\shsvcs.dll
11:10:38.0168 0x1520 ShellHWDetection - ok
11:10:38.0199 0x1520 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp E:\Windows\system32\drivers\sisagp.sys
11:10:38.0231 0x1520 sisagp - ok
11:10:38.0246 0x1520 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 E:\Windows\system32\DRIVERS\SiSRaid2.sys
11:10:38.0277 0x1520 SiSRaid2 - ok
11:10:38.0309 0x1520 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 E:\Windows\system32\DRIVERS\sisraid4.sys
11:10:38.0340 0x1520 SiSRaid4 - ok
11:10:38.0402 0x1520 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate E:\Program Files\Skype\Updater\Updater.exe
11:10:38.0449 0x1520 SkypeUpdate - ok
11:10:38.0480 0x1520 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb E:\Windows\system32\DRIVERS\smb.sys
11:10:38.0527 0x1520 Smb - ok
11:10:38.0574 0x1520 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP E:\Windows\System32\snmptrap.exe
11:10:38.0621 0x1520 SNMPTRAP - ok
11:10:39.0011 0x1520 [ 419C9A8DCE47328F8683EEFE86F71308, 36632120F1AA01AFE7A86D5BE5204C739C9CC50FE61195289753B72E61E16352 ] SNP2STD E:\Windows\system32\DRIVERS\snp2sxp.sys
11:10:39.0635 0x1520 SNP2STD - ok
11:10:39.0681 0x1520 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr E:\Windows\system32\drivers\spldr.sys
11:10:39.0713 0x1520 spldr - ok
11:10:39.0759 0x1520 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler E:\Windows\System32\spoolsv.exe
11:10:39.0837 0x1520 Spooler - ok
11:10:39.0962 0x1520 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc E:\Windows\system32\sppsvc.exe
11:10:40.0243 0x1520 sppsvc - ok
11:10:40.0274 0x1520 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify E:\Windows\system32\sppuinotify.dll
11:10:40.0352 0x1520 sppuinotify - ok
11:10:40.0383 0x1520 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv E:\Windows\system32\DRIVERS\srv.sys
11:10:40.0461 0x1520 srv - ok
11:10:40.0493 0x1520 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 E:\Windows\system32\DRIVERS\srv2.sys
11:10:40.0571 0x1520 srv2 - ok
11:10:40.0586 0x1520 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet E:\Windows\system32\DRIVERS\srvnet.sys
11:10:40.0649 0x1520 srvnet - ok
11:10:40.0664 0x1520 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV E:\Windows\System32\ssdpsrv.dll
11:10:40.0742 0x1520 SSDPSRV - ok
11:10:40.0773 0x1520 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc E:\Windows\system32\sstpsvc.dll
11:10:40.0867 0x1520 SstpSvc - ok
11:10:40.0883 0x1520 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor E:\Windows\system32\DRIVERS\stexstor.sys
11:10:40.0929 0x1520 stexstor - ok
11:10:40.0976 0x1520 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc E:\Windows\System32\wiaservc.dll
11:10:41.0070 0x1520 StiSvc - ok
11:10:41.0101 0x1520 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum E:\Windows\system32\drivers\swenum.sys
11:10:41.0132 0x1520 swenum - ok
11:10:41.0163 0x1520 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv E:\Windows\System32\swprv.dll
11:10:41.0257 0x1520 swprv - ok
11:10:41.0335 0x1520 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain E:\Windows\system32\sysmain.dll
11:10:41.0491 0x1520 SysMain - ok
11:10:41.0538 0x1520 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService E:\Windows\System32\TabSvc.dll
11:10:41.0585 0x1520 TabletInputService - ok
11:10:41.0616 0x1520 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv E:\Windows\System32\tapisrv.dll
11:10:41.0694 0x1520 TapiSrv - ok
11:10:41.0709 0x1520 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS E:\Windows\System32\tbssvc.dll
11:10:41.0772 0x1520 TBS - ok
11:10:41.0850 0x1520 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip E:\Windows\system32\drivers\tcpip.sys
11:10:41.0990 0x1520 Tcpip - ok
11:10:42.0053 0x1520 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 E:\Windows\system32\DRIVERS\tcpip.sys
11:10:42.0162 0x1520 TCPIP6 - ok
11:10:42.0209 0x1520 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg E:\Windows\system32\drivers\tcpipreg.sys
11:10:42.0255 0x1520 tcpipreg - ok
11:10:42.0271 0x1520 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE E:\Windows\system32\drivers\tdpipe.sys
11:10:42.0318 0x1520 TDPIPE - ok
11:10:42.0349 0x1520 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP E:\Windows\system32\drivers\tdtcp.sys
11:10:42.0396 0x1520 TDTCP - ok
11:10:42.0427 0x1520 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx E:\Windows\system32\DRIVERS\tdx.sys
11:10:42.0474 0x1520 tdx - ok
11:10:42.0692 0x1520 [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9 E:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
11:10:42.0942 0x1520 TeamViewer9 - ok
11:10:42.0973 0x1520 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD E:\Windows\system32\drivers\termdd.sys
11:10:43.0004 0x1520 TermDD - ok
11:10:43.0051 0x1520 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService E:\Windows\System32\termsrv.dll
11:10:43.0145 0x1520 TermService - ok
11:10:43.0176 0x1520 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes E:\Windows\system32\themeservice.dll
11:10:43.0238 0x1520 Themes - ok
11:10:43.0254 0x1520 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER E:\Windows\system32\mmcss.dll
11:10:43.0301 0x1520 THREADORDER - ok
11:10:43.0316 0x1520 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks E:\Windows\System32\trkwks.dll
11:10:43.0394 0x1520 TrkWks - ok
11:10:43.0425 0x1520 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller E:\Windows\servicing\TrustedInstaller.exe
11:10:43.0503 0x1520 TrustedInstaller - ok
11:10:43.0535 0x1520 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv E:\Windows\system32\DRIVERS\tssecsrv.sys
11:10:43.0566 0x1520 tssecsrv - ok
11:10:43.0597 0x1520 [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt E:\Windows\system32\drivers\tsusbflt.sys
11:10:43.0644 0x1520 TsUsbFlt - ok
11:10:43.0691 0x1520 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel E:\Windows\system32\DRIVERS\tunnel.sys
11:10:43.0769 0x1520 tunnel - ok
11:10:43.0769 0x1520 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 E:\Windows\system32\DRIVERS\uagp35.sys
11:10:43.0815 0x1520 uagp35 - ok
11:10:43.0862 0x1520 [ 63F6D08C54D5B3C1B12A6172032055C7, 87D872731D2C85E1A0ED3128CB7AB91AF00D830B0E4307054ABFD1D3900C990D ] uCamMonitor E:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
11:10:43.0909 0x1520 uCamMonitor - ok
11:10:43.0940 0x1520 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs E:\Windows\system32\DRIVERS\udfs.sys
11:10:44.0018 0x1520 udfs - ok
11:10:44.0049 0x1520 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect E:\Windows\system32\UI0Detect.exe
11:10:44.0096 0x1520 UI0Detect - ok
11:10:44.0159 0x1520 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx E:\Windows\system32\drivers\uliagpkx.sys
11:10:44.0190 0x1520 uliagpkx - ok
11:10:44.0221 0x1520 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus E:\Windows\system32\drivers\umbus.sys
11:10:44.0268 0x1520 umbus - ok
11:10:44.0299 0x1520 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass E:\Windows\system32\DRIVERS\umpass.sys
11:10:44.0330 0x1520 UmPass - ok
11:10:44.0361 0x1520 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost E:\Windows\System32\upnphost.dll
11:10:44.0455 0x1520 upnphost - ok
11:10:44.0502 0x1520 [ 8721F55D8BC9F89E3A63CEBDF5EF4FA3, C0C82480014B646709869A6A6FA2B71B993F9FCD8E2DB9E8F7D341C21EE169CF ] upperdev E:\Windows\system32\DRIVERS\usbser_lowerflt.sys
11:10:44.0549 0x1520 upperdev - ok
11:10:44.0580 0x1520 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp E:\Windows\system32\DRIVERS\usbccgp.sys
11:10:44.0627 0x1520 usbccgp - ok
11:10:44.0642 0x1520 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir E:\Windows\system32\drivers\usbcir.sys
11:10:44.0689 0x1520 usbcir - ok
11:10:44.0705 0x1520 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci E:\Windows\system32\DRIVERS\usbehci.sys
11:10:44.0736 0x1520 usbehci - ok
11:10:44.0767 0x1520 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub E:\Windows\system32\DRIVERS\usbhub.sys
11:10:44.0829 0x1520 usbhub - ok
11:10:44.0861 0x1520 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci E:\Windows\system32\drivers\usbohci.sys
11:10:44.0892 0x1520 usbohci - ok
11:10:44.0907 0x1520 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint E:\Windows\system32\DRIVERS\usbprint.sys
11:10:44.0954 0x1520 usbprint - ok
11:10:44.0970 0x1520 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan E:\Windows\system32\DRIVERS\usbscan.sys
11:10:45.0032 0x1520 usbscan - ok
11:10:45.0048 0x1520 [ 007C0C8D5B01D82ACEB70431D15083F6, 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C ] usbser E:\Windows\system32\DRIVERS\usbser.sys
11:10:45.0079 0x1520 usbser - ok
11:10:45.0095 0x1520 [ 4E66C71D8D010BFB0DF1042D25E9CB0F, E581ED3557A06FEE7F35DF1C18C7D74FEFD1FC5E6CDAD6692F66F4A033830F1C ] UsbserFilt E:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
11:10:45.0157 0x1520 UsbserFilt - ok
11:10:45.0188 0x1520 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR E:\Windows\system32\DRIVERS\USBSTOR.SYS
11:10:45.0235 0x1520 USBSTOR - ok
11:10:45.0266 0x1520 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci E:\Windows\system32\DRIVERS\usbuhci.sys
11:10:45.0297 0x1520 usbuhci - ok
11:10:45.0329 0x1520 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo E:\Windows\system32\Drivers\usbvideo.sys
11:10:45.0375 0x1520 usbvideo - ok
11:10:45.0407 0x1520 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms E:\Windows\System32\uxsms.dll
11:10:45.0469 0x1520 UxSms - ok
11:10:45.0485 0x1520 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc E:\Windows\system32\lsass.exe
11:10:45.0531 0x1520 VaultSvc - ok
11:10:45.0547 0x1520 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot E:\Windows\system32\drivers\vdrvroot.sys
11:10:45.0578 0x1520 vdrvroot - ok
11:10:45.0625 0x1520 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds E:\Windows\System32\vds.exe
11:10:45.0719 0x1520 vds - ok
11:10:45.0734 0x1520 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga E:\Windows\system32\DRIVERS\vgapnp.sys
11:10:45.0797 0x1520 vga - ok
11:10:45.0812 0x1520 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave E:\Windows\System32\drivers\vga.sys
11:10:45.0859 0x1520 VgaSave - ok
11:10:45.0890 0x1520 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp E:\Windows\system32\drivers\vhdmp.sys
11:10:45.0937 0x1520 vhdmp - ok
11:10:45.0984 0x1520 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp E:\Windows\system32\drivers\viaagp.sys
11:10:46.0015 0x1520 viaagp - ok
11:10:46.0046 0x1520 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 E:\Windows\system32\DRIVERS\viac7.sys
11:10:46.0109 0x1520 ViaC7 - ok
11:10:46.0155 0x1520 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide E:\Windows\system32\drivers\viaide.sys
11:10:46.0187 0x1520 viaide - ok
11:10:46.0202 0x1520 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr E:\Windows\system32\drivers\volmgr.sys
11:10:46.0233 0x1520 volmgr - ok
11:10:46.0265 0x1520 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx E:\Windows\system32\drivers\volmgrx.sys
11:10:46.0311 0x1520 volmgrx - ok
11:10:46.0343 0x1520 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap E:\Windows\system32\drivers\volsnap.sys
11:10:46.0405 0x1520 volsnap - ok
11:10:46.0436 0x1520 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid E:\Windows\system32\DRIVERS\vsmraid.sys
11:10:46.0467 0x1520 vsmraid - ok
11:10:46.0530 0x1520 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS E:\Windows\system32\vssvc.exe
11:10:46.0701 0x1520 VSS - ok
11:10:46.0717 0x1520 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus E:\Windows\System32\drivers\vwifibus.sys
11:10:46.0764 0x1520 vwifibus - ok
11:10:46.0811 0x1520 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time E:\Windows\system32\w32time.dll
11:10:46.0904 0x1520 W32Time - ok
11:10:46.0935 0x1520 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen E:\Windows\system32\DRIVERS\wacompen.sys
11:10:46.0982 0x1520 WacomPen - ok
11:10:47.0013 0x1520 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP E:\Windows\system32\DRIVERS\wanarp.sys
11:10:47.0076 0x1520 WANARP - ok
11:10:47.0091 0x1520 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 E:\Windows\system32\DRIVERS\wanarp.sys
11:10:47.0138 0x1520 Wanarpv6 - ok
11:10:47.0216 0x1520 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc E:\Windows\system32\Wat\WatAdminSvc.exe
11:10:47.0357 0x1520 WatAdminSvc - ok
11:10:47.0419 0x1520 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine E:\Windows\system32\wbengine.exe
11:10:47.0559 0x1520 wbengine - ok
11:10:47.0575 0x1520 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc E:\Windows\System32\wbiosrvc.dll
11:10:47.0653 0x1520 WbioSrvc - ok
11:10:47.0684 0x1520 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc E:\Windows\System32\wcncsvc.dll
11:10:47.0762 0x1520 wcncsvc - ok
11:10:47.0793 0x1520 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService E:\Windows\System32\WcsPlugInService.dll
11:10:47.0840 0x1520 WcsPlugInService - ok
11:10:47.0856 0x1520 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd E:\Windows\system32\DRIVERS\wd.sys
11:10:47.0887 0x1520 Wd - ok
11:10:47.0934 0x1520 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 E:\Windows\system32\drivers\Wdf01000.sys
11:10:48.0043 0x1520 Wdf01000 - ok
11:10:48.0059 0x1520 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost E:\Windows\system32\wdi.dll
11:10:48.0137 0x1520 WdiServiceHost - ok
11:10:48.0137 0x1520 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost E:\Windows\system32\wdi.dll
11:10:48.0183 0x1520 WdiSystemHost - ok
11:10:48.0215 0x1520 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient E:\Windows\System32\webclnt.dll
11:10:48.0277 0x1520 WebClient - ok
11:10:48.0308 0x1520 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc E:\Windows\system32\wecsvc.dll
11:10:48.0386 0x1520 Wecsvc - ok
11:10:48.0386 0x1520 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport E:\Windows\System32\wercplsupport.dll
11:10:48.0464 0x1520 wercplsupport - ok
11:10:48.0495 0x1520 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc E:\Windows\System32\WerSvc.dll
11:10:48.0573 0x1520 WerSvc - ok
11:10:48.0605 0x1520 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf E:\Windows\system32\DRIVERS\wfplwf.sys
11:10:48.0651 0x1520 WfpLwf - ok
11:10:48.0667 0x1520 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount E:\Windows\system32\drivers\wimmount.sys
11:10:48.0698 0x1520 WIMMount - ok
11:10:48.0761 0x1520 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend E:\Program Files\Windows Defender\mpsvc.dll
11:10:48.0885 0x1520 WinDefend - ok
11:10:48.0901 0x1520 WinHttpAutoProxySvc - ok
11:10:48.0948 0x1520 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt E:\Windows\system32\wbem\WMIsvc.dll
11:10:49.0026 0x1520 Winmgmt - ok
11:10:49.0104 0x1520 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM E:\Windows\system32\WsmSvc.dll
11:10:49.0244 0x1520 WinRM - ok
11:10:49.0291 0x1520 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb E:\Windows\system32\DRIVERS\WinUsb.sys
11:10:49.0338 0x1520 WinUsb - ok
11:10:49.0385 0x1520 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc E:\Windows\System32\wlansvc.dll
11:10:49.0509 0x1520 Wlansvc - ok
11:10:49.0619 0x1520 [ 5E7C103F8475C4289847D15E129C20F7, C6325D3557545FA1DA26B0B1EA9A1C95AED1FA84A93BE29A771DAD9ECB00768B ] wlidsvc E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:10:49.0775 0x1520 wlidsvc - ok
11:10:49.0806 0x1520 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi E:\Windows\system32\drivers\wmiacpi.sys
11:10:49.0853 0x1520 WmiAcpi - ok
11:10:49.0884 0x1520 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv E:\Windows\system32\wbem\WmiApSrv.exe
11:10:49.0931 0x1520 wmiApSrv - ok
11:10:50.0009 0x1520 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc E:\Program Files\Windows Media Player\wmpnetwk.exe
11:10:50.0149 0x1520 WMPNetworkSvc - ok
11:10:50.0149 0x1520 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc E:\Windows\System32\wpcsvc.dll
11:10:50.0196 0x1520 WPCSvc - ok
11:10:50.0227 0x1520 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum E:\Windows\system32\wpdbusenum.dll
11:10:50.0274 0x1520 WPDBusEnum - ok
11:10:50.0289 0x1520 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl E:\Windows\system32\drivers\ws2ifsl.sys
11:10:50.0352 0x1520 ws2ifsl - ok
11:10:50.0383 0x1520 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc E:\Windows\System32\wscsvc.dll
11:10:50.0445 0x1520 wscsvc - ok
11:10:50.0445 0x1520 WSearch - ok
11:10:50.0539 0x1520 [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv E:\Windows\system32\wuaueng.dll
11:10:50.0726 0x1520 wuauserv - ok
11:10:50.0757 0x1520 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf E:\Windows\system32\drivers\WudfPf.sys
11:10:50.0804 0x1520 WudfPf - ok
11:10:50.0835 0x1520 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd E:\Windows\system32\DRIVERS\WUDFRd.sys
11:10:50.0882 0x1520 WUDFRd - ok
11:10:50.0929 0x1520 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc E:\Windows\System32\WUDFSvc.dll
11:10:50.0991 0x1520 wudfsvc - ok
11:10:51.0023 0x1520 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc E:\Windows\System32\wwansvc.dll
11:10:51.0085 0x1520 WwanSvc - ok
11:10:51.0116 0x1520 ================ Scan global ===============================
11:10:51.0147 0x1520 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] E:\Windows\system32\basesrv.dll
11:10:51.0179 0x1520 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] E:\Windows\system32\winsrv.dll
11:10:51.0225 0x1520 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] E:\Windows\system32\winsrv.dll
11:10:51.0272 0x1520 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] E:\Windows\system32\sxssrv.dll
11:10:51.0303 0x1520 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] E:\Windows\system32\services.exe
11:10:51.0335 0x1520 [ Global ] - ok
11:10:51.0335 0x1520 ================ Scan MBR ==================================
11:10:51.0350 0x1520 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:10:51.0662 0x1520 \Device\Harddisk0\DR0 - ok
11:10:51.0662 0x1520 ================ Scan VBR ==================================
11:10:51.0662 0x1520 [ FB9B11E9B0DD8B7BDEA7E48BEF405E87 ] \Device\Harddisk0\DR0\Partition1
11:10:51.0678 0x1520 \Device\Harddisk0\DR0\Partition1 - ok
11:10:51.0678 0x1520 [ 5EAB2C275AB8AA1CFFB68996966DC0B5 ] \Device\Harddisk0\DR0\Partition2
11:10:51.0678 0x1520 \Device\Harddisk0\DR0\Partition2 - ok
11:10:51.0678 0x1520 [ 1239A5E900D4951E4B020B493A8ACBF1 ] \Device\Harddisk0\DR0\Partition3
11:10:51.0693 0x1520 \Device\Harddisk0\DR0\Partition3 - ok
11:10:51.0709 0x1520 [ 3AE05211BEF6DFDEBEEE156661398440 ] \Device\Harddisk0\DR0\Partition4
11:10:51.0725 0x1520 \Device\Harddisk0\DR0\Partition4 - ok
11:10:51.0725 0x1520 ================ Scan generic autorun ======================
11:10:51.0771 0x1520 [ A7810B302294793DE88542AAE177D1B1, F0EE3684DBEB0AAAD912DC04D060976D1EAE92489E192BAE900FA0F417AD20A7 ] E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
11:10:51.0818 0x1520 ArcSoft Connection Service - ok
11:10:51.0865 0x1520 [ 9B5E7EFF0485F39A9663314667D97049, 87F56BD7E309F34BB8D99DFA493B775FAA81DCC7B8D9BD8A9A4696398453AED9 ] E:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe
11:10:51.0912 0x1520 ATICustomerCare - detected UnsignedFile.Multi.Generic ( 1 )
11:10:54.0501 0x1520 Detect skipped due to KSN trusted
11:10:54.0501 0x1520 ATICustomerCare - ok
11:10:54.0517 0x1520 [ FC77F245431D4DA5A9E2A53F3A14B162, 5D45F1AD5492703861873A38FE87F4B8EBBD2DEE3DCFB075D35A362212DF9B04 ] E:\Windows\RaidTool\xInsIDE.exe
11:10:54.0548 0x1520 JMB36X IDE Setup - ok
11:10:54.0579 0x1520 [ 59E647263B59F83B8E323CF9DD2FA00E, B898B9AADD802BAB6007A528BBC05B00CDF2A64D2CE762A37303D49D3FE20CF7 ] E:\Windows\vsnp2std.exe
11:10:54.0642 0x1520 snp2std - ok
11:10:54.0673 0x1520 [ 5100ADC704F2D6CE3DF8C0D5105D6C84, BD46EE57F881EDAB63A0540186D9471F4C70F3E4D72F1C52D72DD9BADF9E7334 ] E:\Program Files\PDF24\pdf24.exe
11:10:54.0720 0x1520 PDFPrint - ok
11:10:54.0938 0x1520 [ AF49D1C79EA49A7833017F290EE63B82, FFE98E8F6AE3BFAB324B3A7C6C6C00545C597A6861CBDD82ACE97591C6A1D287 ] E:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
11:10:55.0203 0x1520 SDTray - ok
11:10:55.0453 0x1520 [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] E:\Program Files\AVAST Software\Avast\AvastUI.exe
11:10:55.0812 0x1520 AvastUI.exe - ok
11:10:55.0921 0x1520 [ 1A8E60B5D28A1BE5E0F1681DE005F27F, 61BADC438CD6537D5E564F85A8526940FAC7D2BA0291E4ADBFC0FDA0B0D60B33 ] E:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe
11:10:55.0999 0x1520 StartCCC - ok
11:10:56.0046 0x1520 [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] E:\Program Files\Common Files\Java\Java Update\jusched.exe
11:10:56.0093 0x1520 SunJavaUpdateSched - ok
11:10:56.0171 0x1520 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] E:\Program Files\Windows Sidebar\Sidebar.exe
11:10:56.0295 0x1520 Sidebar - ok
11:10:56.0327 0x1520 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] E:\Windows\System32\mctadmin.exe
11:10:56.0389 0x1520 mctadmin - ok
11:10:56.0467 0x1520 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] E:\Program Files\Windows Sidebar\Sidebar.exe
11:10:56.0592 0x1520 Sidebar - ok
11:10:56.0607 0x1520 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] E:\Windows\System32\mctadmin.exe
11:10:56.0654 0x1520 mctadmin - ok
11:10:56.0857 0x1520 [ 805210C8DB11D5799E7172923959BF98, A8DCB8A6FDE5ED583D329D6D8A5979FFD3E844046335529BB2E81A5D310E5894 ] E:\Program Files\CCleaner\CCleaner.exe
11:10:57.0122 0x1520 CCleaner Monitoring - ok
11:10:57.0341 0x1520 [ 805210C8DB11D5799E7172923959BF98, A8DCB8A6FDE5ED583D329D6D8A5979FFD3E844046335529BB2E81A5D310E5894 ] E:\Program Files\CCleaner\CCleaner.exe
11:10:57.0621 0x1520 CCleaner Monitoring - ok
11:10:57.0637 0x1520 Waiting for KSN requests completion. In queue: 13
11:10:58.0651 0x1520 Waiting for KSN requests completion. In queue: 13
11:10:59.0665 0x1520 Waiting for KSN requests completion. In queue: 13
11:11:00.0726 0x1520 AV detected via SS2: avast! Antivirus, E:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
11:11:00.0726 0x1520 Win FW state via NFP2: enabled
11:11:03.0222 0x1520 ============================================================
11:11:03.0222 0x1520 Scan finished
11:11:03.0222 0x1520 ============================================================
11:11:03.0237 0x1264 Detected object count: 0
11:11:03.0237 0x1264 Actual detected object count: 0
11:12:29.0755 0x1588 Deinitialize success
edit: bei den Additional Options gab es zusätzlich noch den Punkt Use KSN to scan objects, der aktiviert war. Dieser kam im Screenshot der Anleitung nicht vor und ich habe ihn aktiviert gelassen |
|
21.01.2015, 11:41
| #8 |
| /// the machine /// TB-Ausbilder | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Nein, sollte keinen Unterschied machen. Wäre aber trotzdem sinnvoller alles aus dem Adminkonto zu machen. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.01.2015, 14:07
| #9 |
| | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Hallo Schrauber, habe ins Administratorkonto Verwalter gewechselt und Combofix ausgeführt. Spybot wurde trotz des Beendens als aktiv gemeldet. Nach dem Scan war der Desktop leer und kein Startmenü mehr ereichbar. Nach Abmeldung und Anmeldung funktionierte der Desktop wieder. Code:
ATTFilter ComboFix 15-01-18.01 - Verwalter 21.01.2015 13:39:24.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3006.1581 [GMT 1:00]
ausgeführt von:: F:\Verwalter\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
E:\Windows8-UpgradeAssistant.exe
F:\install.exe
((((((((((((((((((((((( Dateien erstellt von 2014-12-21 bis 2015-01-21 ))))))))))))))))))))))))))))))
2015-01-21 12:54:03 . 2015-01-21 12:54:14 -------- d-----w- F:\Verwalter\AppData\Local\temp
2015-01-21 12:54:03 . 2015-01-21 12:54:14 -------- d-----w- F:\\Verwalter\AppData\Local\temp
2015-01-21 12:27:06 . 2015-01-21 12:47:16 -------- d-sh--w- F:\\$RECYCLE.BIN\S-1-5-21-2520397458-1347444898-344901188-1005
2015-01-19 15:36:22 . 2015-01-21 09:52:29 -------- d-----w- E:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-19 15:34:33 . 2015-01-20 00:26:00 82648 ----a-w- E:\Windows\system32\drivers\mbamchameleon.sys
2015-01-18 19:27:23 . 2015-01-18 19:30:16 -------- d-----w- E:\FRST
2015-01-18 15:01:12 . 2015-01-18 15:01:14 -------- d-----w- E:\Program Files\Common Files\Nokia
2015-01-17 15:29:10 . 2015-01-17 15:29:13 -------- d-----w- E:\Program Files\Everest Ultimate Edition-550-2100-portable
2015-01-17 15:19:17 . 2015-01-17 15:19:17 -------- d-----w- F:\Verwalter\AppData\Local\ElevatedDiagnostics
2015-01-17 15:19:17 . 2015-01-17 15:19:17 -------- d-----w- F:\\Verwalter\AppData\Local\ElevatedDiagnostics
2015-01-16 14:28:48 . 2015-01-16 16:25:44 -------- d-----w- F:\Benutzer1\AppData\Roaming\PWGen
2015-01-16 14:28:48 . 2015-01-16 16:25:44 -------- d-----w- F:\\Benutzer1\AppData\Roaming\PWGen
2015-01-16 14:28:39 . 2015-01-16 14:28:40 -------- d-----w- E:\Program Files\PWGen
2015-01-16 13:33:38 . 2015-01-16 13:33:38 -------- d-----w- F:\Benutzer1\AppData\Local\Distributed_Systems_Group
2015-01-16 13:33:38 . 2015-01-16 13:33:38 -------- d-----w- F:\\Benutzer1\AppData\Local\Distributed_Systems_Group
2015-01-16 13:31:50 . 2015-01-16 13:31:56 -------- d-----w- F:\Benutzer1\AppData\Local\CrypTool2
2015-01-16 13:31:50 . 2015-01-16 13:31:56 -------- d-----w- F:\\Benutzer1\AppData\Local\CrypTool2
2015-01-16 13:30:42 . 2015-01-16 13:31:07 -------- d-----w- F:\Benutzer1\AppData\Local\CrypTool 2
2015-01-16 13:30:42 . 2015-01-16 13:31:07 -------- d-----w- F:\\Benutzer1\AppData\Local\CrypTool 2
2015-01-15 16:47:50 . 2015-01-15 16:47:50 -------- d-----w- F:\Verwalter\AppData\Roaming\AMD
2015-01-15 16:47:50 . 2015-01-15 16:47:50 -------- d-----w- F:\\Verwalter\AppData\Roaming\AMD
2015-01-15 15:11:19 . 2015-01-15 15:09:57 6431728 ----a-w- F:\\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
2015-01-15 14:18:54 . 2015-01-15 14:19:09 -------- d-----w- E:\Program Files\Mozilla Thunderbird
2015-01-15 00:47:02 . 2015-01-15 00:47:02 -------- d-----w- E:\Program Files\Common Files\Java
2015-01-15 00:46:52 . 2015-01-15 00:46:18 96680 ----a-w- E:\Windows\system32\WindowsAccessBridge.dll
2015-01-15 00:46:04 . 2015-01-15 00:47:08 -------- d-----w- E:\ProgramData\Oracle
2015-01-14 11:57:06 . 2014-12-19 02:43:00 164864 ----a-w- E:\Windows\system32\profsvc.dll
2015-01-14 11:57:05 . 2014-12-11 17:47:27 74240 ----a-w- E:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:57:01 . 2014-12-12 05:11:44 3971512 ----a-w- E:\Windows\system32\ntkrnlpa.exe
2015-01-14 11:57:00 . 2014-12-12 05:11:43 3916728 ----a-w- E:\Windows\system32\ntoskrnl.exe
2015-01-14 11:56:55 . 2014-12-06 03:50:19 242688 ----a-w- E:\Windows\system32\nlasvc.dll
2015-01-14 11:56:54 . 2014-12-19 01:34:44 116224 ----a-w- E:\Windows\system32\drivers\mrxdav.sys
2015-01-11 18:25:56 . 2015-01-11 18:32:01 -------- d-----w- E:\Program Files\LibreOffice 4
2015-01-11 17:49:29 . 2015-01-11 17:49:35 -------- d-----w- E:\EVEREST Corporate Edition
2015-01-08 13:20:19 . 2015-01-08 13:20:19 -------- d-----w- F:\Verwalter\AppData\Roaming\AVAST Software
2015-01-08 13:20:19 . 2015-01-08 13:20:19 -------- d-----w- F:\\Verwalter\AppData\Roaming\AVAST Software
2015-01-02 14:14:03 . 2009-04-02 15:59:54 143360 ----a-w- E:\Windows\system\VmixP6.dll
2015-01-02 14:12:45 . 2009-08-19 15:00:56 303104 ----a-w- E:\Windows\system32\CmiInstallResAll.dll
2015-01-02 14:12:44 . 2006-10-06 04:47:48 319968 ----a-w- E:\Windows\difxapi.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2015-01-20 00:27:05 . 2013-11-17 11:51:51 119512 ----a-w- E:\Windows\system32\drivers\mbamswissarmy.sys
2015-01-14 18:44:26 . 2012-07-24 12:31:40 701616 ----a-w- E:\Windows\system32\FlashPlayerApp.exe
2015-01-14 18:44:26 . 2011-06-23 10:41:36 71344 ----a-w- E:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-07 19:22:42 . 2006-12-14 23:29:54 593920 ----a-w- E:\Windows\system32\AEADIExt.dll
2015-01-07 19:22:41 . 2006-12-14 23:24:50 119808 ----a-w- E:\Windows\system32\AEADIAPO.dll
2014-12-13 03:33:44 . 2014-12-18 10:09:10 115712 ----a-w- E:\Windows\system32\ieUnatt.exe
2014-12-04 04:38:59 . 2014-12-11 13:04:36 337920 ----a-w- E:\Windows\system32\generaltel.dll
2014-12-04 04:38:45 . 2014-12-11 13:04:37 610304 ----a-w- E:\Windows\system32\invagent.dll
2014-12-04 04:38:40 . 2014-12-11 13:04:36 315392 ----a-w- E:\Windows\system32\devinv.dll
2014-12-04 04:38:37 . 2014-12-11 13:04:38 728576 ----a-w- E:\Windows\system32\appraiser.dll
2014-12-04 04:38:36 . 2014-12-11 13:04:38 159744 ----a-w- E:\Windows\system32\aepic.dll
2014-12-04 04:38:36 . 2014-12-11 13:04:35 202752 ----a-w- E:\Windows\system32\aepdu.dll
2014-12-04 04:34:13 . 2014-12-11 13:04:38 873984 ----a-w- E:\Windows\system32\aeinv.dll
2014-12-01 23:28:26 . 2014-12-11 13:04:38 1160872 ----a-w- E:\Windows\system32\aitstatic.exe
2014-11-22 07:32:57 . 2014-11-11 07:50:19 787800 ----a-w- E:\Windows\system32\drivers\aswsnx.sys
2014-11-22 02:20:44 . 2014-12-11 13:04:16 2724864 ----a-w- E:\Windows\system32\mshtml.tlb
2014-11-22 02:20:30 . 2014-12-11 13:04:27 4096 ----a-w- E:\Windows\system32\ieetwcollectorres.dll
2014-11-22 02:07:43 . 2014-12-11 13:04:27 501248 ----a-w- E:\Windows\system32\vbscript.dll
2014-11-22 02:07:17 . 2014-12-11 13:04:14 62464 ----a-w- E:\Windows\system32\iesetup.dll
2014-11-22 02:06:32 . 2014-12-11 13:04:30 47616 ----a-w- E:\Windows\system32\ieetwproxystub.dll
2014-11-22 02:05:02 . 2014-12-11 13:04:23 64000 ----a-w- E:\Windows\system32\MshtmlDac.dll
2014-11-22 01:55:14 . 2014-12-11 13:04:30 102912 ----a-w- E:\Windows\system32\ieetwcollector.exe
2014-11-22 01:54:30 . 2014-12-11 13:04:28 620032 ----a-w- E:\Windows\system32\jscript9diag.dll
2014-11-22 01:48:26 . 2014-12-11 13:04:29 667648 ----a-w- E:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40:04 . 2014-12-11 13:04:30 60416 ----a-w- E:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 . 2014-12-11 13:04:20 4299264 ----a-w- E:\Windows\system32\jscript9.dll
2014-11-22 01:22:49 . 2014-12-11 13:04:14 2052096 ----a-w- E:\Windows\system32\inetcpl.cpl
2014-11-22 01:21:57 . 2014-12-11 13:04:23 1155072 ----a-w- E:\Windows\system32\mshtmlmedia.dll
2014-11-22 01:00:20 . 2014-12-11 13:04:27 1888256 ----a-w- E:\Windows\system32\wininet.dll
2014-11-21 17:24:02 . 2014-11-11 07:50:24 423784 ----a-w- E:\Windows\system32\drivers\aswsp.sys
2014-11-21 02:44:40 . 2014-11-21 02:44:40 71704 ----a-w- E:\Windows\system32\atimpc32.dll
2014-11-21 02:44:40 . 2014-11-21 02:44:40 71704 ----a-w- E:\Windows\system32\amdpcom32.dll
2014-11-21 02:44:26 . 2010-07-07 01:14:58 126848 ----a-w- E:\Windows\system32\atiuxpag.dll
2014-11-21 02:44:20 . 2011-01-26 22:12:24 100032 ----a-w- E:\Windows\system32\atiu9pag.dll
2014-11-21 02:44:14 . 2010-07-07 01:54:08 1127496 ----a-w- E:\Windows\system32\aticfx32.dll
2014-11-21 02:44:00 . 2010-07-07 01:46:26 9401480 ----a-w- E:\Windows\system32\atidxx32.dll
2014-11-21 02:43:52 . 2011-01-26 22:24:18 7558816 ----a-w- E:\Windows\system32\atiumdva.dll
2014-11-21 02:43:46 . 2011-01-26 22:28:52 7077776 ----a-w- E:\Windows\system32\atiumdag.dll
2014-11-21 02:41:34 . 2014-11-21 02:41:34 265416 ----a-w- E:\Windows\system32\drivers\amdacpksd.sys
2014-11-21 02:38:32 . 2014-11-21 02:38:32 16955392 ----a-w- E:\Windows\system32\drivers\atikmdag.sys
2014-11-21 02:33:10 . 2014-11-21 02:33:10 203776 ----a-w- E:\Windows\system32\clinfo.exe
2014-11-21 02:33:08 . 2014-11-21 02:33:08 995342 ----a-w- E:\Windows\system32\amdocl_as32.exe
2014-11-21 02:33:08 . 2014-11-21 02:33:08 798734 ----a-w- E:\Windows\system32\amdocl_ld32.exe
2014-11-21 02:33:06 . 2014-11-21 02:33:06 83456 ----a-w- E:\Windows\system32\OpenVideo.dll
2014-11-21 02:33:02 . 2014-11-21 02:33:02 73216 ----a-w- E:\Windows\system32\OVDecode.dll
2014-11-21 02:32:08 . 2014-11-21 02:32:08 40987136 ----a-w- E:\Windows\system32\amdocl.dll
2014-11-21 02:31:16 . 2014-11-21 02:31:16 58880 ----a-w- E:\Windows\system32\OpenCL.dll
2014-11-21 02:19:36 . 2014-11-21 02:19:36 23621632 ----a-w- E:\Windows\system32\atioglxx.dll
2014-11-21 02:19:22 . 2014-11-21 02:19:22 38912 ----a-w- E:\Windows\system32\amdmmcl.dll
2014-11-21 02:18:42 . 2014-11-21 02:18:42 113664 ----a-w- E:\Windows\system32\mantle32.dll
2014-11-21 02:17:04 . 2014-11-21 02:17:04 367104 ----a-w- E:\Windows\system32\atiapfxx.exe
2014-11-21 02:17:02 . 2014-11-21 02:17:02 52224 ----a-w- E:\Windows\system32\aticalrt.dll
2014-11-21 02:16:58 . 2014-11-21 02:16:58 49152 ----a-w- E:\Windows\system32\aticalcl.dll
2014-11-21 02:16:04 . 2014-11-21 02:16:04 14302208 ----a-w- E:\Windows\system32\aticaldd.dll
2014-11-21 02:15:42 . 2014-11-21 02:15:42 4590592 ----a-w- E:\Windows\system32\amdmantle32.dll
2014-11-21 02:13:10 . 2014-11-21 02:13:10 85504 ----a-w- E:\Windows\system32\mantleaxl32.dll
2014-11-21 02:12:50 . 2012-12-19 19:57:00 442368 ----a-w- E:\Windows\system32\atidemgy.dll
2014-11-21 02:12:48 . 2014-11-21 02:12:48 30720 ----a-w- E:\Windows\system32\atimuixx.dll
2014-11-21 02:12:44 . 2014-11-21 02:12:44 626688 ----a-w- E:\Windows\system32\atieclxx.exe
2014-11-21 02:12:38 . 2014-11-21 02:12:38 212992 ----a-w- E:\Windows\system32\atiesrxx.exe
2014-11-21 02:12:26 . 2014-11-21 02:12:26 164352 ----a-w- E:\Windows\system32\atitmmxx.dll
2014-11-21 02:10:00 . 2014-11-21 02:10:00 651264 ----a-w- E:\Windows\system32\coinst_14.50.dll
2014-11-21 02:09:02 . 2011-01-26 22:14:06 903168 ----a-w- E:\Windows\system32\atiadlxx.dll
2014-11-21 02:09:00 . 2014-11-21 02:09:00 69632 ----a-w- E:\Windows\system32\atiglpxx.dll
2014-11-21 02:08:56 . 2014-11-21 02:08:56 133632 ----a-w- E:\Windows\system32\atigktxx.dll
2014-11-21 02:08:54 . 2014-11-21 02:08:54 43520 ----a-w- E:\Windows\system32\drivers\ati2erec.dll
2014-11-21 02:08:48 . 2014-11-21 02:08:48 472576 ----a-w- E:\Windows\system32\drivers\atikmpag.sys
2014-11-20 20:35:00 . 2014-11-20 20:35:00 38912 ----a-w- E:\Windows\system32\kdbsdk32.dll
2014-11-18 13:15:29 . 2014-11-11 07:50:26 91496 ----a-w- E:\Windows\system32\drivers\aswStm.sys
2014-11-18 13:15:29 . 2014-11-11 07:50:25 206248 ----a-w- E:\Windows\system32\drivers\aswVmm.sys
2014-11-18 13:15:29 . 2014-11-11 07:50:24 49944 ----a-w- E:\Windows\system32\drivers\aswRvrt.sys
2014-11-18 13:15:29 . 2014-11-11 07:50:23 70384 ----a-w- E:\Windows\system32\drivers\aswmonflt.sys
2014-11-18 13:15:29 . 2014-11-11 07:50:22 81768 ----a-w- E:\Windows\system32\drivers\aswRdr2.sys
2014-11-18 13:15:29 . 2014-11-11 07:50:22 24184 ----a-w- E:\Windows\system32\drivers\aswHwid.sys
2014-11-18 13:15:28 . 2014-12-08 09:56:49 291352 ----a-w- E:\Windows\system32\aswBoot.exe
2014-11-18 13:15:28 . 2014-11-18 13:15:28 43152 ----a-w- E:\Windows\avastSS.scr
2014-11-11 06:56:46 . 2014-11-11 06:57:13 5040384 ----a-w- F:\\avastclear.exe
2014-11-11 06:50:56 . 2014-11-11 06:48:57 131078000 ------w- F:\\avast_free_antivirus_setup.exe
2014-11-11 02:44:45 . 2014-12-11 13:04:40 1230336 ----a-w- E:\Windows\system32\WindowsCodecs.dll
2014-11-11 02:44:32 . 2014-11-19 17:54:48 186880 ----a-w- E:\Windows\system32\pku2u.dll
2014-11-11 02:44:25 . 2014-11-19 17:54:48 550912 ----a-w- E:\Windows\system32\kerberos.dll
2014-11-11 01:32:14 . 2014-12-11 13:04:41 74752 ----a-w- E:\Windows\system32\drivers\tdx.sys
2014-11-08 02:45:09 . 2014-12-11 13:03:23 2048 ----a-w- E:\Windows\system32\tzres.dll
2014-11-04 13:30:58 . 2011-02-19 18:08:41 229000 ------w- E:\Windows\system32\MpSigStub.exe
2014-11-02 04:17:40 . 2014-11-27 12:42:24 8941456 ----a-w- E:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FBFFC6B1-0E53-4F9A-8860-6BE966BB580D}\mpengine.dll
2014-10-30 01:45:43 . 2014-12-11 13:03:19 155136 ----a-w- E:\Windows\system32\charmap.exe
2014-10-25 01:32:37 . 2014-11-12 02:40:28 67584 ----a-w- E:\Windows\system32\packager.dll
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EF2D6E36-5C05-4F40-B861-9E909B5BAE09}]
2010-07-16 09:13:54 201728 ----a-w- F:\Verwalter\AppData\Roaming\YahooToolbar\IE\YahooToolbar.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-18 13:15:22 723976 ----a-w- E:\Program Files\AVAST Software\Avast\ashShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2011-03-04 20:02:32 370888 ----a-w- E:\Program Files\LinkShellExtension\HardlinkShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2011-03-04 20:02:32 370888 ----a-w- E:\Program Files\LinkShellExtension\HardlinkShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2011-03-04 20:02:32 370888 ----a-w- E:\Program Files\LinkShellExtension\HardlinkShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="E:\Program Files\CCleaner\CCleaner.exe" [2014-12-12 17:21:24 5489944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 17:17:52 207424]
"ATICustomerCare"="E:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 15:05:02 311296]
"JMB36X IDE Setup"="E:\Windows\RaidTool\xInsIDE.exe" [2011-02-19 21:48:57 43608]
"snp2std"="E:\Windows\vsnp2std.exe" [2005-10-20 14:18:50 339968]
"PDFPrint"="E:\Program Files\PDF24\pdf24.exe" [2013-12-12 08:27:52 186408]
"SDTray"="E:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 10:19:26 5624784]
"AvastUI.exe"="E:\Program Files\AVAST Software\Avast\AvastUI.exe" [2015-01-10 18:41:29 5227112]
"StartCCC"="E:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-11-20 20:41:02 748232]
"SunJavaUpdateSched"="E:\Program Files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 14:39:42 507776]
E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP5000 Statusfenster.lnk - E:\Windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE [2011-3-10 50848]
Mozilla Firefox.lnk - E:\Program Files\Mozilla Firefox\firefox.exe [2015-1-15 338032]
Mozilla Thunderbird.lnk - E:\Program Files\Mozilla Thunderbird\thunderbird.exe [2015-1-15 389744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 07:48:18 1022152 ----a-w- E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2013-12-12 08:27:52 186408 ----a-w- E:\Program Files\PDF24\pdf24.exe
R2 aswStm;aswStm;E:\Windows\system32\drivers\aswStm.sys [2014-11-18 13:15:29 91496]
R2 SkypeUpdate;Skype Updater;E:\Program Files\Skype\Updater\Updater.exe [2014-12-11 09:30:48 315496]
R3 BS_DEF;BS_DEF;E:\Windows\system32\drivers\BS_DEF.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;E:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2013-01-30 10:26:08 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;E:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2013-01-30 10:26:08 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;E:\Windows\system32\DRIVERS\ewusbnet.sys [2013-01-30 10:26:08 378880]
R3 huawei_cdcacm;huawei_cdcacm;E:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2013-01-30 10:26:10 96000]
R3 huawei_cdcecm;huawei_cdcecm;E:\Windows\system32\DRIVERS\ew_jucdcecm.sys [2013-01-30 10:26:10 69760]
R3 huawei_ext_ctrl;huawei_ext_ctrl;E:\Windows\system32\DRIVERS\ew_juextctrl.sys [2013-01-30 10:26:10 27520]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;E:\Windows\system32\IEEtwCollector.exe [2014-11-22 01:55:14 102912]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;E:\Windows\system32\drivers\nmwcdnsu.sys [2013-01-23 08:31:52 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;E:\Windows\system32\drivers\nmwcdnsuc.sys [2013-01-23 08:31:52 8576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;E:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:44:32 14848]
R3 TsUsbFlt;TsUsbFlt;E:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 00:42:31 49152]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;E:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-19 18:29:37 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;E:\Windows\system32\drivers\aswSnx.sys [2014-11-22 07:32:57 787800]
S1 aswSP;aswSP;E:\Windows\system32\drivers\aswSP.sys [2014-11-21 17:24:02 423784]
S1 nm3;Microsoft Network Monitor 3 Driver;E:\Windows\system32\DRIVERS\nm3.sys [2010-06-09 16:05:38 39736]
S2 AMD External Events Utility;AMD External Events Utility;E:\Windows\system32\atiesrxx.exe [2014-11-21 02:12:38 212992]
S2 aswHwid;avast! HardwareID;E:\Windows\system32\drivers\aswHwid.sys [2014-11-18 13:15:29 24184]
S2 aswMonFlt;aswMonFlt;E:\Windows\system32\drivers\aswMonFlt.sys [2014-11-18 13:15:29 70384]
S2 c2cautoupdatesvc;Skype Click to Call Updater;E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 17:21:46 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 17:21:06 1767520]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;E:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 11:27:38 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;E:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 09:57:26 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;E:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 09:38:30 171416]
S2 TeamViewer9;TeamViewer 9;E:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 18:14:55 4799760]
S2 uCamMonitor;CamMonitor;E:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 09:59:10 104960]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;E:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 13:06:40 17920]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;E:\Windows\system32\drivers\AtihdW73.sys [2014-06-21 17:00:20 77824]
S3 huawei_enumerator;huawei_enumerator;E:\Windows\system32\DRIVERS\ew_jubusenum.sys [2013-01-30 10:26:10 76544]
S3 RTL8167;Realtek 8167 NT Driver;E:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 05:34:52 394856]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - 26745878
*Deregistered* - 26745878
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-15 13:33:15 1087816 ----a-w- E:\Program Files\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
Inhalt des "geplante Tasks" Ordners
2015-01-21 E:\Windows\Tasks\Adobe Flash Player Updater.job
- E:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 12:31:40 . 2015-01-14 18:44:29]
2015-01-21 E:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- E:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-11 07:50:55 . 2014-11-11 07:50:49]
2015-01-21 E:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- E:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-11 07:50:55 . 2014-11-11 07:50:49]
------- Zusätzlicher Suchlauf -------
uStart Page = hxxp://www.google.de/
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - F:\Verwalter\AppData\Roaming\Mozilla\Firefox\Profiles\bn82vtle.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
- - - - Entfernte verwaiste Registrierungseinträge - - - -
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-StartCCC - E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
edit: Bezüglich dem Hinweis Neustart: Welcher Neustart? Es wurde keiner verlangt. Geändert von Sparko (21.01.2015 um 14:46 Uhr) |
|
21.01.2015, 15:15
| #10 |
| /// the machine /// TB-Ausbilder | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.01.2015, 13:28
| #11 |
| | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Hallo Schrauber, Malwarebytes scannt nun seit 20 h und 55 min., ist jetzt bei Dateisystem-Objekte: Arb... und hat knapp 400.000 Objekte durchsucht. Laut Dateimanager sind auf meiner Festplatte 262.457 Elemente. Die CPU-Auslastung liegt lediglich bei ca. 50%, wobei eine der beiden CPUs zu ca. 90-100% ausgelastet ist. Es laufen keine anderen Prozesse, außer nun um Dir zu schreiben firefox.exe, dwm.exe und taskmgr.exe mit jeweils 1 - 3 % Ist das normal? Ist es nicht gefährlich so lange alle Antivirus- und Malwareprogramme ausgeschaltet zu lassen, wie es Malwarebytes verlangt und das Internet aktiv zu haben? |
|
22.01.2015, 17:43
| #12 |
| /// the machine /// TB-Ausbilder | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Solange Du nicht wild rum surfst macht das erst mal gar nichts .Aber das ist schon lange, da hat MBAM ein Problem. Bitte beenden, Rechner neu starten, MBAM nochmal versuchen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.01.2015, 13:13
| #13 |
| | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Hallo Schrauber, habe den Rechner neu gestartet, aber in mein normales Benutzerkonto Benutzer1 gewechselt und diesem Administratorrechte zugewiesen. Nach erneutem Neustart habe ich MBAM mit den Standardeinstellungen, d.h. ohne Rootkitsuche, gestartet. MBAM scannt nun seit 2 Tagen und 17 Stunden ohne Funde und durchsucht derzeit die Dateisystem-Objekte, wobei 1139971 Objekte als durchsucht gemeldet werden. Aufgefallen ist mir, dass die Suchlauffortschrittsanzeige vorgestern bei ca. 75% stand und nun lediglich ein blauer Balken kontinuierlich durchläuft. Da stimmt doch was nicht, oder? |
|
25.01.2015, 15:58
| #14 |
| /// the machine /// TB-Ausbilder | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Nee, lass MBAM weg und mach bitte den Rest.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.01.2015, 17:20
| #15 |
| | Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab Hallo Schrauber, Zusatzinfo: weiß nicht ob bereits bekannt oder wichtig. Meine FP ist in 4 Partitionen unterteilt: C: (Windows XP-Installation), D: (Vista-Installation), E: (Win7-Installation und aktuell benutzte Installation) und F: (worauf die Daten gespeichert werden, da ich die Bibliotheken und die Benutzerkonten/-Daten hierauf umgeleitet/konfiguriert habe. Habe MBAM beendet, ohne Funde. Machstehend die restlichen Logs: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 25/01/2015 um 16:41:11
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-25.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Benutzer1 - HAL9000
# Gestartet von : F:\Benutzer1\Desktop\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : F:\Verwalter\AppData\Local\CrashRpt
Datei Gelöscht : F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\foxydeal.sqlite
Datei Gelöscht : F:\Verwalter\AppData\Roaming\Mozilla\Firefox\Profiles\bn82vtle.default\foxydeal.sqlite
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\smarttweak
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Solvusoft
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0 (x86 de)
-\\ Google Chrome v40.0.2214.91
*************************
AdwCleaner[R0].txt - [13375 octets] - [22/11/2014 19:30:44]
AdwCleaner[R1].txt - [1572 octets] - [25/01/2015 16:10:59]
AdwCleaner[R2].txt - [1632 octets] - [25/01/2015 16:21:56]
AdwCleaner[S0].txt - [13789 octets] - [22/11/2014 20:52:29]
AdwCleaner[S1].txt - [1553 octets] - [25/01/2015 16:41:11]
########## EOF - F:\AdwCleaner\AdwCleaner[S1].txt - [1613 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by Benutzer1 on 25.01.2015 at 16:49:00,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2520397458-1347444898-344901188-1004\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] F:\Benutzer1\AppData\Roaming\mozilla\firefox\profiles\hxflf7xy.default\conduitcommon
Emptied folder: F:\Benutzer1\AppData\Roaming\mozilla\firefox\profiles\hxflf7xy.default\minidumps [192 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.01.2015 at 16:53:10,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Benutzer1 (administrator) on HAL9000 on 25-01-2015 17:04:22
Running from F:\Benutzer1\Desktop
Loaded Profiles: Benutzer1 (Available profiles: Benutzer1 & Verwalter & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) E:\Windows\System32\atiesrxx.exe
(AMD) E:\Windows\System32\atieclxx.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ArcSoft Inc.) E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Geek Software GmbH) E:\Program Files\PDF24\pdf24.exe
(CANON INC.) E:\Windows\System32\CNAC4RPK.EXE
(AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) E:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) E:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(TeamViewer GmbH) E:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(ArcSoft, Inc.) E:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(Microsoft Corp.) E:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) E:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) E:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) E:\Windows\System32\wbem\unsecapp.exe
(Safer-Networking Ltd.) E:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) E:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(ATI Technologies Inc.) E:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) E:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) E:\Program Files\TeamViewer\Version9\tv_w32.exe
(Microsoft Corporation) E:\Windows\System32\dllhost.exe
(Oracle Corporation) E:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ArcSoft Connection Service] => E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [ATICustomerCare] => E:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [JMB36X IDE Setup] => E:\Windows\RaidTool\xInsIDE.exe [43608 2011-02-19] ()
HKLM\...\Run: [snp2std] => E:\Windows\vsnp2std.exe [339968 2005-10-20] (Sonix)
HKLM\...\Run: [PDFPrint] => E:\Program Files\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM\...\Run: [SDTray] => E:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM\...\Run: [StartCCC] => E:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => E:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2520397458-1347444898-344901188-1004\...\Run: [CCleaner Monitoring] => E:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2520397458-1347444898-344901188-1004\...\MountPoints2: {4a27eaa7-5b3d-11e4-bab8-001a92821421} - I:\SetupWi-Fi.exe
HKU\S-1-5-21-2520397458-1347444898-344901188-1004\...\MountPoints2: {d94ce83b-5ad4-11e4-b3f5-001a92821421} - I:\SetupWi-Fi.exe
HKU\S-1-5-21-2520397458-1347444898-344901188-1004\...\MountPoints2: {eac4ab6b-a63d-11e3-b1c7-001a92821421} - I:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2520397458-1347444898-344901188-1004\...\MountPoints2: {eac4ac1d-a63d-11e3-b1c7-001a92821421} - I:\setup_vmb_lite.exe /checkApplicationPresence
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => E:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2520397458-1347444898-344901188-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/it-it/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yahoo! Toolbar -> {EF2D6E36-5C05-4F40-B861-9E909B5BAE09} -> F:\Verwalter\AppData\Roaming\YahooToolbar\IE\YahooToolbar.dll (Yahoo! Inc.)
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default
FF DefaultSearchEngine: Google it
FF SelectedSearchEngine: Google BRD
FF Homepage: https://meta.rrzn.uni-hannover.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> E:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> E:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> E:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> E:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\-booklooker.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\-normattiva-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\-pons-wrterbuch-multilingual.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\abebooksde.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\aiuto---wikipedia.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\booklookerde.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\coniuga.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\dictcc.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ebay-annunci.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ebayclassicoit.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ebayde.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ebayit---annunci.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ebayit.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\garzanti-dizionario.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\garzanti-linguistica.undefined.undefined
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\garzanti-linguistica.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\geizhals-at.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\geizkragen.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\google-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\google-bersetzer.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\google-deutsch.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\google-usa.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\hilfebersicht--wikipedia.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\iate---suchergebnis.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ip-whois-lookup-domain-name-search-visual-trace-route---da-w.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\it-lexikon.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\itflexidict.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ixquick-web-suchen.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\kontext-wrterbuch-multilingual.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\leo-ita-de.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\lexbrowser.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\maremagnum---cerca-tra-6000000-di-libri-antichi-e-moderni.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\metacrawlerweb-search-home-page.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\metager-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\metager-sicher-suchen--finden-privatsphre-schtzen-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\metager-sicher-suchen--finden-privatsphre-schtzen.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\metager.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\metager2de.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\oecd-ilibrary.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\online-lexikon---wrterbuch---bersetzungen-und-synonyme.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\preissuchmaschinede---ihr-preisvergleich---deutschland.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\preissuchmaschinede.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\ptc-investigations.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\query-the-ripe-database.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\selfhtml.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\treccani-vocabolario-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\trova-prezzi.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wikimedia-commons.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wikipedia-en-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wikipedia-italiano.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wikizionario-.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wikizionario.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wiktionary-de.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wortschatz.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\wrterbuch-canoonet.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\xvideoscom.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\yahoo-babel-fish.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\youtubede.xml
FF SearchPlugin: F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\searchplugins\zvab.xml
FF Extension: FoxyDeal - F:\Benutzer1\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-03-27]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\artur.dubovoy@gmail.com [2015-01-08]
FF Extension: German Dictionary - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-11]
FF Extension: British English Dictionary - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2011-03-05]
FF Extension: United States English Spellchecker - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-24]
FF Extension: Italian dictionary - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\it-IT@dictionaries.addons.mozilla.org [2014-08-05]
FF Extension: Organize Search Engines - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\organize-search-engines@maltekraus.de [2011-03-16]
FF Extension: Firefox OS Simulator - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\r2d2b2g@mozilla.org [2014-07-03]
FF Extension: IE Tab 2 (FF 3.6+) - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-16]
FF Extension: Add to Search Bar - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2013-11-09]
FF Extension: Ghostery - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\firefox@ghostery.com.xpi [2013-08-17]
FF Extension: Google search link fix - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2012-02-09]
FF Extension: Flagfox - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-09]
FF Extension: ScrapBook - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-07-16]
FF Extension: Context Search - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi [2013-10-04]
FF Extension: Cookie Controller - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2012-02-17]
FF Extension: Update Scanner - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi [2012-02-08]
FF Extension: Adblock Plus - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-28]
FF Extension: BetterPrivacy - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-02-17]
FF Extension: Tab Mix Plus - F:\Benutzer1\AppData\Roaming\Mozilla\Firefox\Profiles\hxflf7xy.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-02-10]
FF Extension: No Name - E:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-11]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-11]
CHR Extension: (Google Docs) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-11]
CHR Extension: (Google Drive) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-24]
CHR Extension: (YouTube) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-11]
CHR Extension: (Google-Suche) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-11]
CHR Extension: (Google Tabellen) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-11]
CHR Extension: (Avast Online Security) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-11]
CHR Extension: (Google Wallet) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-11]
CHR Extension: (Google Mail) - F:\Benutzer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-18]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software)
R2 c2cautoupdatesvc; E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 MBAMScheduler; E:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; E:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SDScannerService; E:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; E:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; E:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 uCamMonitor; E:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 WinDefend; E:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; E:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 ArcSoftKsUFilter; E:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.)
R2 aswHwid; E:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-18] ()
R2 aswMonFlt; E:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-18] (AVAST Software)
R1 aswRdr; E:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-18] (AVAST Software)
R0 aswRvrt; E:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-18] ()
R1 aswSnx; E:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; E:\Windows\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
R2 aswStm; E:\Windows\system32\drivers\aswStm.sys [91496 2014-11-18] (AVAST Software)
R0 aswVmm; E:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-18] ()
S3 huawei_cdcacm; E:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2013-01-30] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; E:\Windows\System32\DRIVERS\ew_jucdcecm.sys [69760 2013-01-30] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; E:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-01-30] (Huawei Technologies Co., Ltd.)
R0 JRAID; E:\Windows\System32\DRIVERS\jraid.sys [103000 2011-02-19] (JMicron Technology Corp.)
S3 MBAMProtector; E:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; E:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; E:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R1 nm3; E:\Windows\System32\DRIVERS\nm3.sys [39736 2010-06-09] (Microsoft Corporation)
S3 SNP2STD; E:\Windows\System32\DRIVERS\snp2sxp.sys [10446720 2006-02-20] ()
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
U5 AppMgmt; E:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 BS_DEF; \??\E:\Windows\system32\drivers\BS_DEF.sys [X]
S3 catchme; \??\F:\VERWAL~1\AppData\Local\Temp\catchme.sys [X]
S3 cmuda3; system32\drivers\cmudax3.sys [X]
S3 S3GIGP; system32\DRIVERS\VTGKModeDX32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 17:03 - 2015-01-25 17:03 - 01120768 _____ (Farbar) F:\Benutzer1\Desktop\FRST.exe
2015-01-25 16:53 - 2015-01-25 16:53 - 00001604 _____ () F:\Benutzer1\Desktop\JRT.txt
2015-01-25 16:48 - 2015-01-25 16:48 - 00000000 ____D () E:\Windows\ERUNT
2015-01-25 16:47 - 2015-01-25 16:48 - 01707939 _____ (Thisisu) F:\Benutzer1\Desktop\JRT.exe
2015-01-25 16:41 - 2015-01-25 16:41 - 00001693 _____ () F:\AdwCleaner\AdwCleaner[S1].txt
2015-01-25 16:21 - 2015-01-25 16:30 - 00001632 _____ () F:\AdwCleaner\AdwCleaner[R2].txt
2015-01-25 16:10 - 2015-01-25 16:19 - 00001572 _____ () F:\AdwCleaner\AdwCleaner[R1].txt
2015-01-25 16:06 - 2015-01-25 16:07 - 02194432 _____ () F:\Benutzer1\Desktop\AdwCleaner_4.109.exe
2015-01-21 16:09 - 2015-01-21 16:09 - 00000914 _____ () F:\Öffentlich\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-21 16:09 - 2015-01-21 16:09 - 00000000 ____D () E:\Program Files\ Malwarebytes Anti-Malware
2015-01-21 16:09 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) E:\Windows\system32\Drivers\mwac.sys
2015-01-21 16:09 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) E:\Windows\system32\Drivers\mbam.sys
2015-01-21 16:05 - 2015-01-21 16:05 - 20447072 _____ (Malwarebytes Corporation ) F:\Verwalter\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-21 13:54 - 2015-01-22 18:39 - 00000000 ____D () F:\Verwalter\AppData\Local\temp
2015-01-21 13:54 - 2015-01-21 13:54 - 00000000 ____D () F:\TEMP\AppData\Local\temp
2015-01-21 13:54 - 2015-01-21 13:54 - 00000000 ____D () F:\Administrator\AppData\Local\temp
2015-01-21 13:35 - 2015-01-21 13:57 - 00000000 ____D () E:\ComboFix
2015-01-21 13:35 - 2011-06-26 07:45 - 00256000 _____ () E:\Windows\PEV.exe
2015-01-21 13:35 - 2010-11-07 18:20 - 00208896 _____ () E:\Windows\MBR.exe
2015-01-21 13:35 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) E:\Windows\NIRCMD.exe
2015-01-21 13:35 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) E:\Windows\SWREG.exe
2015-01-21 13:35 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) E:\Windows\SWSC.exe
2015-01-21 13:35 - 2000-08-31 01:00 - 00098816 _____ () E:\Windows\sed.exe
2015-01-21 13:35 - 2000-08-31 01:00 - 00080412 _____ () E:\Windows\grep.exe
2015-01-21 13:35 - 2000-08-31 01:00 - 00068096 _____ () E:\Windows\zip.exe
2015-01-21 13:32 - 2015-01-21 13:56 - 00000000 ____D () E:\Qoobox
2015-01-21 13:32 - 2015-01-21 13:55 - 00000000 ____D () E:\Windows\erdnt
2015-01-21 13:28 - 2015-01-21 13:31 - 05608785 ____R (Swearware) F:\Verwalter\Desktop\ComboFix.exe
2015-01-21 13:27 - 2015-01-21 13:59 - 00524288 ___SH () F:\Verwalter\NTUSER.DAT{2122f04d-a154-11e4-995c-001a92821421}.TMContainer00000000000000000002.regtrans-ms
2015-01-21 13:27 - 2015-01-21 13:59 - 00524288 ___SH () F:\Verwalter\NTUSER.DAT{2122f04d-a154-11e4-995c-001a92821421}.TMContainer00000000000000000001.regtrans-ms
2015-01-21 13:27 - 2015-01-21 13:59 - 00065536 ___SH () F:\Verwalter\NTUSER.DAT{2122f04d-a154-11e4-995c-001a92821421}.TM.blf
2015-01-21 13:27 - 2015-01-21 13:59 - 00000000 __SHD () F:\$RECYCLE.BIN\S-1-5-21-2520397458-1347444898-344901188-1005
2015-01-21 11:06 - 2015-01-21 11:09 - 00000188 _____ () F:\Benutzer1\Desktop\TDSskiller.txt
2015-01-21 10:51 - 2015-01-21 10:51 - 04188824 _____ (Kaspersky Lab ZAO) F:\Benutzer1\Desktop\tdsskiller.exe
2015-01-20 13:44 - 2015-01-20 13:44 - 00009264 _____ () F:\Benutzer1\Downloads\BPCLICK_ListaMovimenti.pdf
2015-01-20 01:20 - 2015-01-20 01:21 - 16466552 _____ (Malwarebytes Corp.) F:\Verwalter\Downloads\mbar-1.08.3.1004(1).exe
2015-01-20 00:48 - 2015-01-20 00:48 - 16466552 _____ (Malwarebytes Corp.) F:\Verwalter\Downloads\mbar-1.08.3.1004.exe
2015-01-19 17:13 - 2015-01-19 17:14 - 00000556 _____ () F:\Benutzer1\Desktop\Anleitung Malwarebytes Anti-Rootkit.txt
2015-01-19 16:34 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) E:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-18 22:46 - 2015-01-18 22:47 - 00010427 _____ () F:\Benutzer1\Desktop\Gmer.txt
2015-01-18 22:44 - 2015-01-18 22:44 - 00010427 _____ () F:\Verwalter\Desktop\Gmer.log
2015-01-18 21:14 - 2015-01-18 20:13 - 00000419 _____ () F:\Benutzer1\TeamSpybot-20150118-211341.cab.log
2015-01-18 21:14 - 2015-01-18 20:13 - 00000419 _____ () F:\Benutzer1\TeamSpybot-20150118-211341.cab.log
2015-01-18 21:13 - 2015-01-18 21:13 - 00232109 _____ () F:\Benutzer1\Desktop\TeamSpybot-20150118-211341.cab
2015-01-18 20:57 - 2015-01-18 22:22 - 00010427 _____ () F:\Verwalter\Desktop\Gmer.txt
2015-01-18 20:29 - 2015-01-18 20:30 - 00027338 _____ () F:\Benutzer1\Desktop\Addition.txt
2015-01-18 20:27 - 2015-01-25 17:04 - 00008258 _____ () F:\Benutzer1\Desktop\FRST.txt
2015-01-18 20:27 - 2015-01-25 17:04 - 00000000 ____D () E:\FRST
2015-01-18 20:05 - 2015-01-18 22:02 - 00000978 _____ () F:\Benutzer1\Desktop\Trojaner Board.txt
2015-01-18 19:38 - 2015-01-18 19:38 - 00000480 _____ () F:\Benutzer1\Desktop\defogger_disable.log
2015-01-18 19:38 - 2015-01-18 19:38 - 00000000 _____ () F:\Verwalter\defogger_reenable
2015-01-18 18:58 - 2015-01-18 18:58 - 00102330 _____ () F:\Benutzer1\Desktop\CVInstructions.pdf
2015-01-18 16:21 - 2015-01-18 16:21 - 00420726 _____ () F:\Benutzer1\Documents\Nokia_2730_classic_UG_de.pdf
2015-01-18 16:01 - 2015-01-18 16:01 - 00001905 _____ () F:\Öffentlich\Desktop\Nokia Suite.lnk
2015-01-18 16:01 - 2015-01-18 16:01 - 00000000 ____D () E:\Program Files\Common Files\Nokia
2015-01-18 13:28 - 2015-01-18 13:29 - 00000009 _____ () F:\Benutzer1\Desktop\BarbaraThurin.txt
2015-01-17 16:29 - 2015-01-17 16:29 - 00000000 ____D () E:\Program Files\Everest Ultimate Edition-550-2100-portable
2015-01-17 16:23 - 2015-01-17 16:23 - 00121713 _____ () F:\Benutzer1\Documents\Unbenannt.wma
2015-01-17 16:19 - 2015-01-17 16:19 - 00000000 ____D () F:\Verwalter\AppData\Local\ElevatedDiagnostics
2015-01-17 16:15 - 2015-01-17 16:15 - 00074896 _____ () F:\Benutzer1\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-16 15:28 - 2015-01-16 17:25 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\PWGen
2015-01-16 15:28 - 2015-01-16 15:28 - 00000813 _____ () F:\Öffentlich\Desktop\PWGen.lnk
2015-01-16 14:33 - 2015-01-16 14:33 - 00000000 ____D () F:\Benutzer1\Documents\CrypTool 2 Projects
2015-01-16 14:33 - 2015-01-16 14:33 - 00000000 ____D () F:\Benutzer1\AppData\Local\Distributed_Systems_Group
2015-01-16 14:31 - 2015-01-16 14:31 - 00000000 ____D () F:\Benutzer1\AppData\Local\CrypTool2
2015-01-16 14:30 - 2015-01-16 14:31 - 00000000 ____D () F:\Benutzer1\AppData\Local\CrypTool 2
2015-01-16 14:30 - 2015-01-16 14:30 - 00001054 _____ () F:\Benutzer1\Desktop\CrypTool 2.0 (Stable Build 6222.1).lnk
2015-01-16 14:30 - 2015-01-16 14:30 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrypTool 2
2015-01-15 17:47 - 2015-01-15 17:47 - 00000000 ____D () F:\Verwalter\AppData\Roaming\AMD
2015-01-15 16:13 - 2015-01-15 16:13 - 00074896 _____ () F:\Verwalter\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-15 15:18 - 2015-01-15 15:19 - 00000000 ____D () E:\Program Files\Mozilla Thunderbird
2015-01-15 01:57 - 2015-01-15 01:57 - 00000000 ____D () E:\Program Files\Mozilla Firefox
2015-01-15 01:47 - 2015-01-15 01:47 - 00000000 ____D () E:\Program Files\Common Files\Java
2015-01-15 01:46 - 2015-01-15 01:46 - 00096680 _____ (Oracle Corporation) E:\Windows\system32\WindowsAccessBridge.dll
2015-01-14 21:48 - 2015-01-14 21:50 - 00524288 ___SH () F:\Verwalter\NTUSER.DAT{237f2e0a-9be3-11e4-9560-001a92821421}.TMContainer00000000000000000002.regtrans-ms
2015-01-14 21:48 - 2015-01-14 21:50 - 00524288 ___SH () F:\Verwalter\NTUSER.DAT{237f2e0a-9be3-11e4-9560-001a92821421}.TMContainer00000000000000000001.regtrans-ms
2015-01-14 21:48 - 2015-01-14 21:50 - 00065536 ___SH () F:\Verwalter\NTUSER.DAT{237f2e0a-9be3-11e4-9560-001a92821421}.TM.blf
2015-01-14 12:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) E:\Windows\system32\profsvc.dll
2015-01-14 12:57 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) E:\Windows\system32\ntkrnlpa.exe
2015-01-14 12:57 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) E:\Windows\system32\ntoskrnl.exe
2015-01-14 12:57 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) E:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:56 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) E:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:56 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) E:\Windows\system32\nlasvc.dll
2015-01-11 19:32 - 2015-01-11 19:32 - 00001312 _____ () F:\Öffentlich\Desktop\LibreOffice 4.3.lnk
2015-01-11 19:25 - 2015-01-11 19:32 - 00000000 ____D () E:\Program Files\LibreOffice 4
2015-01-11 18:50 - 2015-01-11 18:50 - 00001013 _____ () F:\Benutzer1\Desktop\everest - Verknüpfung.lnk
2015-01-11 18:49 - 2015-01-11 18:49 - 00000000 ____D () E:\EVEREST Corporate Edition
2015-01-11 18:06 - 2015-01-25 16:42 - 00007713 _____ () E:\Windows\setupact.log
2015-01-11 18:06 - 2015-01-11 18:06 - 00000000 _____ () E:\Windows\setuperr.log
2015-01-11 18:05 - 2015-01-25 16:42 - 00001680 _____ () E:\Windows\PFRO.log
2015-01-11 18:05 - 2015-01-12 09:15 - 00331800 _____ () E:\Windows\system32\FNTCACHE.DAT
2015-01-08 14:20 - 2015-01-08 14:20 - 00000000 ____D () F:\Verwalter\AppData\Roaming\AVAST Software
2015-01-02 15:14 - 2015-01-02 15:14 - 00000136 _____ () E:\Windows\system\Dlap.pfx
2015-01-02 15:14 - 2009-04-02 16:59 - 00143360 _____ () E:\Windows\system\VmixP6.dll
2015-01-02 15:12 - 2009-08-19 16:00 - 00303104 _____ () E:\Windows\system32\CmiInstallResAll.dll
2015-01-02 15:12 - 2006-10-06 05:47 - 00319968 _____ (Microsoft Corporation) E:\Windows\difxapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 17:04 - 2011-03-01 17:41 - 07602176 ___SH () F:\Benutzer1\NTUSER.DAT
2015-01-25 17:04 - 2011-03-01 17:41 - 07602176 ___SH () F:\Benutzer1\NTUSER.DAT
2015-01-25 17:04 - 2011-03-01 17:41 - 00262144 ___SH () F:\Benutzer1\ntuser.dat.LOG1
2015-01-25 17:04 - 2011-03-01 17:41 - 00262144 ___SH () F:\Benutzer1\ntuser.dat.LOG1
2015-01-25 17:04 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Desktop
2015-01-25 17:04 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Desktop
2015-01-25 17:04 - 2011-03-01 17:41 - 00000000 ____D () F:\Benutzer1\AppData\Local\Temp
2015-01-25 17:03 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Downloads
2015-01-25 17:03 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Downloads
2015-01-25 17:02 - 2012-09-02 12:00 - 00000884 _____ () E:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 16:51 - 2009-07-14 05:34 - 00023056 ____H () E:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 16:51 - 2009-07-14 05:34 - 00023056 ____H () E:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 16:46 - 2013-11-17 12:51 - 00114904 _____ (Malwarebytes Corporation) E:\Windows\system32\Drivers\mbamswissarmy.sys
2015-01-25 16:46 - 2011-03-01 17:41 - 00000000 ____D () F:\Benutzer1\AppData\Local
2015-01-25 16:43 - 2014-11-11 08:50 - 00001094 _____ () E:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 16:42 - 2009-07-14 05:53 - 00000006 ____H () E:\Windows\Tasks\SA.DAT
2015-01-25 16:41 - 2014-11-11 11:29 - 03992573 ____H () F:\Benutzer1\AppData\Local\IconCache.db
2015-01-25 16:41 - 2011-03-05 15:36 - 00000000 ____D () F:\Verwalter\AppData\Local
2015-01-25 16:41 - 2011-02-19 16:56 - 01950528 _____ () E:\Windows\WindowsUpdate.log
2015-01-25 16:32 - 2014-11-11 08:51 - 00001098 _____ () E:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 16:10 - 2011-03-03 11:43 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\Macromedia
2015-01-23 16:02 - 2012-07-24 13:31 - 00701616 _____ (Adobe Systems Incorporated) E:\Windows\system32\FlashPlayerApp.exe
2015-01-23 16:02 - 2011-06-23 11:41 - 00071344 _____ (Adobe Systems Incorporated) E:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 12:37 - 2014-11-11 08:52 - 00001971 _____ () F:\Öffentlich\Desktop\Google Chrome.lnk
2015-01-22 18:39 - 2011-03-05 15:36 - 06029312 ___SH () F:\Verwalter\NTUSER.DAT
2015-01-22 18:39 - 2011-03-05 15:36 - 00262144 ___SH () F:\Verwalter\ntuser.dat.LOG1
2015-01-22 18:30 - 2011-02-27 15:55 - 00000000 __SHD () F:\$RECYCLE.BIN\S-1-5-21-2520397458-1347444898-344901188-1004
2015-01-22 18:27 - 2011-03-05 15:38 - 02428535 ____H () F:\Verwalter\AppData\Local\IconCache.db
2015-01-21 16:09 - 2011-03-03 13:42 - 00000000 __RHD () F:\Öffentlich\Desktop
2015-01-21 16:07 - 2011-03-05 15:36 - 00000000 ___RD () F:\Verwalter\Desktop
2015-01-21 16:06 - 2011-03-05 15:36 - 00000000 ___RD () F:\Verwalter\Downloads
2015-01-21 13:54 - 2011-03-03 13:26 - 00000000 ____D () F:\Administrator\AppData\Local
2015-01-21 13:54 - 2011-03-03 13:13 - 00000000 ____D () F:\TEMP\AppData\Local
2015-01-21 13:54 - 2009-07-14 03:04 - 00000215 _____ () E:\Windows\system.ini
2015-01-21 13:39 - 2011-03-05 15:36 - 00000000 ____D () F:\Verwalter\AppData\Roaming
2015-01-21 13:36 - 2011-03-03 13:26 - 00262144 ___SH () F:\Administrator\ntuser.dat.LOG1
2015-01-21 13:36 - 2011-03-03 13:13 - 00262144 ___SH () F:\TEMP\ntuser.dat.LOG1
2015-01-21 13:29 - 2011-05-05 13:22 - 00000000 ____D () F:\Verwalter\AppData\Local\Thunderbird
2015-01-20 13:46 - 2011-03-01 14:56 - 00000000 ____D () F:\Benutzer1\Documents\Bank
2015-01-20 01:16 - 2013-11-16 12:59 - 00650752 ___SH () F:\Benutzer1\Documents\Thumbs.db
2015-01-20 01:14 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Documents
2015-01-20 01:14 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Documents
2015-01-20 01:09 - 2011-03-05 14:15 - 00199680 _____ () F:\Benutzer1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-18 18:59 - 2011-03-01 13:31 - 00000000 ____D () F:\Benutzer1\Documents\Lebenslauf
2015-01-18 16:04 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Pictures
2015-01-18 16:04 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\Pictures
2015-01-18 13:04 - 2014-03-21 13:24 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\TeamViewer
2015-01-17 19:30 - 2013-04-18 14:03 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\vlc
2015-01-17 16:10 - 2014-05-14 18:22 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\Skype
2015-01-16 15:28 - 2011-03-01 17:41 - 00000000 ____D () F:\Benutzer1\AppData\Roaming
2015-01-16 14:30 - 2011-03-01 17:41 - 00000000 ___RD () F:\Benutzer1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2015-01-16 11:43 - 2012-07-24 13:24 - 00000000 ____D () E:\Program Files\Mozilla Maintenance Service
2015-01-15 18:29 - 2014-02-25 23:37 - 00000000 ____D () E:\Program Files\Spybot - Search & Destroy 2
2015-01-15 16:13 - 2011-03-05 15:36 - 00000000 ____D () F:\Verwalter\AppData\Local\Microsoft
2015-01-15 02:13 - 2013-08-03 15:06 - 00000000 ____D () E:\Windows\system32\MRT
2015-01-15 02:01 - 2011-02-19 19:09 - 110348472 _____ (Microsoft Corporation) E:\Windows\system32\MRT.exe
2015-01-15 01:03 - 2011-03-01 11:27 - 00003778 _____ () F:\Benutzer1\Documents\_PASS.txt
2015-01-12 13:38 - 2011-03-02 12:04 - 00000000 ____D () F:\Benutzer1\Documents\Honorarnoten
2015-01-12 11:08 - 2013-05-16 13:46 - 00000000 ____D () F:\Benutzer1\Documents\NISF
2015-01-11 19:29 - 2011-03-24 10:13 - 00007635 _____ () F:\Verwalter\AppData\Local\Resmon.ResmonCfg
2015-01-11 17:59 - 2011-03-02 13:42 - 00000000 ____D () E:\Windows\Minidump
2015-01-11 17:57 - 2014-12-17 09:33 - 00000000 ____D () E:\Program Files\Raptr
2015-01-11 17:46 - 2009-07-14 03:37 - 00000000 ____D () E:\Windows\system
2015-01-11 17:20 - 2014-12-17 09:58 - 00000000 ____D () F:\Benutzer1\AppData\Roaming\Raptr
2015-01-09 13:58 - 2011-03-01 17:41 - 00000000 ____D () F:\Benutzer1\AppData\LocalLow
2015-01-09 12:57 - 2011-03-01 13:31 - 00000000 ____D () F:\Benutzer1\Documents\Kurse
2015-01-08 13:51 - 2009-07-14 03:37 - 00000000 ____D () E:\Windows\system32\NDF
2015-01-07 20:28 - 2011-02-19 19:43 - 00000000 ___HD () E:\Program Files\InstallShield Installation Information
2015-01-07 20:22 - 2006-12-15 00:29 - 00593920 _____ (Andrea Electronics Corporation) E:\Windows\system32\AEADIExt.dll
2015-01-07 20:22 - 2006-12-15 00:24 - 00119808 _____ (Andrea Electronics Corporation) E:\Windows\system32\AEADIAPO.dll
2015-01-02 13:37 - 2014-05-14 18:22 - 00000000 ___RD () E:\Program Files\Skype
==================== Files in the root of some directories =======
2011-03-05 14:15 - 2015-01-20 01:09 - 0199680 _____ () F:\Benutzer1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Files to move or delete:
====================
F:\de54a904ca19b08bc72781e2799f3c\mrtstub.exe
F:\Downloads\11-2_xp32_dd_ccc_ocl.exe
F:\GERMAN\LANG.DAT
F:\GERMAN\OS.DAT
F:\GERMAN\SETUP.EXE
F:\GERMAN\_ISDEL.EXE
F:\GERMAN\_SETUP.DLL
Some content of TEMP:
====================
F:\Benutzer1\AppData\Local\Temp\Quarantine.exe
F:\Benutzer1\AppData\Local\Temp\sqlite3.dll
F:\Verwalter\AppData\Local\Temp\catchme.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
E:\Windows\explorer.exe => File is digitally signed
E:\Windows\system32\winlogon.exe => File is digitally signed
E:\Windows\system32\wininit.exe => File is digitally signed
E:\Windows\system32\svchost.exe => File is digitally signed
E:\Windows\system32\services.exe => File is digitally signed
E:\Windows\system32\User32.dll => File is digitally signed
E:\Windows\system32\userinit.exe => File is digitally signed
E:\Windows\system32\rpcss.dll => File is digitally signed
E:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 20:19
==================== End Of Log ============================
--- --- --- --- --- --- |
|
| Themen zu Win7 gesamtes System sehr langsam, Windows Explorer stürzt ab |
| avast, booten, browser, explorer, firefox, funktioniert, google, hack, laden, langsam, neu, nicht mehr, pc extrem langsam, probleme, scan, sekunden, spybot, stürzt ab, system, webseite, win, win7, windows, windows explorer, woche |
Linear-Darstellung
