| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unzählige Abstürze, Win7 sehr instabil und langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.04.2015, 18:43
| #1 |
 |  Unzählige Abstürze, Win7 sehr instabil und langsam Hallo Leute, Ich habe seit einiger Zeit ein ziemlich schwerwiegendes Problem. Der Laptop, insbesondere Firefox und IE stürzen andauernd ab, WIN7 wird meist mit einem kryptischen Bluescreen neugestartet. Kurz gesagt, mein System läuft sehr instabil in letzter Zeit. Ich habe euch die Log nach dem letzten Absturz von Firefox unten angehängt. Ich würde mich freuen, wenn die Profis mir weiterhelfen könnten, damit ich mein Laptop wieder wie gewohnt weiterverwenden kann. Vielen Dank im Voraus Grüße Andy |
|
07.04.2015, 18:44
| #2 |
| /// the machine /// TB-Ausbilder    | Unzählige Abstürze, Win7 sehr instabil und langsam hi,
__________________ich seh kein Log. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
07.04.2015, 18:54
| #3 |
| | Unzählige Abstürze, Win7 sehr instabil und langsam Hallo
__________________Die Firefox Log habe ich in meinen ersten Beitrag reineditiert. Die Logs von Frst sind am Ende dieses Beitrags zu finden. Vielen Dank |
|
08.04.2015, 10:59
| #4 |
| /// the machine /// TB-Ausbilder | Unzählige Abstürze, Win7 sehr instabil und langsam Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.04.2015, 20:56
| #5 |
| | Unzählige Abstürze, Win7 sehr instabil und langsam Hallo Entschuldige bitte die späte Antwort. Firefox-Log Code:
ATTFilter Accessibility: Active
AdapterDeviceID: 0x9806
AdapterDriverVersion: 14.100.0.0
AdapterSubsysID: 3577103c
AdapterVendorID: 0x1002
Add-ons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1,ich%40maltegoetz.de:2.0.0.1,%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.6.7
AvailablePageFile: 6308663296
AvailablePhysicalMemory: 2619604992
AvailableVirtualMemory: 1651757056
BIOS_Manufacturer: Hewlett-Packard
BlockedDllList:
BreakpadReserveAddress: 30539776
BreakpadReserveSize: 41943040
BuildID: 20150122214805
CrashTime: 1428428323
EMCheckCompatibility: true
Email:
FramePoisonBase: 00000000f0de0000
FramePoisonSize: 65536
InstallTime: 1422433444
Notes: AdapterVendorID: 0x1002, AdapterDeviceID: 0x9806, AdapterSubsysID: 3577103c, AdapterDriverVersion: 14.100.0.0
D3D11 Layers? D3D11 Layers+
ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
ProductName: Firefox
ReleaseChannel: release
SecondsSinceLastCrash: 1540
StartupTime: 1428428288
SystemMemoryUsePercentage: 30
Theme: classic/1.0
Throttleable: 1
TotalPageFile: 7503716352
TotalPhysicalMemory: 3752755200
TotalVirtualMemory: 2147352576
URL: http://www.trojaner-board.de/newthre...=newthread&f=8
User32BeforeBlocklist: 1
Vendor: Mozilla
Version: 35.0.1
Winsock_LSP: MSAFD-Tcpip [TCP/IPv6] : 2 : 1 :
MSAFD-Tcpip [UDP/IPv6] : 2 : 2 : %SystemRoot%\system32\mswsock.dll
MSAFD-Tcpip [RAW/IPv6] : 2 : 3 :
MSAFD-Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%\system32\mswsock.dll
MSAFD-Tcpip [UDP/IP] : 2 : 2 :
MSAFD-Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll
RSVP-TCPv6-Dienstanbieter : 2 : 1 :
RSVP-TCP-Dienstanbieter : 2 : 1 : %SystemRoot%\system32\mswsock.dll
RSVP-UDPv6-Dienstanbieter : 2 : 2 :
RSVP-UDP-Dienstanbieter : 2 : 2 : %SystemRoot%\system32\mswsock.dll
MSAFD RfComm [Bluetooth] : 2 : 1 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BF6BE29-2A05-4678-BEB7-7DE59B4224F0}] SEQPACKET 6 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BF6BE29-2A05-4678-BEB7-7DE59B4224F0}] DATAGRAM 6 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D8C590F-06BB-4832-8DDE-8F828F5AC71F}] SEQPACKET 7 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D8C590F-06BB-4832-8DDE-8F828F5AC71F}] DATAGRAM 7 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{60E5978C-5410-4666-B4D5-55EDAADCB26A}] SEQPACKET 4 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{60E5978C-5410-4666-B4D5-55EDAADCB26A}] DATAGRAM 4 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9354444B-C0C9-4ABF-86AE-42265F0D16E2}] SEQPACKET 0 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9354444B-C0C9-4ABF-86AE-42265F0D16E2}] DATAGRAM 0 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{320E1C48-CA5F-4848-ACE0-6CD608130A3C}] SEQPACKET 10 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{320E1C48-CA5F-4848-ACE0-6CD608130A3C}] DATAGRAM 10 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D90F9DF7-CF8D-411F-BCB5-84E72D536F03}] SEQPACKET 1 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D90F9DF7-CF8D-411F-BCB5-84E72D536F03}] DATAGRAM 1 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7CF8ADA3-E8AB-4A45-A7B1-032E3ABE1514}] SEQPACKET 11 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7CF8ADA3-E8AB-4A45-A7B1-032E3ABE1514}] DATAGRAM 11 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BDF26C6F-9C6C-4DE7-9BB0-5627731B5D8F}] SEQPACKET 12 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BDF26C6F-9C6C-4DE7-9BB0-5627731B5D8F}] DATAGRAM 12 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7A3E67B3-56E3-4CD8-A4F2-639259FB6D57}] SEQPACKET 3 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7A3E67B3-56E3-4CD8-A4F2-639259FB6D57}] DATAGRAM 3 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5BF6BE29-2A05-4678-BEB7-7DE59B4224F0}] SEQPACKET 9 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5BF6BE29-2A05-4678-BEB7-7DE59B4224F0}] DATAGRAM 9 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6D8C590F-06BB-4832-8DDE-8F828F5AC71F}] SEQPACKET 8 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6D8C590F-06BB-4832-8DDE-8F828F5AC71F}] DATAGRAM 8 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{60E5978C-5410-4666-B4D5-55EDAADCB26A}] SEQPACKET 5 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{60E5978C-5410-4666-B4D5-55EDAADCB26A}] DATAGRAM 5 : 2 : 2 :
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9354444B-C0C9-4ABF-86AE-42265F0D16E2}] SEQPACKET 2 : 2 : 5 : %SystemRoot%\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9354444B-C0C9-4ABF-86AE-42265F0D16E2}] DATAGRAM 2 : 2 : 2 :
useragent_locale: de
Diese Meldung enthält Informationen über den Status der Anwendung zum Zeitpunkt des Absturzes.
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by xxx (administrator) on xxx-PC on 07-04-2015 19:47:02
Running from C:\Users\xxx\Downloads
Loaded Profiles: xxx (Available profiles: xxx)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6253160 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-03-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-18] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [370912 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-905575457-879607011-4093534939-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-905575457-879607011-4093534939-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-16] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-16] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-16] (Oracle Corporation)
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\searchplugins\suche.xml [2014-01-26]
FF Extension: WOT - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-15]
FF Extension: ProxTube - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\Extensions\ich@maltegoetz.de.xpi [2014-09-30]
FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-16]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-16]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-16] (AVAST Software)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66688 2011-04-16] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [33408 2011-04-16] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [184032 2014-03-28] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-02-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73480 2015-02-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-02-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-02-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-02-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-02-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-02-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-02-16] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-01] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-01] (Atheros)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 catchme; \??\C:\Users\xxx\AppData\Local\Temp\catchme.sys [X]
S3 gnvgvkgd; \??\C:\Windows\system32\drivers\ngiodriver_x86 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-07 19:47 - 2015-04-07 19:47 - 00010694 _____ () C:\Users\xxx\Downloads\FRST.txt
2015-04-07 19:46 - 2015-04-07 19:46 - 01135104 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe
2015-04-07 19:31 - 2015-04-07 19:31 - 301823138 _____ () C:\Windows\MEMORY.DMP
2015-04-07 19:31 - 2015-04-07 19:31 - 00574624 _____ () C:\Windows\Minidump\040715-23634-01.dmp
2015-04-07 19:31 - 2015-04-07 19:31 - 00000056 _____ () C:\Windows\setupact.log
2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-18 17:53 - 2015-02-16 13:52 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-07 19:47 - 2014-05-12 09:50 - 00000000 ____D () C:\FRST
2015-04-07 19:40 - 2009-07-14 06:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-07 19:40 - 2009-07-14 06:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-07 19:39 - 2010-11-20 23:01 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-07 19:36 - 2012-05-10 19:50 - 01822201 _____ () C:\Windows\WindowsUpdate.log
2015-04-07 19:33 - 2012-05-11 00:10 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-07 19:31 - 2014-11-29 11:25 - 00000000 ____D () C:\Windows\Minidump
2015-04-07 19:31 - 2012-05-10 22:02 - 00000000 ____D () C:\Users\xxx
2015-04-07 19:31 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-07 19:16 - 2012-07-22 11:37 - 00000000 ____D () C:\Users\xxx\AppData\Local\CrashDumps
2015-03-18 17:54 - 2015-02-16 13:53 - 00002005 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
==================== Files in the root of some directories =======
2014-10-20 13:24 - 2014-10-20 13:25 - 50063360 _____ () C:\Program Files\GUT6123.tmp
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-18 19:38
==================== End Of Log ============================
Addition FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by xxx at 2015-04-07 19:48:15
Running from C:\Users\xxx\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Install Manager (HKLM\...\{7FEFA920-0095-A7D7-C394-096E1A5470C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.2.0.60 - Atheros Communications)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5120 - CyberLink Corp.)
FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
HydraVision (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6461 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
25-11-2014 20:06:02 Windows Update
26-11-2014 11:05:03 Windows Update
04-12-2014 16:56:34 Windows Update
13-12-2014 11:16:37 Windows Update
14-12-2014 18:39:21 Windows Update
06-01-2015 17:07:00 Windows Update
09-01-2015 13:26:20 Windows Update
25-01-2015 17:16:38 Windows Update
16-02-2015 13:21:30 avast! antivirus system restore point
16-02-2015 13:29:32 Windows Update
16-02-2015 13:34:59 avast! antivirus system restore point
16-02-2015 13:50:42 avast! antivirus system restore point
16-02-2015 14:38:55 avast! antivirus system restore point
18-03-2015 17:51:38 avast! antivirus system restore point
07-04-2015 19:28:30 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {204756FC-1FE5-43A6-BE1F-EE4F49EAD7F4} - System32\Tasks\{2341CCD2-678C-46D8-AB43-1360BA2365EA} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.1.0.105&LastError=-3
Task: {56CD1937-36E8-4EA0-B2A1-803B1194E747} - System32\Tasks\{57D855B7-0760-459E-942E-962D5C7336DE} => pcalua.exe -a E:\sp53753.exe -d E:\
Task: {677CD973-55A4-4872-A68B-E1A687D2B65B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-16] (AVAST Software)
Task: {8B7E67A8-61D7-4265-BC4B-1E971B5FFCBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {996DA765-C3B6-4AF0-87AC-6725715D9F12} - System32\Tasks\MirageAgent => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [2012-03-20] (CyberLink)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) ==============
2015-03-18 17:51 - 2015-03-18 17:51 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031800\algo.dll
2014-04-17 22:28 - 2014-04-17 22:28 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-16 13:52 - 2015-02-16 13:52 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-21 04:06 - 2015-01-21 04:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-04-17 22:28 - 2014-04-17 22:28 - 00095744 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-15 13:45 - 2015-01-28 10:23 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
==================== Accounts: =============================
Administrator (S-1-5-21-905575457-879607011-4093534939-500 - Administrator - Disabled)
Gast (S-1-5-21-905575457-879607011-4093534939-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-905575457-879607011-4093534939-1003 - Limited - Enabled)
xxx (S-1-5-21-905575457-879607011-4093534939-1000 - Administrator - Enabled) => C:\Users\xxx
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/07/2015 07:33:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/07/2015 07:28:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {716af39f-471f-4c05-9e2d-93e9f6b35bea}
Error: (04/07/2015 07:07:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/18/2015 06:02:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21746
Error: (03/18/2015 06:02:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21746
Error: (03/18/2015 06:02:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/18/2015 05:51:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {138fd23b-bced-4121-833c-864138f0207e}
Error: (03/18/2015 05:40:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_WinDefend, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00052c26
ID des fehlerhaften Prozesses: 0x220
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_WinDefend0
Pfad der fehlerhaften Anwendung: svchost.exe_WinDefend1
Pfad des fehlerhaften Moduls: svchost.exe_WinDefend2
Berichtskennung: svchost.exe_WinDefend3
Error: (03/18/2015 05:38:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_WinDefend, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.11302.0, Zeitstempel: 0x547d9816
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b2f69
ID des fehlerhaften Prozesses: 0x86c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_WinDefend0
Pfad der fehlerhaften Anwendung: svchost.exe_WinDefend1
Pfad des fehlerhaften Moduls: svchost.exe_WinDefend2
Berichtskennung: svchost.exe_WinDefend3
Error: (03/18/2015 05:35:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/07/2015 07:34:13 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 80.
Error: (04/07/2015 07:33:24 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.
Error: (04/07/2015 07:32:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TeamViewer 10" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/07/2015 07:32:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TeamViewer 10 erreicht.
Error: (04/07/2015 07:31:37 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000116 (0x86bc6510, 0x928e670e, 0x00000000, 0x00000002)C:\Windows\MEMORY.DMP040715-23634-01
Error: (04/07/2015 07:31:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 07.04.2015 um 19:30:15 unerwartet heruntergefahren.
Error: (04/07/2015 07:21:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 51. Der interne Fehlerstatus lautet: 802.
Error: (04/07/2015 07:21:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 51. Der interne Fehlerstatus lautet: 1106.
Error: (04/07/2015 07:19:25 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 51. Der interne Fehlerstatus lautet: 802.
Error: (04/07/2015 07:19:25 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 51. Der interne Fehlerstatus lautet: 1106.
Microsoft Office Sessions:
=========================
Error: (04/07/2015 07:33:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/07/2015 07:28:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {716af39f-471f-4c05-9e2d-93e9f6b35bea}
Error: (04/07/2015 07:07:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/18/2015 06:02:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21746
Error: (03/18/2015 06:02:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21746
Error: (03/18/2015 06:02:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/18/2015 05:51:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {138fd23b-bced-4121-833c-864138f0207e}
Error: (03/18/2015 05:40:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_WinDefend6.1.7600.163854a5bc100ntdll.dll6.1.7601.18247521ea91cc00000fd00052c2622001d06191cd6cd0a4C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll17f56a9d-cd85-11e4-ba7a-74de2bb9bf22
Error: (03/18/2015 05:38:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_WinDefend6.1.7600.163854a5bc100mpengine.dll1.1.11302.0547d9816c0000005000b2f6986c01d061910cdf8ae5C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C6C4A887-E207-4F59-B0C0-79722F1BAD92}\mpengine.dlle2f5470e-cd84-11e4-ba7a-74de2bb9bf22
Error: (03/18/2015 05:35:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 3578.91 MB
Available physical RAM: 2417.02 MB
Total Pagefile: 7156.1 MB
Available Pagefile: 5830.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:261.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B03E7563)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
11.04.2015, 07:39
| #6 |
| /// the machine /// TB-Ausbilder | Unzählige Abstürze, Win7 sehr instabil und langsam hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Unzählige Abstürze, Win7 sehr instabil und langsam |
|
11.04.2015, 09:37
| #7 |
| | Unzählige Abstürze, Win7 sehr instabil und langsam Hallo und vielen Dank bisher. Der TDSSKiller hat ein Objekt gefunden. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.04.11.01
rootkit: v2015.03.31.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
xxx :: xxx-PC [administrator]
11.04.2015 10:12:43
mbar-log-2015-04-11 (10-12-43).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 26727
Time elapsed: 10 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 10:28:28.0965 0x1370 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
10:28:34.0344 0x1370 ============================================================
10:28:34.0345 0x1370 Current date / time: 2015/04/11 10:28:34.0344
10:28:34.0345 0x1370 SystemInfo:
10:28:34.0345 0x1370
10:28:34.0345 0x1370 OS Version: 6.1.7601 ServicePack: 1.0
10:28:34.0345 0x1370 Product type: Workstation
10:28:34.0345 0x1370 ComputerName: xxx-PC
10:28:34.0346 0x1370 UserName: xxx
10:28:34.0346 0x1370 Windows directory: C:\Windows
10:28:34.0346 0x1370 System windows directory: C:\Windows
10:28:34.0346 0x1370 Processor architecture: Intel x86
10:28:34.0346 0x1370 Number of processors: 2
10:28:34.0346 0x1370 Page size: 0x1000
10:28:34.0346 0x1370 Boot type: Normal boot
10:28:34.0346 0x1370 ============================================================
10:28:34.0723 0x1370 KLMD registered as C:\Windows\system32\drivers\52806375.sys
10:28:35.0233 0x1370 System UUID: {5395D611-7D34-E0C6-DC8B-B7AAD5B8349D}
10:28:36.0629 0x1370 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:28:36.0629 0x1370 ============================================================
10:28:36.0629 0x1370 \Device\Harddisk0\DR0:
10:28:36.0629 0x1370 MBR partitions:
10:28:36.0629 0x1370 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:28:36.0629 0x1370 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
10:28:36.0629 0x1370 ============================================================
10:28:36.0660 0x1370 C: <-> \Device\Harddisk0\DR0\Partition2
10:28:36.0660 0x1370 ============================================================
10:28:36.0660 0x1370 Initialize success
10:28:36.0660 0x1370 ============================================================
10:29:33.0803 0x165c ============================================================
10:29:33.0803 0x165c Scan started
10:29:33.0803 0x165c Mode: Manual; SigCheck; TDLFS;
10:29:33.0803 0x165c ============================================================
10:29:33.0803 0x165c KSN ping started
10:29:47.0687 0x165c KSN ping finished: true
10:29:48.0732 0x165c ================ Scan system memory ========================
10:29:48.0732 0x165c System memory - ok
10:29:48.0732 0x165c ================ Scan services =============================
10:29:49.0153 0x165c [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:29:49.0325 0x165c 1394ohci - ok
10:29:49.0387 0x165c [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:29:49.0434 0x165c ACPI - ok
10:29:49.0465 0x165c [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:29:49.0512 0x165c AcpiPmi - ok
10:29:49.0590 0x165c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:29:49.0637 0x165c adp94xx - ok
10:29:49.0699 0x165c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:29:49.0746 0x165c adpahci - ok
10:29:49.0761 0x165c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:29:49.0793 0x165c adpu320 - ok
10:29:49.0839 0x165c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:29:49.0917 0x165c AeLookupSvc - ok
10:29:50.0105 0x165c [ A6CE73469591554279DA63BE715DBC93, E0F2441A3814173DD93A28727DF7ECB9B58613B8E5D0C3A3FC082AF816C68CA8 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
10:29:50.0151 0x165c AERTFilters - ok
10:29:50.0229 0x165c [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
10:29:50.0307 0x165c AFD - ok
10:29:50.0339 0x165c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
10:29:50.0370 0x165c agp440 - ok
10:29:50.0401 0x165c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:29:50.0432 0x165c aic78xx - ok
10:29:50.0479 0x165c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
10:29:50.0541 0x165c ALG - ok
10:29:50.0604 0x165c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
10:29:50.0619 0x165c aliide - ok
10:29:50.0713 0x165c [ 90EC928E9542B166583D865F99F85BE8, F484697A6D0FE6E1DC7CAE3D21BEC8041D45111109E887FE6754817ADFCF6DDA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:29:50.0791 0x165c AMD External Events Utility - ok
10:29:50.0885 0x165c AMD FUEL Service - ok
10:29:50.0931 0x165c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:29:50.0963 0x165c amdagp - ok
10:29:51.0009 0x165c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
10:29:51.0041 0x165c amdide - ok
10:29:51.0056 0x165c amdiox86 - ok
10:29:51.0087 0x165c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:29:51.0150 0x165c AmdK8 - ok
10:29:52.0039 0x165c [ D4EF00B622EBEBEF85AB53C51A509A14, AFDFF78D61D1495BD51197CF26EB34F77871DA0A13E9056DE3776C9364FBC9A9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:29:53.0162 0x165c amdkmdag - ok
10:29:53.0349 0x165c [ 0A536B713BF916E62A14D48B0C1739A3, 425184896AD276AD45822655ADEC9EC499A9574E5815426AD6231029B46DD194 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:29:53.0443 0x165c amdkmdap - ok
10:29:53.0459 0x165c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:29:53.0521 0x165c AmdPPM - ok
10:29:53.0568 0x165c [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:29:53.0599 0x165c amdsata - ok
10:29:53.0646 0x165c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:29:53.0677 0x165c amdsbs - ok
10:29:53.0693 0x165c [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:29:53.0724 0x165c amdxata - ok
10:29:53.0771 0x165c [ D4D9F054F50CC176B8AD96957CBF34A0, C79EF80F23952218F12B3CCBDC86410084238AB797E0006E1224F42AAE204B4D ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
10:29:53.0802 0x165c amd_sata - ok
10:29:53.0833 0x165c [ 3D50F8F1A7BEC39E3225203A34BB2BF6, 64947CA469B75E459434B62D9B0712EA61E0DE0D56026433D98A7C2CF819F338 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
10:29:53.0864 0x165c amd_xata - ok
10:29:53.0880 0x165c [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
10:29:53.0973 0x165c AppID - ok
10:29:54.0020 0x165c [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:29:54.0114 0x165c AppIDSvc - ok
10:29:54.0161 0x165c [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
10:29:54.0223 0x165c Appinfo - ok
10:29:54.0270 0x165c [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:29:54.0332 0x165c AppMgmt - ok
10:29:54.0410 0x165c [ B43355930C1DC271315E463647A4F6EE, FF0F15E5B92993F963A5E71A0F5A39FC65A06FCFD708527F1770186B861976A5 ] APXACC C:\Windows\system32\DRIVERS\appexDrv.sys
10:29:54.0441 0x165c APXACC - ok
10:29:54.0473 0x165c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
10:29:54.0504 0x165c arc - ok
10:29:54.0519 0x165c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:29:54.0551 0x165c arcsas - ok
10:29:54.0878 0x165c [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:29:54.0925 0x165c aspnet_state - ok
10:29:54.0987 0x165c [ 9D23DE88C3B18BA87CD4587177CA6CEA, 46DBB867FC73E30320852F744F38B66906DD5B96C4EBB03F504CF33E867A8470 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
10:29:55.0019 0x165c aswHwid - ok
10:29:55.0050 0x165c [ 98F4C60F5C3E77B4A2CD1F06F7198D49, 00F04E8FB7625821837612FEACEE28AE2A5517F5BB7FBBA0DDD4C7E8FE36248B ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
10:29:55.0081 0x165c aswMonFlt - ok
10:29:55.0143 0x165c [ DE8D7912469E4BC5FAED78D9D1076888, 8545139B7A7D0B672A0225686BFB03EBEA6E7202D93B772CB2F74CA9E4D7F81D ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
10:29:55.0175 0x165c aswRdr - ok
10:29:55.0253 0x165c [ 6544697080421E62E97AAFBD0A8AA391, BB3F492BF828A147B82FDD1FC9EB9867D96DE0481554A59745D41C6BAB551700 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
10:29:55.0284 0x165c aswRvrt - ok
10:29:55.0409 0x165c [ E73CBE3420ECFA8FF7D0467E170E335D, B994342C92AE9167908B8CA3D03DC278E919C7073512461AFFD4C25E8D2D8D66 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
10:29:55.0533 0x165c aswSnx - ok
10:29:55.0658 0x165c [ 1624D5AD126B8AFE2B2E85E5B8364EB6, AB97A74C1CA9921F7753D98516D7E11750D5D3ACD143C83273B0B295625440A0 ] aswSP C:\Windows\system32\drivers\aswSP.sys
10:29:55.0705 0x165c aswSP - ok
10:29:55.0814 0x165c [ 401E663D9CBAFB580FF37A1A44AC84D9, EFF1DA23A1F316B0FA03467F6C04B83EA39D8484A1A7EDF5FCFF20F1CF8DC2E2 ] aswStm C:\Windows\system32\drivers\aswStm.sys
10:29:55.0861 0x165c aswStm - ok
10:29:55.0970 0x165c [ 0EFBC2962B156E8AC267F96D4D93EF06, 8A69672CE8B68A0A683D583287473BFAB7CF8B9771C22E398607CF2A151C7124 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
10:29:56.0017 0x165c aswVmm - ok
10:29:56.0048 0x165c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:29:56.0126 0x165c AsyncMac - ok
10:29:56.0189 0x165c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
10:29:56.0204 0x165c atapi - ok
10:29:56.0313 0x165c [ 4C4A576818EA028257C624AE36FF7A03, 951521E0531D943EF55737EE99BBCBD6CC6ABC50530985D774EEBE8564166EDB ] Atheros Bt&Wlan Coex Agent C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
10:29:56.0391 0x165c Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
10:29:58.0997 0x165c Detect skipped due to KSN trusted
10:29:58.0997 0x165c Atheros Bt&Wlan Coex Agent - ok
10:29:59.0246 0x165c [ CFE432E8EEACBCEA3DBF53EA76978A65, 1495A2E450B4000FBB8DCF7AC2AFE96A08AD23CBE0C7DC2BFB6A70E68CF1AEAA ] athr C:\Windows\system32\DRIVERS\athr.sys
10:29:59.0480 0x165c athr - ok
10:29:59.0558 0x165c [ 636C40DAC5D13F4C354973017AA8ADC2, A32B0F39092765FCBC7D0135D8CD905C9FDB302B7A7474195108F8118833A842 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
10:29:59.0621 0x165c AtiHDAudioService - ok
10:29:59.0683 0x165c [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:29:59.0761 0x165c AudioEndpointBuilder - ok
10:29:59.0792 0x165c [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:29:59.0855 0x165c Audiosrv - ok
10:30:00.0026 0x165c [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:30:00.0073 0x165c avast! Antivirus - ok
10:30:00.0120 0x165c [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:30:00.0167 0x165c AxInstSV - ok
10:30:00.0229 0x165c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
10:30:00.0291 0x165c b06bdrv - ok
10:30:00.0385 0x165c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:30:00.0447 0x165c b57nd60x - ok
10:30:00.0494 0x165c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
10:30:00.0541 0x165c BDESVC - ok
10:30:00.0588 0x165c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
10:30:00.0650 0x165c Beep - ok
10:30:00.0713 0x165c [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
10:30:00.0775 0x165c BFE - ok
10:30:00.0837 0x165c [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\system32\qmgr.dll
10:30:00.0993 0x165c BITS - ok
10:30:01.0025 0x165c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:30:01.0071 0x165c blbdrive - ok
10:30:01.0243 0x165c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:30:01.0274 0x165c Bonjour Service - ok
10:30:01.0337 0x165c [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:30:01.0399 0x165c bowser - ok
10:30:01.0430 0x165c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:30:01.0493 0x165c BrFiltLo - ok
10:30:01.0493 0x165c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:30:01.0539 0x165c BrFiltUp - ok
10:30:01.0664 0x165c [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:30:01.0742 0x165c BridgeMP - ok
10:30:01.0805 0x165c [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
10:30:01.0867 0x165c Browser - ok
10:30:01.0898 0x165c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:30:01.0961 0x165c Brserid - ok
10:30:01.0976 0x165c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:30:02.0023 0x165c BrSerWdm - ok
10:30:02.0023 0x165c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:30:02.0085 0x165c BrUsbMdm - ok
10:30:02.0085 0x165c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:30:02.0132 0x165c BrUsbSer - ok
10:30:02.0195 0x165c [ F60E0C722442EA91F0C253B7814D8192, FCD383C9DD38B57FADB8EC5F915D8040E6B116E59DC062BD3600C7BED4039F21 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
10:30:02.0226 0x165c BTATH_BUS - ok
10:30:02.0335 0x165c [ 8F2223374E9FA01A016EAC0E05888D1D, E00CC0698FDB77E987804E7846D98996A29F645E32D46D87B2EAA1C1113AEB2C ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
10:30:02.0397 0x165c BtFilter - ok
10:30:02.0460 0x165c [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:30:02.0522 0x165c BthEnum - ok
10:30:02.0538 0x165c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:30:02.0600 0x165c BTHMODEM - ok
10:30:02.0647 0x165c [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:30:02.0709 0x165c BthPan - ok
10:30:02.0787 0x165c [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:30:02.0850 0x165c BTHPORT - ok
10:30:02.0897 0x165c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
10:30:02.0975 0x165c bthserv - ok
10:30:03.0021 0x165c [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:30:03.0068 0x165c BTHUSB - ok
10:30:03.0302 0x165c catchme - ok
10:30:03.0349 0x165c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:30:03.0427 0x165c cdfs - ok
10:30:03.0458 0x165c [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:30:03.0521 0x165c cdrom - ok
10:30:03.0567 0x165c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
10:30:03.0645 0x165c CertPropSvc - ok
10:30:03.0661 0x165c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
10:30:03.0708 0x165c circlass - ok
10:30:03.0786 0x165c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
10:30:03.0833 0x165c CLFS - ok
10:30:03.0973 0x165c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:30:04.0004 0x165c clr_optimization_v2.0.50727_32 - ok
10:30:04.0098 0x165c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:30:04.0129 0x165c clr_optimization_v4.0.30319_32 - ok
10:30:04.0176 0x165c [ 125C828BF3673406DFD642D7BEE8434F, 0D35DFFC1B7958E5C44F8ABCAFBF965D41AB431E7829568F391B6F771523B243 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
10:30:04.0207 0x165c clwvd - ok
10:30:04.0223 0x165c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:30:04.0269 0x165c CmBatt - ok
10:30:04.0316 0x165c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:30:04.0347 0x165c cmdide - ok
10:30:04.0425 0x165c [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
10:30:04.0488 0x165c CNG - ok
10:30:04.0535 0x165c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:30:04.0566 0x165c Compbatt - ok
10:30:04.0597 0x165c [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:30:04.0644 0x165c CompositeBus - ok
10:30:04.0659 0x165c COMSysApp - ok
10:30:04.0675 0x165c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:30:04.0706 0x165c crcdisk - ok
10:30:04.0769 0x165c [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:30:04.0831 0x165c CryptSvc - ok
10:30:04.0893 0x165c [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
10:30:04.0956 0x165c CSC - ok
10:30:05.0018 0x165c [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
10:30:05.0096 0x165c CscService - ok
10:30:05.0159 0x165c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
10:30:05.0252 0x165c DcomLaunch - ok
10:30:05.0299 0x165c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
10:30:05.0393 0x165c defragsvc - ok
10:30:05.0439 0x165c [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:30:05.0517 0x165c DfsC - ok
10:30:05.0564 0x165c [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:30:05.0627 0x165c Dhcp - ok
10:30:05.0658 0x165c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
10:30:05.0736 0x165c discache - ok
10:30:05.0767 0x165c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
10:30:05.0798 0x165c Disk - ok
10:30:05.0845 0x165c [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:30:05.0892 0x165c dmvsc - ok
10:30:05.0939 0x165c [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:30:05.0985 0x165c Dnscache - ok
10:30:06.0032 0x165c [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
10:30:06.0126 0x165c dot3svc - ok
10:30:06.0219 0x165c [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
10:30:06.0313 0x165c DPS - ok
10:30:06.0391 0x165c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:30:06.0453 0x165c drmkaud - ok
10:30:06.0531 0x165c [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:30:06.0656 0x165c DXGKrnl - ok
10:30:06.0719 0x165c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
10:30:06.0797 0x165c EapHost - ok
10:30:06.0999 0x165c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
10:30:07.0202 0x165c ebdrv - ok
10:30:07.0296 0x165c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
10:30:07.0343 0x165c EFS - ok
10:30:07.0483 0x165c [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:30:07.0545 0x165c ehRecvr - ok
10:30:07.0561 0x165c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
10:30:07.0608 0x165c ehSched - ok
10:30:07.0670 0x165c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:30:07.0733 0x165c elxstor - ok
10:30:07.0733 0x165c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:30:07.0779 0x165c ErrDev - ok
10:30:07.0904 0x165c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
10:30:07.0998 0x165c EventSystem - ok
10:30:08.0029 0x165c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
10:30:08.0091 0x165c exfat - ok
10:30:08.0138 0x165c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:30:08.0216 0x165c fastfat - ok
10:30:08.0279 0x165c [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
10:30:08.0357 0x165c Fax - ok
10:30:08.0388 0x165c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\drivers\fdc.sys
10:30:08.0419 0x165c fdc - ok
10:30:08.0450 0x165c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
10:30:08.0528 0x165c fdPHost - ok
10:30:08.0544 0x165c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
10:30:08.0622 0x165c FDResPub - ok
10:30:08.0653 0x165c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:30:08.0684 0x165c FileInfo - ok
10:30:08.0700 0x165c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:30:08.0762 0x165c Filetrace - ok
10:30:08.0762 0x165c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:30:08.0809 0x165c flpydisk - ok
10:30:08.0840 0x165c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:30:08.0871 0x165c FltMgr - ok
10:30:08.0965 0x165c [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
10:30:09.0105 0x165c FontCache - ok
10:30:09.0199 0x165c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:30:09.0246 0x165c FontCache3.0.0.0 - ok
10:30:09.0261 0x165c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:30:09.0293 0x165c FsDepends - ok
10:30:09.0324 0x165c [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:30:09.0355 0x165c Fs_Rec - ok
10:30:09.0433 0x165c [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:30:09.0464 0x165c fvevol - ok
10:30:09.0527 0x165c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:30:09.0558 0x165c gagp30kx - ok
10:30:09.0620 0x165c gnvgvkgd - ok
10:30:09.0745 0x165c [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
10:30:09.0932 0x165c gpsvc - ok
10:30:09.0979 0x165c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:30:10.0026 0x165c hcw85cir - ok
10:30:10.0057 0x165c [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:30:10.0119 0x165c HdAudAddService - ok
10:30:10.0151 0x165c [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:30:10.0197 0x165c HDAudBus - ok
10:30:10.0213 0x165c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:30:10.0244 0x165c HidBatt - ok
10:30:10.0275 0x165c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:30:10.0338 0x165c HidBth - ok
10:30:10.0354 0x165c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
10:30:10.0400 0x165c HidIr - ok
10:30:10.0432 0x165c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
10:30:10.0510 0x165c hidserv - ok
10:30:10.0556 0x165c [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:30:10.0619 0x165c HidUsb - ok
10:30:10.0634 0x165c [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
10:30:10.0712 0x165c hkmsvc - ok
10:30:10.0744 0x165c [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:30:10.0790 0x165c HomeGroupListener - ok
10:30:10.0837 0x165c [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:30:10.0900 0x165c HomeGroupProvider - ok
10:30:10.0931 0x165c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:30:10.0962 0x165c HpSAMD - ok
10:30:10.0993 0x165c [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:30:11.0071 0x165c HTTP - ok
10:30:11.0087 0x165c [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:30:11.0118 0x165c hwpolicy - ok
10:30:11.0134 0x165c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:30:11.0165 0x165c i8042prt - ok
10:30:11.0227 0x165c [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:30:11.0274 0x165c iaStorV - ok
10:30:11.0680 0x165c [ E4693409D06785477A49FB34AFAE1B92, 3855CE03672D73084BBAC219F2B350CF22608A82828F82A9E842034F6A975F14 ] IconMan_R C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
10:30:12.0522 0x165c IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
10:30:15.0158 0x165c Detect skipped due to KSN trusted
10:30:15.0158 0x165c IconMan_R - ok
10:30:15.0299 0x165c [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:30:15.0439 0x165c idsvc - ok
10:30:15.0502 0x165c IEEtwCollectorService - ok
10:30:15.0548 0x165c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:30:15.0580 0x165c iirsp - ok
10:30:15.0673 0x165c [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
10:30:15.0829 0x165c IKEEXT - ok
10:30:16.0157 0x165c [ 4D51D6277B20E10050201D55C3360CFC, 72D24448AFB1FBFC22442A152DE6AE024945FEDCF699BDBFB230133C7D76FE22 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:30:16.0422 0x165c IntcAzAudAddService - ok
10:30:16.0500 0x165c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
10:30:16.0531 0x165c intelide - ok
10:30:16.0594 0x165c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\drivers\intelppm.sys
10:30:16.0625 0x165c intelppm - ok
10:30:16.0672 0x165c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:30:16.0734 0x165c IPBusEnum - ok
10:30:16.0750 0x165c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:30:16.0828 0x165c IpFilterDriver - ok
10:30:16.0874 0x165c [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:30:16.0952 0x165c iphlpsvc - ok
10:30:16.0984 0x165c [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:30:17.0015 0x165c IPMIDRV - ok
10:30:17.0046 0x165c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:30:17.0124 0x165c IPNAT - ok
10:30:17.0140 0x165c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:30:17.0186 0x165c IRENUM - ok
10:30:17.0202 0x165c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:30:17.0233 0x165c isapnp - ok
10:30:17.0264 0x165c [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:30:17.0296 0x165c iScsiPrt - ok
10:30:17.0327 0x165c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:30:17.0358 0x165c kbdclass - ok
10:30:17.0389 0x165c [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:30:17.0436 0x165c kbdhid - ok
10:30:17.0483 0x165c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
10:30:17.0514 0x165c KeyIso - ok
10:30:17.0561 0x165c [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:30:17.0592 0x165c KSecDD - ok
10:30:17.0639 0x165c [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:30:17.0670 0x165c KSecPkg - ok
10:30:17.0717 0x165c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:30:17.0810 0x165c KtmRm - ok
10:30:17.0857 0x165c [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:30:17.0951 0x165c LanmanServer - ok
10:30:17.0998 0x165c [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:30:18.0076 0x165c LanmanWorkstation - ok
10:30:18.0122 0x165c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:30:18.0200 0x165c lltdio - ok
10:30:18.0247 0x165c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:30:18.0325 0x165c lltdsvc - ok
10:30:18.0341 0x165c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:30:18.0419 0x165c lmhosts - ok
10:30:18.0450 0x165c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:30:18.0481 0x165c LSI_FC - ok
10:30:18.0528 0x165c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:30:18.0559 0x165c LSI_SAS - ok
10:30:18.0559 0x165c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:30:18.0590 0x165c LSI_SAS2 - ok
10:30:18.0606 0x165c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:30:18.0637 0x165c LSI_SCSI - ok
10:30:18.0653 0x165c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
10:30:18.0715 0x165c luafv - ok
10:30:18.0762 0x165c [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:30:18.0793 0x165c Mcx2Svc - ok
10:30:18.0809 0x165c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
10:30:18.0840 0x165c megasas - ok
10:30:18.0871 0x165c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:30:18.0902 0x165c MegaSR - ok
10:30:18.0934 0x165c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
10:30:19.0012 0x165c MMCSS - ok
10:30:19.0027 0x165c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
10:30:19.0105 0x165c Modem - ok
10:30:19.0136 0x165c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:30:19.0183 0x165c monitor - ok
10:30:19.0214 0x165c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:30:19.0246 0x165c mouclass - ok
10:30:19.0261 0x165c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:30:19.0308 0x165c mouhid - ok
10:30:19.0339 0x165c [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:30:19.0370 0x165c mountmgr - ok
10:30:19.0433 0x165c [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:30:19.0464 0x165c MozillaMaintenance - ok
10:30:19.0495 0x165c [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
10:30:19.0542 0x165c mpio - ok
10:30:19.0573 0x165c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:30:19.0620 0x165c mpsdrv - ok
10:30:19.0682 0x165c [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:30:19.0776 0x165c MpsSvc - ok
10:30:19.0807 0x165c [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:30:19.0870 0x165c MRxDAV - ok
10:30:19.0901 0x165c [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:30:19.0948 0x165c mrxsmb - ok
10:30:19.0963 0x165c [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:30:20.0010 0x165c mrxsmb10 - ok
10:30:20.0041 0x165c [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:30:20.0104 0x165c mrxsmb20 - ok
10:30:20.0135 0x165c [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
10:30:20.0166 0x165c msahci - ok
10:30:20.0197 0x165c [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:30:20.0228 0x165c msdsm - ok
10:30:20.0291 0x165c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
10:30:20.0353 0x165c MSDTC - ok
10:30:20.0369 0x165c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:30:20.0431 0x165c Msfs - ok
10:30:20.0447 0x165c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:30:20.0509 0x165c mshidkmdf - ok
10:30:20.0509 0x165c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:30:20.0540 0x165c msisadrv - ok
10:30:20.0572 0x165c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:30:20.0650 0x165c MSiSCSI - ok
10:30:20.0665 0x165c msiserver - ok
10:30:20.0696 0x165c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:30:20.0759 0x165c MSKSSRV - ok
10:30:20.0774 0x165c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:30:20.0837 0x165c MSPCLOCK - ok
10:30:20.0852 0x165c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:30:20.0930 0x165c MSPQM - ok
10:30:20.0946 0x165c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:30:20.0977 0x165c MsRPC - ok
10:30:20.0993 0x165c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:30:21.0024 0x165c mssmbios - ok
10:30:21.0024 0x165c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:30:21.0086 0x165c MSTEE - ok
10:30:21.0102 0x165c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:30:21.0149 0x165c MTConfig - ok
10:30:21.0164 0x165c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
10:30:21.0196 0x165c Mup - ok
10:30:21.0242 0x165c [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
10:30:21.0336 0x165c napagent - ok
10:30:21.0414 0x165c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:30:21.0476 0x165c NativeWifiP - ok
10:30:21.0554 0x165c [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:30:21.0617 0x165c NDIS - ok
10:30:21.0679 0x165c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:30:21.0742 0x165c NdisCap - ok
10:30:21.0757 0x165c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:30:21.0835 0x165c NdisTapi - ok
10:30:21.0835 0x165c [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:30:21.0913 0x165c Ndisuio - ok
10:30:21.0929 0x165c [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:30:22.0007 0x165c NdisWan - ok
10:30:22.0022 0x165c [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:30:22.0069 0x165c NDProxy - ok
10:30:22.0116 0x165c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:30:22.0178 0x165c NetBIOS - ok
10:30:22.0194 0x165c [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:30:22.0272 0x165c NetBT - ok
10:30:22.0303 0x165c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
10:30:22.0350 0x165c Netlogon - ok
10:30:22.0397 0x165c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
10:30:22.0490 0x165c Netman - ok
10:30:22.0553 0x165c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:30:22.0600 0x165c NetMsmqActivator - ok
10:30:22.0600 0x165c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:30:22.0646 0x165c NetPipeActivator - ok
10:30:22.0678 0x165c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
10:30:22.0771 0x165c netprofm - ok
10:30:22.0787 0x165c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:30:22.0818 0x165c NetTcpActivator - ok
10:30:22.0834 0x165c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:30:22.0880 0x165c NetTcpPortSharing - ok
10:30:22.0912 0x165c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:30:22.0943 0x165c nfrd960 - ok
10:30:23.0005 0x165c [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:30:23.0083 0x165c NlaSvc - ok
10:30:23.0083 0x165c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:30:23.0161 0x165c Npfs - ok
10:30:23.0177 0x165c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
10:30:23.0239 0x165c nsi - ok
10:30:23.0255 0x165c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:30:23.0333 0x165c nsiproxy - ok
10:30:23.0458 0x165c [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:30:23.0567 0x165c Ntfs - ok
10:30:23.0629 0x165c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
10:30:23.0707 0x165c Null - ok
10:30:23.0754 0x165c [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:30:23.0785 0x165c nvraid - ok
10:30:23.0832 0x165c [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:30:23.0863 0x165c nvstor - ok
10:30:23.0894 0x165c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:30:23.0926 0x165c nv_agp - ok
10:30:23.0941 0x165c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:30:23.0988 0x165c ohci1394 - ok
10:30:24.0019 0x165c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:30:24.0097 0x165c p2pimsvc - ok
10:30:24.0144 0x165c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
10:30:24.0206 0x165c p2psvc - ok
10:30:24.0238 0x165c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\drivers\parport.sys
10:30:24.0284 0x165c Parport - ok
10:30:24.0316 0x165c [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:30:24.0347 0x165c partmgr - ok
10:30:24.0362 0x165c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:30:24.0394 0x165c Parvdm - ok
10:30:24.0440 0x165c [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:30:24.0487 0x165c PcaSvc - ok
10:30:24.0503 0x165c [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
10:30:24.0550 0x165c pci - ok
10:30:24.0581 0x165c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
10:30:24.0612 0x165c pciide - ok
10:30:24.0643 0x165c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:30:24.0674 0x165c pcmcia - ok
10:30:24.0690 0x165c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
10:30:24.0721 0x165c pcw - ok
10:30:24.0768 0x165c [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:30:24.0862 0x165c PEAUTH - ok
10:30:24.0940 0x165c [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:30:25.0064 0x165c PeerDistSvc - ok
10:30:25.0236 0x165c [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
10:30:25.0408 0x165c pla - ok
10:30:25.0454 0x165c [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:30:25.0517 0x165c PlugPlay - ok
10:30:25.0548 0x165c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:30:25.0579 0x165c PNRPAutoReg - ok
10:30:25.0610 0x165c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:30:25.0657 0x165c PNRPsvc - ok
10:30:25.0720 0x165c [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:30:25.0813 0x165c PolicyAgent - ok
10:30:25.0844 0x165c [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
10:30:25.0954 0x165c Power - ok
10:30:26.0000 0x165c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:30:26.0078 0x165c PptpMiniport - ok
10:30:26.0094 0x165c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
10:30:26.0141 0x165c Processor - ok
10:30:26.0203 0x165c [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:30:26.0281 0x165c ProfSvc - ok
10:30:26.0312 0x165c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:30:26.0359 0x165c ProtectedStorage - ok
10:30:26.0390 0x165c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:30:26.0468 0x165c Psched - ok
10:30:26.0578 0x165c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:30:26.0671 0x165c ql2300 - ok
10:30:26.0687 0x165c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:30:26.0718 0x165c ql40xx - ok
10:30:26.0765 0x165c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
10:30:26.0827 0x165c QWAVE - ok
10:30:26.0843 0x165c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:30:26.0890 0x165c QWAVEdrv - ok
10:30:26.0890 0x165c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:30:26.0968 0x165c RasAcd - ok
10:30:26.0999 0x165c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:30:27.0061 0x165c RasAgileVpn - ok
10:30:27.0092 0x165c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
10:30:27.0170 0x165c RasAuto - ok
10:30:27.0186 0x165c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:30:27.0264 0x165c Rasl2tp - ok
10:30:27.0311 0x165c [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
10:30:27.0389 0x165c RasMan - ok
10:30:27.0420 0x165c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:30:27.0482 0x165c RasPppoe - ok
10:30:27.0498 0x165c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:30:27.0560 0x165c RasSstp - ok
10:30:27.0592 0x165c [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:30:27.0670 0x165c rdbss - ok
10:30:27.0685 0x165c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:30:27.0732 0x165c rdpbus - ok
10:30:27.0732 0x165c [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:30:27.0810 0x165c RDPCDD - ok
10:30:27.0857 0x165c [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:30:27.0888 0x165c RDPDR - ok
10:30:27.0904 0x165c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:30:27.0982 0x165c RDPENCDD - ok
10:30:27.0997 0x165c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:30:28.0044 0x165c RDPREFMP - ok
10:30:28.0106 0x165c [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:30:28.0169 0x165c RdpVideoMiniport - ok
10:30:28.0216 0x165c [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:30:28.0294 0x165c RDPWD - ok
10:30:28.0340 0x165c [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:30:28.0372 0x165c rdyboost - ok
10:30:28.0403 0x165c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:30:28.0481 0x165c RemoteAccess - ok
10:30:28.0512 0x165c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:30:28.0590 0x165c RemoteRegistry - ok
10:30:28.0637 0x165c [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:30:28.0684 0x165c RFCOMM - ok
10:30:28.0730 0x165c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:30:28.0808 0x165c RpcEptMapper - ok
10:30:28.0840 0x165c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
10:30:28.0886 0x165c RpcLocator - ok
10:30:28.0964 0x165c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
10:30:29.0042 0x165c RpcSs - ok
10:30:29.0120 0x165c [ 4ADA96CDEDCA3CA8DD70F51575F6A7AF, 9BF86ACDC96B080A587D6C3C868F64CDD8FC1FE27CFDF5C72C076A2DC2111562 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
10:30:29.0167 0x165c RSPCIESTOR - ok
10:30:29.0230 0x165c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:30:29.0292 0x165c rspndr - ok
10:30:29.0354 0x165c [ 5283B9A27FF230F2FF70D92451FF409A, B8BAC70E1DE4485C79CA7B47D4DCFE0223CECEA8ED75CE4F128D47051F95FE5D ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
10:30:29.0401 0x165c RTL8167 - ok
10:30:29.0448 0x165c [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:30:29.0495 0x165c s3cap - ok
10:30:29.0510 0x165c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
10:30:29.0557 0x165c SamSs - ok
10:30:29.0604 0x165c [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:30:29.0635 0x165c sbp2port - ok
10:30:29.0666 0x165c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:30:29.0760 0x165c SCardSvr - ok
10:30:29.0760 0x165c [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:30:29.0838 0x165c scfilter - ok
10:30:29.0978 0x165c [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
10:30:30.0119 0x165c Schedule - ok
10:30:30.0150 0x165c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:30:30.0212 0x165c SCPolicySvc - ok
10:30:30.0228 0x165c [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:30:30.0290 0x165c SDRSVC - ok
10:30:30.0322 0x165c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:30:30.0384 0x165c secdrv - ok
10:30:30.0400 0x165c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
10:30:30.0493 0x165c seclogon - ok
10:30:30.0509 0x165c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
10:30:30.0587 0x165c SENS - ok
10:30:30.0618 0x165c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:30:30.0665 0x165c SensrSvc - ok
10:30:30.0680 0x165c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:30:30.0727 0x165c Serenum - ok
10:30:30.0743 0x165c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\drivers\serial.sys
10:30:30.0790 0x165c Serial - ok
10:30:30.0805 0x165c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:30:30.0852 0x165c sermouse - ok
10:30:30.0899 0x165c [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
10:30:30.0977 0x165c SessionEnv - ok
10:30:30.0977 0x165c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:30:31.0039 0x165c sffdisk - ok
10:30:31.0070 0x165c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:30:31.0117 0x165c sffp_mmc - ok
10:30:31.0117 0x165c [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:30:31.0164 0x165c sffp_sd - ok
10:30:31.0180 0x165c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:30:31.0226 0x165c sfloppy - ok
10:30:31.0304 0x165c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:30:31.0398 0x165c SharedAccess - ok
10:30:31.0445 0x165c [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:30:31.0538 0x165c ShellHWDetection - ok
10:30:31.0554 0x165c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:30:31.0585 0x165c sisagp - ok
10:30:31.0616 0x165c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:30:31.0648 0x165c SiSRaid2 - ok
10:30:31.0663 0x165c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:30:31.0694 0x165c SiSRaid4 - ok
10:30:31.0757 0x165c [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:30:31.0804 0x165c SkypeUpdate - ok
10:30:31.0835 0x165c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:30:31.0913 0x165c Smb - ok
10:30:31.0975 0x165c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:30:32.0038 0x165c SNMPTRAP - ok
10:30:32.0053 0x165c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
10:30:32.0084 0x165c spldr - ok
10:30:32.0147 0x165c [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
10:30:32.0209 0x165c Spooler - ok
10:30:32.0428 0x165c [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
10:30:32.0724 0x165c sppsvc - ok
10:30:32.0771 0x165c [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:30:32.0849 0x165c sppuinotify - ok
10:30:32.0911 0x165c [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:30:32.0989 0x165c srv - ok
10:30:33.0067 0x165c [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:30:33.0130 0x165c srv2 - ok
10:30:33.0161 0x165c [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:30:33.0208 0x165c srvnet - ok
10:30:33.0254 0x165c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:30:33.0332 0x165c SSDPSRV - ok
10:30:33.0379 0x165c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:30:33.0442 0x165c SstpSvc - ok
10:30:33.0473 0x165c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:30:33.0504 0x165c stexstor - ok
10:30:33.0566 0x165c [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
10:30:33.0644 0x165c StiSvc - ok
10:30:33.0676 0x165c [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:30:33.0707 0x165c storflt - ok
10:30:33.0738 0x165c [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
10:30:33.0785 0x165c StorSvc - ok
10:30:33.0800 0x165c [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:30:33.0832 0x165c storvsc - ok
10:30:33.0863 0x165c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:30:33.0894 0x165c swenum - ok
10:30:33.0941 0x165c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
10:30:34.0034 0x165c swprv - ok
10:30:34.0081 0x165c [ 6DD49E1A5FA0F01824652F1A0A8866FB, E8839AF50AAA06A51A24004D26562694286DF638C7F86AB8408E496A7FEE52A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:30:34.0112 0x165c SynTP - ok
10:30:34.0206 0x165c [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
10:30:34.0331 0x165c SysMain - ok
10:30:34.0362 0x165c [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
10:30:34.0424 0x165c TabletInputService - ok
10:30:34.0471 0x165c [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
10:30:34.0549 0x165c TapiSrv - ok
10:30:34.0565 0x165c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
10:30:34.0658 0x165c TBS - ok
10:30:34.0783 0x165c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:30:34.0861 0x165c Tcpip - ok
10:30:35.0002 0x165c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:30:35.0080 0x165c TCPIP6 - ok
10:30:35.0158 0x165c [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:30:35.0204 0x165c tcpipreg - ok
10:30:35.0236 0x165c [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:30:35.0282 0x165c TDPIPE - ok
10:30:35.0329 0x165c [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:30:35.0360 0x165c TDTCP - ok
10:30:35.0407 0x165c [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:30:35.0470 0x165c tdx - ok
10:30:36.0125 0x165c [ 37A33B6CA6CC370C1B269DDDCA716F06, 5A2A3D4FAD63ADB749252D7F85B2D813215834E0C8D9B84030D2AEAA9E967ABE ] TeamViewer C:\Program Files\TeamViewer\TeamViewer_Service.exe
10:30:36.0421 0x165c TeamViewer - ok
10:30:36.0515 0x165c [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:30:36.0546 0x165c TermDD - ok
10:30:36.0640 0x165c [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
10:30:36.0733 0x165c TermService - ok
10:30:36.0764 0x165c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
10:30:36.0811 0x165c Themes - ok
10:30:36.0842 0x165c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
10:30:36.0905 0x165c THREADORDER - ok
10:30:36.0952 0x165c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
10:30:37.0030 0x165c TrkWks - ok
10:30:37.0076 0x165c [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:30:37.0139 0x165c TrustedInstaller - ok
10:30:37.0201 0x165c [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:30:37.0232 0x165c tssecsrv - ok
10:30:37.0279 0x165c [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:30:37.0326 0x165c TsUsbFlt - ok
10:30:37.0357 0x165c [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:30:37.0404 0x165c TsUsbGD - ok
10:30:37.0466 0x165c [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:30:37.0529 0x165c tunnel - ok
10:30:37.0544 0x165c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:30:37.0576 0x165c uagp35 - ok
10:30:37.0591 0x165c [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:30:37.0685 0x165c udfs - ok
10:30:37.0716 0x165c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:30:37.0778 0x165c UI0Detect - ok
10:30:37.0810 0x165c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:30:37.0841 0x165c uliagpkx - ok
10:30:37.0856 0x165c [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:30:37.0903 0x165c umbus - ok
10:30:37.0919 0x165c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:30:37.0950 0x165c UmPass - ok
10:30:37.0981 0x165c [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
10:30:38.0044 0x165c UmRdpService - ok
10:30:38.0075 0x165c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
10:30:38.0168 0x165c upnphost - ok
10:30:38.0231 0x165c [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
10:30:38.0246 0x165c USBAAPL - detected UnsignedFile.Multi.Generic ( 1 )
10:30:40.0727 0x165c Detect skipped due to KSN trusted
10:30:40.0727 0x165c USBAAPL - ok
10:30:40.0789 0x165c [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:30:40.0852 0x165c usbccgp - ok
10:30:40.0898 0x165c [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:30:40.0945 0x165c usbcir - ok
10:30:41.0008 0x165c [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:30:41.0039 0x165c usbehci - ok
10:30:41.0086 0x165c [ 08369F1FDD7C0D4287373D253D64D75E, D937015F3E76F7018C7C943017A0528A9DC48F754342BCD55BD0FBBE98EDF3C2 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
10:30:41.0117 0x165c usbfilter - ok
10:30:41.0179 0x165c [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:30:41.0257 0x165c usbhub - ok
10:30:41.0304 0x165c [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:30:41.0351 0x165c usbohci - ok
10:30:41.0398 0x165c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:30:41.0444 0x165c usbprint - ok
10:30:41.0554 0x165c [ 007C0C8D5B01D82ACEB70431D15083F6, 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C ] usbser C:\Windows\system32\drivers\usbser.sys
10:30:41.0616 0x165c usbser - ok
10:30:41.0663 0x165c [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:30:41.0710 0x165c USBSTOR - ok
10:30:41.0772 0x165c [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:30:41.0819 0x165c usbuhci - ok
10:30:41.0866 0x165c [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:30:41.0912 0x165c usbvideo - ok
10:30:41.0944 0x165c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
10:30:42.0022 0x165c UxSms - ok
10:30:42.0053 0x165c [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
10:30:42.0084 0x165c VaultSvc - ok
10:30:42.0131 0x165c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:30:42.0162 0x165c vdrvroot - ok
10:30:42.0240 0x165c [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
10:30:42.0334 0x165c vds - ok
10:30:42.0349 0x165c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:30:42.0396 0x165c vga - ok
10:30:42.0396 0x165c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:30:42.0458 0x165c VgaSave - ok
10:30:42.0474 0x165c [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:30:42.0521 0x165c vhdmp - ok
10:30:42.0552 0x165c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:30:42.0583 0x165c viaagp - ok
10:30:42.0599 0x165c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:30:42.0646 0x165c ViaC7 - ok
10:30:42.0692 0x165c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
10:30:42.0708 0x165c viaide - ok
10:30:42.0770 0x165c [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:30:42.0802 0x165c vmbus - ok
10:30:42.0817 0x165c [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:30:42.0864 0x165c VMBusHID - ok
10:30:42.0895 0x165c [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:30:42.0926 0x165c volmgr - ok
10:30:42.0942 0x165c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:30:42.0989 0x165c volmgrx - ok
10:30:43.0020 0x165c [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:30:43.0067 0x165c volsnap - ok
10:30:43.0098 0x165c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:30:43.0129 0x165c vsmraid - ok
10:30:43.0223 0x165c [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
10:30:43.0379 0x165c VSS - ok
10:30:43.0410 0x165c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:30:43.0457 0x165c vwifibus - ok
10:30:43.0488 0x165c [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:30:43.0535 0x165c vwififlt - ok
10:30:43.0582 0x165c [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:30:43.0644 0x165c vwifimp - ok
10:30:43.0738 0x165c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
10:30:43.0831 0x165c W32Time - ok
10:30:43.0862 0x165c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:30:43.0909 0x165c WacomPen - ok
10:30:43.0940 0x165c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:30:44.0003 0x165c WANARP - ok
10:30:44.0018 0x165c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:30:44.0065 0x165c Wanarpv6 - ok
10:30:44.0159 0x165c [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
10:30:44.0284 0x165c wbengine - ok
10:30:44.0299 0x165c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:30:44.0362 0x165c WbioSrvc - ok
10:30:44.0440 0x165c [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:30:44.0502 0x165c wcncsvc - ok
10:30:44.0518 0x165c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:30:44.0564 0x165c WcsPlugInService - ok
10:30:44.0596 0x165c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
10:30:44.0627 0x165c Wd - ok
10:30:44.0689 0x165c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:30:44.0752 0x165c Wdf01000 - ok
10:30:44.0783 0x165c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:30:44.0845 0x165c WdiServiceHost - ok
10:30:44.0845 0x165c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:30:44.0892 0x165c WdiSystemHost - ok
10:30:44.0939 0x165c [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
10:30:45.0017 0x165c WebClient - ok
10:30:45.0032 0x165c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:30:45.0110 0x165c Wecsvc - ok
10:30:45.0142 0x165c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:30:45.0204 0x165c wercplsupport - ok
10:30:45.0251 0x165c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
10:30:45.0329 0x165c WerSvc - ok
10:30:45.0360 0x165c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:30:45.0422 0x165c WfpLwf - ok
10:30:45.0454 0x165c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:30:45.0485 0x165c WIMMount - ok
10:30:45.0578 0x165c [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:30:45.0766 0x165c WinDefend - ok
10:30:45.0781 0x165c WinHttpAutoProxySvc - ok
10:30:45.0906 0x165c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:30:45.0984 0x165c Winmgmt - ok
10:30:46.0093 0x165c [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
10:30:46.0234 0x165c WinRM - ok
10:30:46.0358 0x165c [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:30:46.0421 0x165c WinUsb - ok
10:30:46.0483 0x165c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:30:46.0608 0x165c Wlansvc - ok
10:30:46.0655 0x165c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:30:46.0702 0x165c WmiAcpi - ok
10:30:46.0748 0x165c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:30:46.0795 0x165c wmiApSrv - ok
10:30:46.0904 0x165c [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:30:47.0060 0x165c WMPNetworkSvc - ok
10:30:47.0092 0x165c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:30:47.0138 0x165c WPCSvc - ok
10:30:47.0154 0x165c [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:30:47.0201 0x165c WPDBusEnum - ok
10:30:47.0248 0x165c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:30:47.0326 0x165c ws2ifsl - ok
10:30:47.0341 0x165c [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
10:30:47.0388 0x165c wscsvc - ok
10:30:47.0404 0x165c WSearch - ok
10:30:47.0575 0x165c [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
10:30:47.0731 0x165c wuauserv - ok
10:30:47.0778 0x165c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:30:47.0825 0x165c WudfPf - ok
10:30:47.0950 0x165c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:30:48.0043 0x165c WUDFRd - ok
10:30:48.0090 0x165c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:30:48.0137 0x165c wudfsvc - ok
10:30:48.0215 0x165c [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
10:30:48.0277 0x165c WwanSvc - ok
10:30:48.0340 0x165c ================ Scan global ===============================
10:30:48.0371 0x165c [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
10:30:48.0418 0x165c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:30:48.0449 0x165c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:30:48.0511 0x165c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
10:30:48.0542 0x165c [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
10:30:48.0558 0x165c [ Global ] - ok
10:30:48.0574 0x165c ================ Scan MBR ==================================
10:30:48.0589 0x165c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:30:50.0555 0x165c \Device\Harddisk0\DR0 - ok
10:30:50.0555 0x165c ================ Scan VBR ==================================
10:30:50.0555 0x165c [ F44B47723F3A4A95E7A6424513E7685A ] \Device\Harddisk0\DR0\Partition1
10:30:50.0570 0x165c \Device\Harddisk0\DR0\Partition1 - ok
10:30:50.0570 0x165c [ 146518271D0C31A3E8948D49E8D1BCD0 ] \Device\Harddisk0\DR0\Partition2
10:30:50.0586 0x165c \Device\Harddisk0\DR0\Partition2 - ok
10:30:50.0586 0x165c ================ Scan generic autorun ======================
10:30:51.0054 0x165c [ 53239ADD6E16C0E38D649D1B3705AC73, 7AAC4469C1D7146A5563658655670C8723C0865D1011F9D72D14B75D9B33580B ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
10:30:51.0366 0x165c RTHDVCPL - ok
10:30:51.0553 0x165c [ F2A36C5B73B2CCBCE7F1FED7974E5A96, 04E07A512BCA30B66DDB63DA7D033A6386FB87DDA761B94A4FE18496F70929DF ] C:\Program Files\Bluetooth Suite\BtvStack.exe
10:30:51.0600 0x165c AtherosBtStack - detected UnsignedFile.Multi.Generic ( 1 )
10:31:01.0756 0x165c AtherosBtStack ( UnsignedFile.Multi.Generic ) - warning
10:31:01.0756 0x165c Force sending object to P2P due to detect: C:\Program Files\Bluetooth Suite\BtvStack.exe
10:31:06.0311 0x165c Object send P2P result: true
10:31:08.0932 0x165c [ 5F8F697C3F86FE943CC474CF57CD0BE0, 2B960B303A0A2B8CC516C10AB4EA7F6387F3648B0D89CADC363F374E8377D201 ] C:\Program Files\Bluetooth Suite\AthBtTray.exe
10:31:08.0978 0x165c AthBtTray - detected UnsignedFile.Multi.Generic ( 1 )
10:31:11.0443 0x165c Detect skipped due to KSN trusted
10:31:11.0443 0x165c AthBtTray - ok
10:31:11.0833 0x165c [ 94444693EA13A72F6820DFF844A1122E, DAB1D45F39CA196C6EF22F4E817C32558D87051B98FC525A07ABBAE1A52B59AB ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
10:31:11.0974 0x165c SynTPEnh - ok
10:31:12.0286 0x165c [ 629A67F63BEED0FB31D5EA2FDB545E8A, 99E4F7D1C1D8AA34DAA3B9121A86C82B0568B5E2D6FAF13BC811B4A3B0F3CF31 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe
10:31:12.0379 0x165c StartCCC - ok
10:31:12.0878 0x165c [ 695BE0A3D240FFF4B876D9289110634A, C4F4A2D0E09DCA92C74C805FB77C0710213CD9DD8B6D62499373F8E56B83C8A9 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
10:31:13.0175 0x165c AvastUI.exe - ok
10:31:13.0300 0x165c [ 9153F2335BCDB87F41559CF066223BF9, C0F89F9A63B1F49F007A971F5180128EC0AFBBBF7CFA82CA1FA44CB9DB5F8BB3 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
10:31:13.0346 0x165c SunJavaUpdateSched - ok
10:31:13.0440 0x165c [ B253230DA792A12F57A6C6DF6381648D, D32509D5B459D5E455249A78BC42302C3F1F3E175D16C5DFC061DCFF21843962 ] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
10:31:13.0487 0x165c AppEx Accelerator UI - ok
10:31:13.0736 0x165c [ 78E70968C04DE6C85541CF70F8CF4E78, 247480142CD098739FF5E68499911CB43E9215AC38328B6452D74FEC9F7BA0EA ] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
10:31:13.0939 0x165c HydraVisionDesktopManager - detected UnsignedFile.Multi.Generic ( 1 )
10:31:16.0482 0x165c Detect skipped due to KSN trusted
10:31:16.0482 0x165c HydraVisionDesktopManager - ok
10:31:17.0090 0x165c [ 9A1F3AEA8D61AA67D90F1B336C00984E, CE652BB13364BAA585340CD44E884F51BA314056B9E8221D34848C0B0C52F19A ] C:\Program Files\CCleaner\CCleaner.exe
10:31:17.0387 0x165c CCleaner Monitoring - ok
10:31:17.0402 0x165c Waiting for KSN requests completion. In queue: 6
10:31:18.0416 0x165c Waiting for KSN requests completion. In queue: 6
10:31:19.0430 0x165c Waiting for KSN requests completion. In queue: 6
10:31:20.0491 0x165c AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
10:31:20.0507 0x165c Win FW state via NFP2: enabled
10:31:23.0050 0x165c ============================================================
10:31:23.0050 0x165c Scan finished
10:31:23.0050 0x165c ============================================================
10:31:23.0065 0x17e4 Detected object count: 1
10:31:23.0065 0x17e4 Actual detected object count: 1
10:34:10.0734 0x17e4 AtherosBtStack ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:10.0734 0x17e4 AtherosBtStack ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.04.2015, 18:17
| #8 |
| /// the machine /// TB-Ausbilder | Unzählige Abstürze, Win7 sehr instabil und langsam hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.04.2015, 22:04
| #9 |
| | Unzählige Abstürze, Win7 sehr instabil und langsam Hallo Schrauber, hier die Combofix-Log Combofix Logfile: Code:
ATTFilter ComboFix 15-04-09.01 - xxx 11.04.2015 22:42:29.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3579.2636 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-03-11 bis 2015-04-11 ))))))))))))))))))))))))))))))
.
.
2015-04-11 08:12 . 2015-04-11 08:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-11 08:12 . 2015-04-11 08:12 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-11 08:11 . 2015-04-11 08:11 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-16 12:37 . 2015-02-16 12:40 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-16 11:53 . 2015-02-16 11:52 73480 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-02-16 11:53 . 2015-02-16 11:52 787800 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-02-16 11:53 . 2015-02-16 11:52 423784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-02-16 11:52 . 2015-02-16 11:52 91496 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-02-16 11:52 . 2015-02-16 11:52 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-16 11:52 . 2015-02-16 11:52 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-16 11:52 . 2015-02-16 11:52 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-16 11:52 . 2015-02-16 11:52 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-02-16 11:52 . 2015-02-16 11:52 43152 ----a-w- c:\windows\avastSS.scr
2014-10-20 11:25 . 2014-10-20 11:24 50063360 ----a-w- c:\program files\GUT6123.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-16 11:52 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppEx Accelerator UI"="c:\program files\AMD Quick Stream\AMDQuickStream.exe" [2014-03-31 370912]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-17 1967616]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-01-20 5496600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2011-09-15 6253160]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-01 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-01 302240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-04-17 748256]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-18 5227648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 10:20 30877280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-02-16 91496]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 gnvgvkgd;gnvgvkgd;c:\windows\system32\drivers\ngiodriver_x86 [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 66688]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 33408]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-02-16 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-02-16 423784]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-18 87968]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-04-18 208896]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-04-17 276992]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys [2014-03-28 184032]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-02-16 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-02-16 73480]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-12-19 77824]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 24736]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 242336]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 27632]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 37504]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gnvgvkgd]
"ImagePath"="\??\c:\windows\system32\drivers\ngiodriver_x86"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-04-11 23:02:40
ComboFix-quarantined-files.txt 2015-04-11 21:02
ComboFix2.txt 2015-02-16 12:26
ComboFix3.txt 2014-05-14 07:37
ComboFix4.txt 2013-06-06 08:28
.
Vor Suchlauf: 12 Verzeichnis(se), 280.334.675.968 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 279.922.589.696 Bytes frei
.
- - End Of File - - 7E4DC3C375DDBCD3E68EC3A6BD2A7338
A36C5E4F47E84449FF07ED3517B43A31 [/code] |
|
12.04.2015, 08:03
| #10 |
| /// the machine /// TB-Ausbilder | Unzählige Abstürze, Win7 sehr instabil und langsam Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.04.2015, 19:18
| #11 | |
| | Unzählige Abstürze, Win7 sehr instabil und langsam Hallo Schrauber Das Problem scheint schlimmer geworden zu sein. Zunächst konnte ich keine der Programme downloaden. Beim Versuch die Programme zu installieren, kam immer die Meldung Quellcode beschädigt. Dieses Problem habe ich gelöst, in dem ich die Programme an einem anderen Laptop heruntergeladen habe. Beim ersten Scanversuch mit Malwarebytes Anti Malware komme ich bis zum Punkt Speicher durchsuchen. Hier erscheint die folgende Fehlermeldung Zitat:
Vielen Dank im Voraus Grüße |
|
13.04.2015, 09:47
| #12 |
| /// the machine /// TB-Ausbilder | Unzählige Abstürze, Win7 sehr instabil und langsam Mach mal bitte folgendes von Aussen: Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.04.2015, 10:29
| #13 |
| | Unzählige Abstürze, Win7 sehr instabil und langsam Hallo Schrauber, Hier die von dir gewünscht FRST-Log nach der o.g. Anleitung. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by SYSTEM on MININT-JQEN539 on 13-04-2015 11:22:47 Running from f:\ Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6253160 2011-09-15] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-04-17] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-11] (Avast Software s.r.o.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKLM\...\Run: [HPOSD] => C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.) HKU\xxx\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [370912 2014-03-31] (AppEx Networks Corporation) HKU\xxx\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD) HKU\xxx\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd) ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-04-17] (Advanced Micro Devices, Inc.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-11] (Avast Software s.r.o.) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-04-11] (Avast Software) S2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66688 2011-04-16] (Advanced Micro Devices) S0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [33408 2011-04-16] (Advanced Micro Devices) S2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [184032 2014-03-28] (AppEx Networks Corporation) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-11] () S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-11] (Avast Software s.r.o.) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-11] (Avast Software s.r.o.) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49904 2015-04-11] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-11] (Avast Software s.r.o.) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-11] (Avast Software s.r.o.) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-11] (Avast Software s.r.o.) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208024 2015-04-11] () S3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.) S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-04-11] (Avast Software) S3 amdiox86; system32\DRIVERS\amdiox86.sys [X] S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X] S3 BtFilter; system32\DRIVERS\btfilter.sys [X] S3 catchme; \??\C:\Users\xxx\AppData\Local\Temp\catchme.sys [X] S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 gnvgvkgd; \??\C:\Windows\system32\drivers\ngiodriver_x86 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-13 10:07 - 2015-04-13 10:07 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2015-04-13 10:01 - 2015-04-13 10:07 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2015-04-13 10:00 - 2015-04-13 10:00 - 00000000 ____D () C:\HP 2015-04-13 10:00 - 2015-04-13 09:58 - 07495808 _____ (Hewlett-Packard Company ) C:\Users\xxx\Desktop\sp57398.exe 2015-04-13 10:00 - 2015-04-13 09:56 - 01504816 _____ (Hewlett-Packard Company ) C:\Users\xxx\Desktop\sp52956.exe 2015-04-13 09:42 - 2015-04-13 09:42 - 00000000 ____D () C:\Windows\System32\vbox 2015-04-12 19:10 - 2015-04-12 19:10 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-12 19:09 - 2015-04-12 19:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-04-12 19:09 - 2015-04-12 19:05 - 02686959 _____ (Thisisu) C:\Users\xxx\Downloads\JRT.exe 2015-04-12 19:09 - 2015-04-12 19:04 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.1.4.1018.exe 2015-04-12 19:09 - 2015-04-12 19:04 - 02217984 _____ () C:\Users\xxx\Downloads\AdwCleaner_4.201.exe 2015-04-12 19:09 - 2015-03-17 05:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2015-04-12 19:09 - 2015-03-17 05:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2015-04-12 18:33 - 2015-04-12 18:33 - 00000000 ____D () C:\Program Files\Common Files\Atheros 2015-04-12 18:06 - 2015-04-11 22:07 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\System32\aswBoot.exe 2015-04-11 22:09 - 2015-04-13 09:26 - 00002468 _____ () C:\Windows\PFRO.log 2015-04-11 22:07 - 2015-04-11 22:07 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-04-11 22:02 - 2015-04-11 22:02 - 00007660 _____ () C:\ComboFix.txt 2015-04-11 21:36 - 2015-04-11 21:34 - 05617275 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe 2015-04-11 21:34 - 2015-04-11 21:34 - 05617275 _____ (Swearware) C:\Users\xxx\Downloads\ComboFix.exe 2015-04-11 09:35 - 2015-04-11 09:35 - 00101546 _____ () C:\Users\xxx\Desktop\tdsskiller.txt 2015-04-11 09:27 - 2015-04-11 09:28 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\xxx\Downloads\tdsskiller.exe 2015-04-11 09:12 - 2015-04-12 19:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2015-04-11 09:12 - 2015-04-11 09:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-04-11 09:11 - 2015-03-17 05:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2015-04-11 09:09 - 2015-04-11 09:23 - 00000000 ____D () C:\Users\xxx\Desktop\mbar 2015-04-11 09:05 - 2015-04-11 09:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\xxx\Downloads\mbar-1.09.1.1004.exe 2015-04-07 18:48 - 2015-04-07 18:49 - 00017799 _____ () C:\Users\xxx\Downloads\Addition.txt 2015-04-07 18:47 - 2015-04-07 18:49 - 00013668 _____ () C:\Users\xxx\Downloads\FRST.txt 2015-04-07 18:46 - 2015-04-07 18:46 - 01135104 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe 2015-04-07 18:31 - 2015-04-13 09:50 - 00001495 _____ () C:\Windows\setupact.log 2015-04-07 18:31 - 2015-04-07 18:31 - 301823138 _____ () C:\Windows\MEMORY.DMP 2015-04-07 18:31 - 2015-04-07 18:31 - 00574624 _____ () C:\Windows\Minidump\040715-23634-01.dmp 2015-04-07 18:31 - 2015-04-07 18:31 - 00000000 _____ () C:\Windows\setuperr.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-13 11:22 - 2014-05-12 08:50 - 00000000 ____D () C:\FRST 2015-04-13 10:12 - 2012-05-10 18:50 - 01945677 _____ () C:\Windows\WindowsUpdate.log 2015-04-13 09:57 - 2009-07-14 05:34 - 00031280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-13 09:57 - 2009-07-14 05:34 - 00031280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-12 19:10 - 2010-11-20 22:01 - 01619700 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-04-12 18:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\NDF 2015-04-12 18:44 - 2012-07-22 10:37 - 00000000 ____D () C:\Users\xxx\AppData\Local\CrashDumps 2015-04-12 18:07 - 2015-02-16 12:53 - 00001963 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-04-11 22:07 - 2015-02-16 12:52 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSnx.sys 2015-04-11 22:07 - 2015-02-16 12:52 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSP.sys 2015-04-11 22:07 - 2015-02-16 12:52 - 00208024 _____ () C:\Windows\System32\Drivers\aswVmm.sys 2015-04-11 22:07 - 2015-02-16 12:52 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswStm.sys 2015-04-11 22:07 - 2015-02-16 12:52 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswRdr2.sys 2015-04-11 22:07 - 2015-02-16 12:52 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswMonFlt.sys 2015-04-11 22:07 - 2015-02-16 12:52 - 00049904 _____ () C:\Windows\System32\Drivers\aswRvrt.sys 2015-04-11 22:07 - 2015-02-16 12:52 - 00024144 _____ () C:\Windows\System32\Drivers\aswHwid.sys 2015-04-11 22:02 - 2013-06-06 09:09 - 00000000 ____D () C:\Qoobox 2015-04-11 21:58 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-04-11 09:12 - 2014-05-15 14:35 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-07 18:31 - 2014-11-29 10:25 - 00000000 ____D () C:\Windows\Minidump 2015-04-07 18:31 - 2012-05-10 21:02 - 00000000 ____D () C:\users\xxx ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2015-01-06 16:08:06 Restore point made on: 2015-01-09 12:27:28 Restore point made on: 2015-01-25 16:17:47 Restore point made on: 2015-02-16 12:21:53 Restore point made on: 2015-02-16 12:30:00 Restore point made on: 2015-02-16 12:35:22 Restore point made on: 2015-02-16 12:51:17 Restore point made on: 2015-02-16 13:39:48 Restore point made on: 2015-03-18 16:52:27 Restore point made on: 2015-04-07 18:29:02 Restore point made on: 2015-04-07 18:51:47 Restore point made on: 2015-04-11 09:33:21 Restore point made on: 2015-04-11 21:38:41 Restore point made on: 2015-04-11 22:05:34 Restore point made on: 2015-04-11 22:10:56 Restore point made on: 2015-04-12 18:04:30 Restore point made on: 2015-04-12 18:22:02 Restore point made on: 2015-04-12 18:24:03 Restore point made on: 2015-04-12 18:32:03 Restore point made on: 2015-04-13 09:43:12 Restore point made on: 2015-04-13 10:00:58 Restore point made on: 2015-04-13 10:07:17 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 3690.91 MB Available physical RAM: 3193.05 MB Total Pagefile: 3689.19 MB Available Pagefile: 3186.09 MB Total Virtual: 2047.88 MB Available Virtual: 1960.02 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:256.51 GB) NTFS Drive e: (GSP1RMCPRFRER_DE_DVD) (CDROM) (Total:2.34 GB) (Free:0 GB) UDF Drive f: () (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B03E7563) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 3.7 GB) (Disk ID: 6E652072) No partition Table on disk 1. LastRegBack: 2015-03-18 18:38 ==================== End Of Log ============================ |
|
13.04.2015, 15:45
| #14 |
| /// the machine /// TB-Ausbilder | Unzählige Abstürze, Win7 sehr instabil und langsam Windows Defender abschalten. Nochmal einen Download testen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.04.2015, 17:44
| #15 |
| | Unzählige Abstürze, Win7 sehr instabil und langsam Wahnsinn, durch das Deaktivieren des Windows Defenders hat es geklappt. Hier die Logs: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.04.2015 Suchlauf-Zeit: 17:15:45 Logdatei: malwarebytes_log.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.13.05 Rootkit Datenbank: v2015.03.31.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: xxx Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 333415 Verstrichene Zeit: 25 Min, 27 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 13/04/2015 um 17:54:57
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : xxx - xxx-PC
# Gestarted von : C:\Users\xxx\Downloads\AdwCleaner_4.201.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\foxydeal.sqlite
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
*************************
AdwCleaner[R0].txt - [1438 Bytes] - [15/05/2014 16:02:13]
AdwCleaner[R1].txt - [1133 Bytes] - [13/04/2015 17:52:00]
AdwCleaner[S0].txt - [1499 Bytes] - [15/05/2014 16:03:50]
AdwCleaner[S1].txt - [1054 Bytes] - [13/04/2015 17:54:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1113 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.4 (04.13.2015:1)
OS: Windows 7 Professional x86
Ran by xxx on 13.04.2015 at 18:28:25,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\n5mi6n41.default\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.04.2015 at 18:33:33,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
Ran by xxx (administrator) on xxx-PC on 13-04-2015 18:43:02
Running from C:\Users\xxx\Downloads
Loaded Profiles: xxx (Available profiles: xxx)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6253160 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-11] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [HPOSD] => C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\86af064e-4ba0-443d-ba9a-d8dc64937b55.exe [183232 2015-04-13] (AVAST Software)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [370912 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-905575457-879607011-4093534939-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-11] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-16] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-16] (Oracle Corporation)
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\searchplugins\suche.xml [2014-01-26]
FF Extension: WOT - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-15]
FF Extension: ProxTube - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\Extensions\ich@maltegoetz.de.xpi [2014-09-30]
FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-16]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-11] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-04-11] (Avast Software)
S2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66688 2011-04-16] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [33408 2011-04-16] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [184032 2014-03-28] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-11] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-11] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-11] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-11] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-11] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-11] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-04-11] (Avast Software)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 catchme; \??\C:\Users\xxx\AppData\Local\Temp\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 gnvgvkgd; \??\C:\Windows\system32\drivers\ngiodriver_x86 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-13 18:42 - 2015-04-13 18:42 - 01135616 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe
2015-04-13 18:41 - 2015-04-13 18:42 - 00000000 ____D () C:\Users\xxx\Downloads\FRST-OlderVersion
2015-04-13 18:33 - 2015-04-13 18:33 - 00000759 _____ () C:\Users\xxx\Desktop\JRT.txt
2015-04-13 18:28 - 2015-04-13 18:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-xxx-PC-Windows-7-Professional-(32-bit).dat
2015-04-13 18:28 - 2015-04-13 18:28 - 00000000 ____D () C:\RegBackup
2015-04-13 18:00 - 2015-04-13 17:58 - 02687136 _____ (Thisisu) C:\Users\xxx\Desktop\JRT_NEW.exe
2015-04-13 18:00 - 2015-04-11 23:07 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswC3DE.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswC5D6.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-13 18:00 - 2015-04-11 23:07 - 00208024 _____ () C:\Windows\system32\Drivers\aswC673.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswC6C2.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswC4D8.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswC528.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00049904 _____ () C:\Windows\system32\Drivers\aswC568.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00024144 _____ () C:\Windows\system32\Drivers\aswC4F9.tmp
2015-04-13 17:50 - 2015-04-13 17:50 - 00001212 _____ () C:\Users\xxx\Desktop\mbam.txt
2015-04-13 11:07 - 2015-04-13 11:07 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-04-13 11:01 - 2015-04-13 17:11 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-04-13 11:00 - 2015-04-13 11:00 - 00000000 ____D () C:\HP
2015-04-13 11:00 - 2015-04-13 10:58 - 07495808 _____ (Hewlett-Packard Company ) C:\Users\xxx\Desktop\sp57398.exe
2015-04-13 11:00 - 2015-04-13 10:56 - 01504816 _____ (Hewlett-Packard Company ) C:\Users\xxx\Desktop\sp52956.exe
2015-04-13 10:42 - 2015-04-13 10:42 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-12 20:10 - 2015-04-12 20:10 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-12 20:10 - 2015-04-12 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-12 20:09 - 2015-04-12 20:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-04-12 20:09 - 2015-04-12 20:05 - 02686959 _____ (Thisisu) C:\Users\xxx\Downloads\JRT.exe
2015-04-12 20:09 - 2015-04-12 20:04 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-12 20:09 - 2015-04-12 20:04 - 02217984 _____ () C:\Users\xxx\Downloads\AdwCleaner_4.201.exe
2015-04-12 20:09 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-12 20:09 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 19:33 - 2015-04-12 19:33 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2015-04-11 23:09 - 2015-04-13 10:26 - 00002468 _____ () C:\Windows\PFRO.log
2015-04-11 23:07 - 2015-04-11 23:07 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-11 23:02 - 2015-04-11 23:02 - 00007660 _____ () C:\ComboFix.txt
2015-04-11 22:36 - 2015-04-11 22:34 - 05617275 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2015-04-11 22:34 - 2015-04-11 22:34 - 05617275 _____ (Swearware) C:\Users\xxx\Downloads\ComboFix.exe
2015-04-11 10:35 - 2015-04-11 10:35 - 00101546 _____ () C:\Users\xxx\Desktop\tdsskiller.txt
2015-04-11 10:27 - 2015-04-11 10:28 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\xxx\Downloads\tdsskiller.exe
2015-04-11 10:12 - 2015-04-13 17:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 10:12 - 2015-04-11 10:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-11 10:11 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 10:09 - 2015-04-11 10:23 - 00000000 ____D () C:\Users\xxx\Desktop\mbar
2015-04-11 10:05 - 2015-04-11 10:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\xxx\Downloads\mbar-1.09.1.1004.exe
2015-04-07 19:48 - 2015-04-07 19:49 - 00017799 _____ () C:\Users\xxx\Downloads\Addition.txt
2015-04-07 19:47 - 2015-04-13 18:43 - 00010278 _____ () C:\Users\xxx\Downloads\FRST.txt
2015-04-07 19:31 - 2015-04-13 17:56 - 00001663 _____ () C:\Windows\setupact.log
2015-04-07 19:31 - 2015-04-07 19:31 - 301823138 _____ () C:\Windows\MEMORY.DMP
2015-04-07 19:31 - 2015-04-07 19:31 - 00574624 _____ () C:\Windows\Minidump\040715-23634-01.dmp
2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 _____ () C:\Windows\setuperr.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-13 18:43 - 2014-05-12 09:50 - 00000000 ____D () C:\FRST
2015-04-13 18:04 - 2009-07-14 06:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 18:04 - 2009-07-14 06:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 18:01 - 2015-02-16 13:53 - 00001963 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-13 18:00 - 2012-05-10 19:50 - 01962881 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 17:56 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 17:55 - 2014-05-15 16:02 - 00000000 ____D () C:\AdwCleaner
2015-04-12 20:10 - 2010-11-20 23:01 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 19:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-12 19:44 - 2012-07-22 11:37 - 00000000 ____D () C:\Users\xxx\AppData\Local\CrashDumps
2015-04-12 19:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-11 23:07 - 2015-02-16 13:52 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-11 23:02 - 2013-06-06 10:09 - 00000000 ____D () C:\Qoobox
2015-04-11 22:58 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-04-11 10:12 - 2014-05-15 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-07 19:31 - 2014-11-29 11:25 - 00000000 ____D () C:\Windows\Minidump
2015-04-07 19:31 - 2012-05-10 22:02 - 00000000 ____D () C:\Users\xxx
==================== Files in the root of some directories =======
2014-10-20 13:24 - 2014-10-20 13:25 - 50063360 _____ () C:\Program Files\GUT6123.tmp
Some content of TEMP:
====================
C:\Users\xxx\AppData\Local\Temp\Quarantine.exe
C:\Users\xxx\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-18 19:38
==================== End Of Log ============================
|
|
| Themen zu Unzählige Abstürze, Win7 sehr instabil und langsam |
| absturz, abstürze, andauernd, bluescreen, dauernd, einiger, firefox, freue, insbesondere, instabil, kryptische, langsam, laptop, leute, log, profis, schwerwiegendes, stabil, stürzen, system, weiterhelfen, win, win7, würde, ziemlich |
Linear-Darstellung
