| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie ProgrammstartsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.09.2015, 07:23
| #1 |
 |  PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts Guten Tag, liebe Leserinnen und Leser meines Beitrags, mein Pc läuft seit 2 Tagen extrem zeitverzögert. Bis ein Buchstabe auf dem Bildschirm erscheint z.B.. Auch bis ein Programm sich öffnet. Selbst ein Bild mit der Windows Fotoanzeige dauert ewig bis es angezeigt wird. Ich arbeite (beruflich) mit dem Gerät und nutze Firefox und GIMP täglich, dauerhaft und brauche auch diese Programme dringendst. Sowieso das vollständige Gerät. Bisherige Maßnahmen Deinstallation und Neuinstallation vom Firefox & Gimp mittels Revo Unsinstaller. Mehrere Neustarts. Hinweis
Mein System Windows 7 - Servicepack 1 Arbeitsspeicher 4 GB Intel Core(TM)2Duo 2.93 2.94 GHz 32-Bit Betriebssystem Es grüßt zunächst freundlichst und mit bestem Dank - sandsonne |
|
29.09.2015, 07:46
| #2 |
| /// the machine /// TB-Ausbilder    | PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
29.09.2015, 08:46
| #3 |
| | PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts Guten Morgen, Schrauber,
__________________besten Dank für Deine Rückantwort & Deine Unterstützung. (Anmerkung: Sowie Mozilla & GIMP aus sind, läüft der PC normal. So mein Empfinden). Hier wie erforderlich nun (1. Code = .FRST, 2. Code = Addition): Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01
durchgeführt von Kerstin (Administrator) auf USER1011-PC (29-09-2015 09:31:16)
Gestartet von C:\Users\Kerstin\Desktop
Geladene Profile: Kerstin & Neu & Administrator (Verfügbare Profile: Kerstin & Neu & Administrator)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [283136 2007-02-02] (AVM Berlin)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3467251772-538213018-3341465458-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3467251772-538213018-3341465458-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3467251772-538213018-3341465458-500\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-07-16] (Microsoft Corporation)
Startup: C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012-02-27]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3985DA94-27D0-4D62-8009-BF93BA039368}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6D0BAA29-3C55-4EC8-A4E3-585A4E4C8094}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8CF1F149-7B5F-49D9-9538-7B53BCC6F86C}: [DhcpNameServer] 192.168.162.250
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3467251772-538213018-3341465458-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goolge.de/
HKU\S-1-5-21-3467251772-538213018-3341465458-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3467251772-538213018-3341465458-1008\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3467251772-538213018-3341465458-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3467251772-538213018-3341465458-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3467251772-538213018-3341465458-1001 -> {AFF5BEFB-01AB-4CF5-9CB1-6B3AF075A3F7} URL = hxxp://www.ant.com/search?s=browser&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-3467251772-538213018-3341465458-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\d47kip6p.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2015-06-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2015-06-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Extension: Firebug - C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\d47kip6p.default\Extensions\firebug@software.joehewitt.com.xpi [2015-09-29]
Chrome:
=======
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]
CHR Extension: (Google Drive) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
CHR Extension: (YouTube) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]
CHR Extension: (Google Search) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]
CHR Extension: (Kein Name) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR Extension: (Gmail) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Kerstin\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-07-26]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1148688 2015-09-24] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2009-02-28] (Firebird Project) [Datei ist nicht signiert]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2732032 2009-02-28] (Firebird Project) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 MSSQL$EASYWINART; C:\Program Files\Microsoft SQL Server\MSSQL10_50.EASYWINART\MSSQL\Binn\sqlservr.exe [43130032 2015-03-30] (Microsoft Corporation)
S4 SQLAgent$EASYWINART; C:\Program Files\Microsoft SQL Server\MSSQL10_50.EASYWINART\MSSQL\Binn\SQLAGENT.EXE [381104 2015-03-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 fsssvc; "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [X]
S2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [55912 2015-09-24] (Avira Operations GmbH & Co. KG)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-12-07] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [250152 2015-03-30] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-09] (Avira Operations GmbH & Co. KG)
S3 catchme; \??\C:\Users\Kerstin\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:27-09-2015 01
durchgeführt von Kerstin (2015-09-29 09:45:00)
Gestartet von C:\Users\Kerstin\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2011-09-17 13:57:19)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3467251772-538213018-3341465458-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-3467251772-538213018-3341465458-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3467251772-538213018-3341465458-1003 - Limited - Enabled)
Kerstin (S-1-5-21-3467251772-538213018-3341465458-1001 - Administrator - Enabled) => C:\Users\Kerstin
Neu (S-1-5-21-3467251772-538213018-3341465458-1008 - Administrator - Enabled) => C:\Users\Neu
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.13.202 - Avira Operations GmbH & Co. KG)
Brother Driver Deployment Wizard (HKLM\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Exif Tag Remover 2.0 (HKLM\...\Exif Tag Remover_is1) (Version: - RL Vision)
FileZilla Client 3.14.0 (HKLM\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)
Firebird 2.1.2.18118 (Win32) (HKLM\...\FBDBServer_2_1_is1) (Version: 2.1.2.18118 - Firebird Project)
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GDR 4033 für SQL Server 2008 R2 (KB2977320) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
GDR 4042 für SQL Server 2008 R2 (KB3045313) (HKLM\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MAGIX Video easy HD (HKLM\...\MX.{D2FFFDA5-07AB-416F-8F1B-74BE4CC876F1}) (Version: 5.0.3.106 - MAGIX Software GmbH)
MAGIX Video easy HD (Version: 5.0.3.106 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3467251772-538213018-3341465458-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3467251772-538213018-3341465458-1008\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Connector für soziale Netzerker 32-Bit (HKLM\...\{95140000-004E-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{8E0BF061-4331-4459-BB6C-C20F237B53DB}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{EFECC55D-7B0A-4D05-8487-CC2FD7C618A3}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0 (x86 de) (HKLM\...\Mozilla Firefox 41.0 (x86 de)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
Mp3tag v2.55a (HKLM\...\Mp3tag) (Version: v2.55a - Florian Heidenreich)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Norton Internet Security (Version: 18.1.0.37 - Symantec Corporation) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 6.4.1 - Notepad++ Team)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3467251772-538213018-3341465458-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
XING Outlook Connector (HKLM\...\{3B8AF990-AE63-481C-BC4B-8BB8D7A93B80}) (Version: 2.2.0 - XING)
XMedia Recode Version 3.2.5.2 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.5.2 - XMedia Recode)
XNResourceEditor 3.0.0.1 (HKLM\...\XN Resource Editor_is1) (Version: - Colin Wilson)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3467251772-538213018-3341465458-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-3467251772-538213018-3341465458-1001_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-3467251772-538213018-3341465458-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-3467251772-538213018-3341465458-1001_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-3467251772-538213018-3341465458-1001_Classes\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1}\InprocServer32 -> C:\Users\Kerstin\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3467251772-538213018-3341465458-1001_Classes\CLSID\{4955DD33-B159-11D0-8FCF-00AA006BCC59}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-3467251772-538213018-3341465458-1001_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-3467251772-538213018-3341465458-1001_Classes\CLSID\{9000834c-c6c7-43ac-b8ee-dc9668f39a81}\localserver32 -> C:\Users\Kerstin\AppData\Local\Temp\{91814ec0-b5f0-11d2-80b9-00104b1f6cea}\IDriver.NonElevated.exe = (Der Dateneintrag hat 13 mehr Zeichen).
CustomCLSID: HKU\S-1-5-21-3467251772-538213018-3341465458-1001_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-3467251772-538213018-3341465458-1001_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-3467251772-538213018-3341465458-1001_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-3467251772-538213018-3341465458-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> kein Dateipfad
==================== Wiederherstellungspunkte =========================
21-09-2015 18:56:52 Windows Update
22-09-2015 18:45:05 Windows Update
23-09-2015 19:04:50 Windows Update
24-09-2015 19:34:11 Windows Update
25-09-2015 19:37:52 Windows Update
26-09-2015 17:19:35 Windows Update
27-09-2015 20:19:39 Windows Update
28-09-2015 12:41:47 Windows Update
28-09-2015 17:08:02 Revo Uninstaller's restore point - Passbild-Generator v4.0b
28-09-2015 19:49:36 Revo Uninstaller's restore point - GIMP 2.8.4
28-09-2015 20:27:57 Revo Uninstaller's restore point - Mozilla Maintenance Service
28-09-2015 20:35:30 Revo Uninstaller's restore point - Mozilla Firefox 40.0.3 (x86 de)
28-09-2015 20:38:06 Windows Update
29-09-2015 05:49:43 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:04 - 2014-08-26 14:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {00D11FE9-0681-45E9-8D43-964863C7B5AD} - System32\Tasks\{5284A358-1EF2-4615-A5EE-EB927A7B4B33} => pcalua.exe -a C:\Users\Kerstin\Downloads\bhg3setup.exe -d C:\Users\Kerstin\Downloads
Task: {053C1ED7-2B23-4CF4-94FC-C2CF7D0DFE1D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {0773E3BD-6045-4764-9264-EBF7F5649F71} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {0DDDF5FA-D6FD-4F02-B36D-98625D86A430} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {0F0774B4-461C-42DE-BA76-FB657DC6DDD9} - System32\Tasks\{0792D3B6-C6F3-4A02-9DF3-E1A039D00863} => pcalua.exe -a C:\Users\Neu\Downloads\wlsetup-web.exe -d C:\Users\Neu\Downloads
Task: {1748F076-4EE1-475F-BAE9-48A9070D214F} - System32\Tasks\xingoscupdate => C:\Program Files\XING\XING Outlook Connector\xingoscupdate.exe [2014-01-08] (XING)
Task: {1AFD32CC-E0EE-4337-BE4B-5DE195A6857A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {4E01776C-30F4-4803-B09F-BED5962006D0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {5BE3F8CC-8694-4EE8-9411-E8B7EF781F08} - System32\Tasks\AsLiftRightsForClient_SessionSessionId1 => C:\Users\Kerstin\AppData\Local\pcvisit Software AG\caloa\pcvisit.Support.guest.15\release\15.0.6.7994\client.exe [2015-07-24] (pcvisit Software ag)
Task: {73123641-4A21-4393-9029-7953718DC3E9} - System32\Tasks\{D02A5A95-4EE6-42C8-973A-1A4A0B130E23} => pcalua.exe -a C:\Users\Kerstin\Downloads\wlsetup-all_16.4.3508.0205.exe -d C:\Users\Kerstin\Downloads
Task: {841670A2-4D78-4219-AA0A-068BC4545C3A} - System32\Tasks\{6D9489CD-0420-4E92-9F32-01421B7AB77A} => pcalua.exe -a C:\Users\Kerstin\Desktop\mflpro\Setup250c\Setup.exe -d C:\Users\Kerstin\Desktop\mflpro\Setup250c
Task: {8806CE8D-40A8-4496-808A-6011FEF64F8C} - \plushd8.1-validator -> Keine Datei <==== ACHTUNG
Task: {8CD85600-104D-475B-B8C8-B8546D32EDFD} - System32\Tasks\Xing Social Recommendations => C:\Program Files\XING\XING Outlook Connector\XingSocial.exe [2014-01-08] (XING AG)
Task: {A08280CD-AF90-472A-AD2B-5F9614619E6F} - System32\Tasks\{D3E091A9-A176-4BEF-B45D-C9F0F5F334D9} => pcalua.exe -a C:\Users\Kerstin\Downloads\mflpro_c1\Data\Disk1\setup.exe -d C:\Users\Kerstin\Downloads\mflpro_c1\Data\Disk1
Task: {A8D51753-05BB-4ADF-A882-E2656E7C783D} - System32\Tasks\{5FBEBC22-8D58-4059-91EF-5422E07249D7} => pcalua.exe -a C:\Users\Kerstin\Downloads\385-INST-WIN7-A.EXE -d "C:\Program Files\Mozilla Firefox"
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AsLiftRightsForClient_SessionSessionId1.job => C:\Users\Kerstin\AppData\Local\pcvisit Software AG\caloa\pcvisit.Support.guest.15\release\15.0.6.7994\client.exe.--StartMode AsLiftRightsForClient --session 1fC:\Users\Kerstin\AppData\Local\pcvisit Software AG\caloa\pcvisit.Support.gue
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2012-07-26 14:07 - 2010-06-17 21:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2015-09-16 14:15 - 2015-09-16 14:15 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2015-07-14 18:20 - 2015-07-14 18:20 - 00756376 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-09-03 15:53 - 2013-05-10 09:57 - 00305728 _____ () C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:18262EDA
AlternateDataStreams: C:\ProgramData\TEMP:66D2723C
AlternateDataStreams: C:\ProgramData\TEMP:6CC0D09A
AlternateDataStreams: C:\ProgramData\TEMP:F9CFE070
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3467251772-538213018-3341465458-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-3467251772-538213018-3341465458-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\Neu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3467251772-538213018-3341465458-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BA1A30BA-A4F6-480B-92D9-13B7F9CFDA5B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{62534D77-5BB9-4FFB-98C0-D6CBC8DEA1C8}] => (Allow) C:\Program Files\adawaretb\dtUser.exe
FirewallRules: [{68C76E5C-225A-4B9E-BA19-04B841C228B4}] => (Allow) C:\Program Files\adawaretb\dtUser.exe
FirewallRules: [TCP Query User{A6B5C6D8-42E4-483D-9C2E-5E4C58378C17}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{2C1E9631-BEDB-42BE-AE21-EA128D9DBCCA}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe
FirewallRules: [{96F8B9EF-EA8B-42C7-A278-72D41685CF11}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D88106F3-2CF1-40BE-BC51-A4E88AD9D26E}] => (Allow) C:\Program Files\Sage\GSOffice\GSOffice.exe
FirewallRules: [{FBF1CE24-93FE-4683-8B79-2AF380F702C2}] => (Allow) C:\Program Files\Sage\SageDB 5.0\bin\mysqld-nt.exe
FirewallRules: [{3F282D4C-218D-4AF6-A7E8-8CE7FEAC76CB}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{6E6F8376-E3DC-40ED-A401-D9EDA9DFFBB6}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{66FE531C-B96B-41F7-B3C6-FA3629D7DF87}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{9934577F-9D2A-4866-AECA-872E64E591A9}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{02FAD299-74B3-4E1C-A553-009FAB6E2602}] => (Allow) LPort=2869
FirewallRules: [{B88C031B-1ECF-4169-A146-B424C925D4C6}] => (Allow) LPort=1900
FirewallRules: [{521417F7-510F-48D8-BD7D-E2010B57C6F9}] => (Allow) C:\Users\Kerstin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{CE67E80A-EB7B-41D8-8CDA-477F6BC3B2B5}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{7EB2A801-E99D-46AD-8D17-041A4A86D07C}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{F659C6DC-0A02-416E-AE45-B0A52D72BB54}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{5AC9C8A7-0B75-44E0-91FC-5DD7307305BB}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{5828E98F-4E75-451A-93DB-A40E2CD56E34}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{118AFE0A-E26D-4439-BB8B-B37636C56B27}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{9F89D1DA-8D51-4B61-86F2-27DC37B700CE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{794A581A-0334-4442-8715-53BCF8760073}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{D51CACCA-94A5-4525-9EEA-83FBB83FA4E2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DC54490C-A2F2-4662-B9AF-26915F723EC2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{78C6873F-A060-4F6E-821B-1AEF7918C220}] => (Allow) LPort=612
FirewallRules: [TCP Query User{F3A0A1D9-25D4-4920-9CE4-5DAE9F09A8EE}C:\program files\sql anywhere 12\bin32\dbsrv12.exe] => (Allow) C:\program files\sql anywhere 12\bin32\dbsrv12.exe
FirewallRules: [UDP Query User{38653D45-E3BF-4815-BFBF-323CCB5E50A1}C:\program files\sql anywhere 12\bin32\dbsrv12.exe] => (Allow) C:\program files\sql anywhere 12\bin32\dbsrv12.exe
FirewallRules: [{ECC6689F-C2FF-45A5-BED3-AE89D11043F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{613A1B79-472B-4AD0-B656-C28931075F4C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/29/2015 05:34:33 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/29/2015 05:34:22 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/29/2015 05:33:48 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/28/2015 07:49:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {62c1d848-3893-4421-adfd-20229327f74f}
Error: (09/28/2015 06:57:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/28/2015 06:57:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/28/2015 06:56:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (09/28/2015 05:07:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {c4231c8d-7cb1-4996-acf5-52199530cfd4}
Error: (09/28/2015 12:41:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gimp-2.8.exe, Version 2.8.4.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f74
Startzeit: 01d0f9b5dfd23d25
Endzeit: 421
Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe
Berichts-ID: 58abd55e-65cd-11e5-a557-001f3f086e4a
Error: (09/27/2015 07:03:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Systemfehler:
=============
Error: (09/29/2015 06:54:58 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (09/29/2015 06:54:56 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (09/29/2015 05:56:08 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (09/29/2015 05:56:08 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (09/29/2015 05:56:08 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (09/29/2015 05:56:08 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (09/29/2015 05:50:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/29/2015 05:50:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/29/2015 05:50:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SQL Server (EASYWINART)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 05:50:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Firebird Server - DefaultInstance" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 3293.24 MB
Verfügbarer physikalischer RAM: 1672.73 MB
Summe virtueller Speicher: 6584.8 MB
Verfügbarer virtueller Speicher: 5006.26 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:360.33 GB) NTFS
Drive d: (14 Mai 2014) (CDROM) (Total:1.37 GB) (Free:1.15 GB) UDF
Drive e: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:455.35 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 069AB8B9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 797704B4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Ende vom Addition.txt ============================
|
|
29.09.2015, 19:15
| #4 |
| /// the machine /// TB-Ausbilder | PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.09.2015, 06:37
| #5 |
| | PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts Guten Morgen, Schrauber, vielen Dank für Deine Hilfe. Nachstehend nun beide Reports: 1. mbar Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.09.30.01
rootkit: v2015.09.22.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18015
Kerstin :: USER1011-PC [administrator]
30.09.2015 06:43:11
mbar-log-2015-09-30 (06-43-11).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 436551
Time elapsed: 34 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
2. TDSSKiller Code:
ATTFilter 07:33:29.0786 0x16e4 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
07:33:33.0790 0x16e4 ============================================================
07:33:33.0790 0x16e4 Current date / time: 2015/09/30 07:33:33.0790
07:33:33.0790 0x16e4 SystemInfo:
07:33:33.0790 0x16e4
07:33:33.0790 0x16e4 OS Version: 6.1.7601 ServicePack: 1.0
07:33:33.0790 0x16e4 Product type: Workstation
07:33:33.0790 0x16e4 ComputerName: USER1011-PC
07:33:33.0791 0x16e4 UserName: Kerstin
07:33:33.0791 0x16e4 Windows directory: C:\Windows
07:33:33.0791 0x16e4 System windows directory: C:\Windows
07:33:33.0791 0x16e4 Processor architecture: Intel x86
07:33:33.0791 0x16e4 Number of processors: 2
07:33:33.0791 0x16e4 Page size: 0x1000
07:33:33.0791 0x16e4 Boot type: Normal boot
07:33:33.0791 0x16e4 ============================================================
07:33:36.0480 0x16e4 KLMD registered as C:\Windows\system32\drivers\79071507.sys
07:33:36.0907 0x16e4 System UUID: {B19499FB-C8F0-C41B-8016-EDBC21832010}
07:33:37.0691 0x16e4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:33:37.0707 0x16e4 Drive \Device\Harddisk1\DR1 - Size: 0x7470C05800 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:33:40.0171 0x16e4 ============================================================
07:33:40.0171 0x16e4 \Device\Harddisk0\DR0:
07:33:40.0171 0x16e4 MBR partitions:
07:33:40.0171 0x16e4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:33:40.0171 0x16e4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
07:33:40.0171 0x16e4 \Device\Harddisk1\DR1:
07:33:40.0171 0x16e4 MBR partitions:
07:33:40.0171 0x16e4 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
07:33:40.0171 0x16e4 ============================================================
07:33:40.0212 0x16e4 C: <-> \Device\Harddisk0\DR0\Partition2
07:33:40.0254 0x16e4 E: <-> \Device\Harddisk1\DR1\Partition1
07:33:40.0254 0x16e4 ============================================================
07:33:40.0254 0x16e4 Initialize success
07:33:40.0254 0x16e4 ============================================================
07:34:08.0510 0x14f8 ============================================================
07:34:08.0510 0x14f8 Scan started
07:34:08.0510 0x14f8 Mode: Manual; SigCheck; TDLFS;
07:34:08.0510 0x14f8 ============================================================
07:34:08.0510 0x14f8 KSN ping started
07:34:11.0357 0x14f8 KSN ping finished: true
07:34:13.0069 0x14f8 ================ Scan system memory ========================
07:34:13.0069 0x14f8 System memory - ok
07:34:13.0069 0x14f8 ================ Scan services =============================
07:34:13.0224 0x14f8 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:34:13.0370 0x14f8 1394ohci - ok
07:34:13.0431 0x14f8 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:34:13.0448 0x14f8 ACPI - ok
07:34:13.0469 0x14f8 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:34:13.0533 0x14f8 AcpiPmi - ok
07:34:13.0659 0x14f8 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:34:13.0671 0x14f8 AdobeARMservice - ok
07:34:13.0774 0x14f8 [ C6D147C12C424373B016C0AB0A6C61EB, 043D44F3C942CFC3558E782938C26849BF648A58A7AA62C4A526E37DE4136C27 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:34:13.0788 0x14f8 AdobeFlashPlayerUpdateSvc - ok
07:34:13.0845 0x14f8 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:34:13.0866 0x14f8 adp94xx - ok
07:34:13.0889 0x14f8 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:34:13.0906 0x14f8 adpahci - ok
07:34:13.0926 0x14f8 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:34:13.0939 0x14f8 adpu320 - ok
07:34:13.0968 0x14f8 [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:34:14.0019 0x14f8 AeLookupSvc - ok
07:34:14.0091 0x14f8 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
07:34:14.0139 0x14f8 AFD - ok
07:34:14.0183 0x14f8 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
07:34:14.0195 0x14f8 agp440 - ok
07:34:14.0215 0x14f8 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
07:34:14.0227 0x14f8 aic78xx - ok
07:34:14.0264 0x14f8 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
07:34:14.0314 0x14f8 ALG - ok
07:34:14.0351 0x14f8 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
07:34:14.0361 0x14f8 aliide - ok
07:34:14.0398 0x14f8 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
07:34:14.0409 0x14f8 amdagp - ok
07:34:14.0449 0x14f8 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
07:34:14.0460 0x14f8 amdide - ok
07:34:14.0479 0x14f8 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:34:14.0579 0x14f8 AmdK8 - ok
07:34:14.0597 0x14f8 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:34:14.0622 0x14f8 AmdPPM - ok
07:34:14.0653 0x14f8 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:34:14.0666 0x14f8 amdsata - ok
07:34:14.0691 0x14f8 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:34:14.0705 0x14f8 amdsbs - ok
07:34:14.0726 0x14f8 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:34:14.0744 0x14f8 amdxata - ok
07:34:14.0893 0x14f8 [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
07:34:14.0925 0x14f8 AntiVirMailService - ok
07:34:15.0100 0x14f8 [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
07:34:15.0119 0x14f8 AntiVirSchedulerService - ok
07:34:15.0160 0x14f8 [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
07:34:15.0178 0x14f8 AntiVirService - ok
07:34:15.0229 0x14f8 [ 9A12F8E472FE05EF653CA152050405D4, 569EA8FFDE827F850CA8E3CB747A8552FD9981E61C48C7EA55E550A6C07F770E ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
07:34:15.0262 0x14f8 AntiVirWebService - ok
07:34:15.0315 0x14f8 [ C532028F7EFF8831BE6B5E3C417E07FA, 9D3C91F4DE0456F2BD4BAB044A3281F895A8EBF259F15E3BA6299965F5B8ABED ] AppID C:\Windows\system32\drivers\appid.sys
07:34:15.0342 0x14f8 AppID - ok
07:34:15.0384 0x14f8 [ 7A152F43A6B25D63D1279511258FE381, 416B592DAB9ECA4AEBD336F35AC622FA240E229F31BFB52E6084BAA48CC6F397 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:34:15.0409 0x14f8 AppIDSvc - ok
07:34:15.0440 0x14f8 [ 133A7896E643D139443B47FDBFA327C7, 371FC602B531DF1EFDCEEC3A2F5497A0D0BE7F558B0583F572862C69A65BD454 ] Appinfo C:\Windows\System32\appinfo.dll
07:34:15.0477 0x14f8 Appinfo - ok
07:34:15.0517 0x14f8 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
07:34:15.0609 0x14f8 AppMgmt - ok
07:34:15.0644 0x14f8 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
07:34:15.0656 0x14f8 arc - ok
07:34:15.0669 0x14f8 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:34:15.0681 0x14f8 arcsas - ok
07:34:15.0809 0x14f8 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
07:34:15.0823 0x14f8 aspnet_state - ok
07:34:15.0856 0x14f8 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:34:15.0993 0x14f8 AsyncMac - ok
07:34:16.0053 0x14f8 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
07:34:16.0064 0x14f8 atapi - ok
07:34:16.0120 0x14f8 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:34:16.0233 0x14f8 AudioEndpointBuilder - ok
07:34:16.0264 0x14f8 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll
07:34:16.0287 0x14f8 Audiosrv - ok
07:34:16.0336 0x14f8 [ 98A2E56DC1197D36E81F771DB81ED798, 9AD3089D59DDD15DF74CEE49568C3CFFD97976F93B7CA246F4D51FBA5528C6BA ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
07:34:16.0350 0x14f8 avgntflt - ok
07:34:16.0380 0x14f8 [ B9D3418110A6B4EAADCB2BD1A8CEC617, 2252E518FB0A69699ECF7A940A20E9D77822F7FF7CE14FE5E30E4DDB34546D56 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
07:34:16.0397 0x14f8 avipbb - ok
07:34:16.0506 0x14f8 [ ABDAEBEB09E98D13D765A0C57F3FAF88, F9E5F9A13E983BEAF32FA53736FB188280AAA44740696DFB95B8C10E8FEA466D ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
07:34:16.0519 0x14f8 Avira.OE.ServiceHost - ok
07:34:16.0542 0x14f8 [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
07:34:16.0554 0x14f8 avkmgr - ok
07:34:16.0606 0x14f8 [ D289EE6DCF0A6393AE24416D73114E79, EF018B706DA5D583AA26DCA69E132D67D2B189F1EDFCAF2503A2FDABE105C04A ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
07:34:16.0617 0x14f8 avnetflt - ok
07:34:16.0667 0x14f8 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:34:16.0741 0x14f8 AxInstSV - ok
07:34:16.0792 0x14f8 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
07:34:16.0855 0x14f8 b06bdrv - ok
07:34:16.0883 0x14f8 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
07:34:16.0943 0x14f8 b57nd60x - ok
07:34:16.0996 0x14f8 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
07:34:17.0042 0x14f8 BDESVC - ok
07:34:17.0054 0x14f8 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
07:34:17.0116 0x14f8 Beep - ok
07:34:17.0192 0x14f8 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
07:34:17.0217 0x14f8 BFE - ok
07:34:17.0273 0x14f8 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\system32\qmgr.dll
07:34:17.0391 0x14f8 BITS - ok
07:34:17.0414 0x14f8 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:34:17.0452 0x14f8 blbdrive - ok
07:34:17.0489 0x14f8 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:34:17.0520 0x14f8 bowser - ok
07:34:17.0545 0x14f8 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:34:17.0600 0x14f8 BrFiltLo - ok
07:34:17.0615 0x14f8 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:34:17.0648 0x14f8 BrFiltUp - ok
07:34:17.0682 0x14f8 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
07:34:17.0725 0x14f8 BridgeMP - ok
07:34:17.0784 0x14f8 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
07:34:17.0801 0x14f8 Browser - ok
07:34:17.0824 0x14f8 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:34:17.0867 0x14f8 Brserid - ok
07:34:17.0888 0x14f8 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:34:17.0928 0x14f8 BrSerWdm - ok
07:34:17.0955 0x14f8 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:34:17.0985 0x14f8 BrUsbMdm - ok
07:34:17.0989 0x14f8 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:34:18.0013 0x14f8 BrUsbSer - ok
07:34:18.0031 0x14f8 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:34:18.0058 0x14f8 BTHMODEM - ok
07:34:18.0102 0x14f8 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
07:34:18.0126 0x14f8 bthserv - ok
07:34:18.0236 0x14f8 catchme - ok
07:34:18.0254 0x14f8 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:34:18.0304 0x14f8 cdfs - ok
07:34:18.0372 0x14f8 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:34:18.0406 0x14f8 cdrom - ok
07:34:18.0451 0x14f8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
07:34:18.0491 0x14f8 CertPropSvc - ok
07:34:18.0508 0x14f8 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:34:18.0542 0x14f8 circlass - ok
07:34:18.0597 0x14f8 [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\Windows\system32\CLFS.sys
07:34:18.0614 0x14f8 CLFS - ok
07:34:18.0677 0x14f8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:34:18.0690 0x14f8 clr_optimization_v2.0.50727_32 - ok
07:34:18.0746 0x14f8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:34:18.0760 0x14f8 clr_optimization_v4.0.30319_32 - ok
07:34:18.0783 0x14f8 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:34:18.0815 0x14f8 CmBatt - ok
07:34:18.0851 0x14f8 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:34:18.0862 0x14f8 cmdide - ok
07:34:18.0950 0x14f8 [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys
07:34:18.0974 0x14f8 CNG - ok
07:34:19.0004 0x14f8 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:34:19.0015 0x14f8 Compbatt - ok
07:34:19.0056 0x14f8 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:34:19.0094 0x14f8 CompositeBus - ok
07:34:19.0098 0x14f8 COMSysApp - ok
07:34:19.0120 0x14f8 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:34:19.0131 0x14f8 crcdisk - ok
07:34:19.0192 0x14f8 [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:34:19.0221 0x14f8 CryptSvc - ok
07:34:19.0274 0x14f8 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
07:34:19.0308 0x14f8 CSC - ok
07:34:19.0354 0x14f8 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
07:34:19.0401 0x14f8 CscService - ok
07:34:19.0474 0x14f8 [ CBB2BFFDE75E1CEEC0262F514EA016F2, 1D479F23DCC0013C16846740E5B221AA85599CC4FF84EF72D2926C0237F486A2 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
07:34:19.0489 0x14f8 dc3d - ok
07:34:19.0516 0x14f8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
07:34:19.0546 0x14f8 DcomLaunch - ok
07:34:19.0572 0x14f8 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
07:34:19.0601 0x14f8 defragsvc - ok
07:34:19.0620 0x14f8 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:34:19.0661 0x14f8 DfsC - ok
07:34:19.0727 0x14f8 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:34:19.0762 0x14f8 Dhcp - ok
07:34:19.0875 0x14f8 [ 0A3386E3CF9C5D089D695AC5A35F4C6F, D610071493EB95FCE39E24C457A0B5BBA131193159E43FDC1E8EDABB9C7AB81A ] DiagTrack C:\Windows\system32\diagtrack.dll
07:34:19.0927 0x14f8 DiagTrack - ok
07:34:19.0962 0x14f8 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
07:34:20.0008 0x14f8 discache - ok
07:34:20.0050 0x14f8 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:34:20.0061 0x14f8 Disk - ok
07:34:20.0083 0x14f8 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:34:20.0119 0x14f8 Dnscache - ok
07:34:20.0145 0x14f8 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
07:34:20.0195 0x14f8 dot3svc - ok
07:34:20.0238 0x14f8 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
07:34:20.0298 0x14f8 DPS - ok
07:34:20.0372 0x14f8 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:34:20.0388 0x14f8 drmkaud - ok
07:34:20.0440 0x14f8 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:34:20.0469 0x14f8 DXGKrnl - ok
07:34:20.0498 0x14f8 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
07:34:20.0563 0x14f8 EapHost - ok
07:34:20.0662 0x14f8 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
07:34:20.0774 0x14f8 ebdrv - ok
07:34:20.0836 0x14f8 [ 88142648ED929E6D2178CC3B8C13C00F, 7E6B6B2CF61C56FBF8F2A96BDA2E9506467A9A883BFD3BEA78A4F500851E76DB ] EFS C:\Windows\System32\lsass.exe
07:34:20.0851 0x14f8 EFS - ok
07:34:20.0923 0x14f8 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:34:20.0990 0x14f8 ehRecvr - ok
07:34:21.0012 0x14f8 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
07:34:21.0064 0x14f8 ehSched - ok
07:34:21.0095 0x14f8 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:34:21.0116 0x14f8 elxstor - ok
07:34:21.0179 0x14f8 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:34:21.0191 0x14f8 ErrDev - ok
07:34:21.0232 0x14f8 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
07:34:21.0275 0x14f8 EventSystem - ok
07:34:21.0293 0x14f8 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
07:34:21.0370 0x14f8 exfat - ok
07:34:21.0387 0x14f8 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:34:21.0428 0x14f8 fastfat - ok
07:34:21.0500 0x14f8 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
07:34:21.0573 0x14f8 Fax - ok
07:34:21.0588 0x14f8 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:34:21.0618 0x14f8 fdc - ok
07:34:21.0637 0x14f8 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
07:34:21.0660 0x14f8 fdPHost - ok
07:34:21.0701 0x14f8 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
07:34:21.0725 0x14f8 FDResPub - ok
07:34:21.0734 0x14f8 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:34:21.0746 0x14f8 FileInfo - ok
07:34:21.0752 0x14f8 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:34:21.0775 0x14f8 Filetrace - ok
07:34:21.0876 0x14f8 [ FC459741CA02225A2A332B197E5E6780, 2219D049099ACA41273C46991CA0FA38C5414D13FAD2EED03DE21947C7775FCC ] FirebirdGuardianDefaultInstance C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
07:34:21.0881 0x14f8 FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
07:34:27.0283 0x14f8 Detect skipped due to KSN trusted
07:34:27.0283 0x14f8 FirebirdGuardianDefaultInstance - ok
07:34:27.0374 0x14f8 [ 68D0D88F99B4723A2B2B5B8593BB6E13, 0C9D189B1B266E55B08C530933267F29E6223B55AD90CC2688D7E610F4A7C752 ] FirebirdServerDefaultInstance C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
07:34:27.0486 0x14f8 FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
07:34:30.0386 0x14f8 Detect skipped due to KSN trusted
07:34:30.0387 0x14f8 FirebirdServerDefaultInstance - ok
07:34:30.0415 0x14f8 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:34:30.0446 0x14f8 flpydisk - ok
07:34:30.0491 0x14f8 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:34:30.0506 0x14f8 FltMgr - ok
07:34:30.0579 0x14f8 [ 37DE123FE4276D8EC7F3C5B10C236238, 93CA47B9A96D904DD177FC0E04DECDF13756C8FA3C7613913DB4BF29A70ECE96 ] FontCache C:\Windows\system32\FntCache.dll
07:34:30.0615 0x14f8 FontCache - ok
07:34:30.0682 0x14f8 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:34:30.0692 0x14f8 FontCache3.0.0.0 - ok
07:34:30.0703 0x14f8 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:34:30.0715 0x14f8 FsDepends - ok
07:34:30.0780 0x14f8 [ 2262614848962DDB38FFB7C883E6FB55, 13A0FD679B96A1475FDAD5F64B0A9B07A3B132734888004276481E1060048A59 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
07:34:30.0793 0x14f8 fssfltr - ok
07:34:30.0816 0x14f8 fsssvc - ok
07:34:30.0849 0x14f8 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:34:30.0861 0x14f8 Fs_Rec - ok
07:34:30.0910 0x14f8 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:34:30.0927 0x14f8 fvevol - ok
07:34:30.0991 0x14f8 [ FF12FA487265DA2AC7DE4BE53F72FF1A, 9B9F29CC36D0C7681676F708270038D38CEA21AD82F4937DBDAE45F0D667786E ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
07:34:31.0050 0x14f8 FWLANUSB - ok
07:34:31.0091 0x14f8 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:34:31.0117 0x14f8 gagp30kx - ok
07:34:31.0192 0x14f8 [ 483924F92E55A5F9423201EC635E2CED, FEDAC3616709F081A0FA48E2BF521CBCC35E11E523EBADDEACA7308AD14338B3 ] gfibto C:\Windows\system32\drivers\gfibto.sys
07:34:31.0221 0x14f8 gfibto - ok
07:34:31.0279 0x14f8 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
07:34:31.0335 0x14f8 gpsvc - ok
07:34:31.0367 0x14f8 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:34:31.0429 0x14f8 hcw85cir - ok
07:34:31.0486 0x14f8 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:34:31.0524 0x14f8 HdAudAddService - ok
07:34:31.0565 0x14f8 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:34:31.0599 0x14f8 HDAudBus - ok
07:34:31.0614 0x14f8 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:34:31.0643 0x14f8 HidBatt - ok
07:34:31.0674 0x14f8 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:34:31.0689 0x14f8 HidBth - ok
07:34:31.0707 0x14f8 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:34:31.0741 0x14f8 HidIr - ok
07:34:31.0771 0x14f8 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
07:34:31.0816 0x14f8 hidserv - ok
07:34:31.0844 0x14f8 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:34:31.0858 0x14f8 HidUsb - ok
07:34:31.0902 0x14f8 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
07:34:31.0925 0x14f8 hkmsvc - ok
07:34:31.0972 0x14f8 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:34:32.0019 0x14f8 HomeGroupListener - ok
07:34:32.0068 0x14f8 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:34:32.0085 0x14f8 HomeGroupProvider - ok
07:34:32.0135 0x14f8 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:34:32.0147 0x14f8 HpSAMD - ok
07:34:32.0210 0x14f8 [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:34:32.0251 0x14f8 HTTP - ok
07:34:32.0293 0x14f8 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:34:32.0305 0x14f8 hwpolicy - ok
07:34:32.0343 0x14f8 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:34:32.0375 0x14f8 i8042prt - ok
07:34:32.0428 0x14f8 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:34:32.0446 0x14f8 iaStorV - ok
07:34:32.0511 0x14f8 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:34:32.0543 0x14f8 idsvc - ok
07:34:32.0583 0x14f8 IEEtwCollectorService - ok
07:34:32.0877 0x14f8 [ DCE0B53570703CCE580D066F89EF58CD, C5C2C4F51F2DB2BB6E7F1218472AEAAD996514AB99EA84946A473CB7A64D9E15 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
07:34:33.0213 0x14f8 igfx - ok
07:34:33.0255 0x14f8 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:34:33.0267 0x14f8 iirsp - ok
07:34:33.0336 0x14f8 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
07:34:33.0381 0x14f8 IKEEXT - ok
07:34:33.0426 0x14f8 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
07:34:33.0437 0x14f8 intelide - ok
07:34:33.0453 0x14f8 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:34:33.0489 0x14f8 intelppm - ok
07:34:33.0520 0x14f8 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:34:33.0545 0x14f8 IPBusEnum - ok
07:34:33.0567 0x14f8 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:34:33.0602 0x14f8 IpFilterDriver - ok
07:34:33.0647 0x14f8 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:34:33.0673 0x14f8 iphlpsvc - ok
07:34:33.0716 0x14f8 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:34:33.0748 0x14f8 IPMIDRV - ok
07:34:33.0765 0x14f8 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:34:33.0804 0x14f8 IPNAT - ok
07:34:33.0831 0x14f8 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:34:33.0891 0x14f8 IRENUM - ok
07:34:33.0934 0x14f8 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:34:33.0946 0x14f8 isapnp - ok
07:34:33.0987 0x14f8 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:34:34.0002 0x14f8 iScsiPrt - ok
07:34:34.0061 0x14f8 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:34:34.0072 0x14f8 kbdclass - ok
07:34:34.0101 0x14f8 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:34:34.0128 0x14f8 kbdhid - ok
07:34:34.0143 0x14f8 [ 88142648ED929E6D2178CC3B8C13C00F, 7E6B6B2CF61C56FBF8F2A96BDA2E9506467A9A883BFD3BEA78A4F500851E76DB ] KeyIso C:\Windows\system32\lsass.exe
07:34:34.0156 0x14f8 KeyIso - ok
07:34:34.0197 0x14f8 [ 88246FD556E98BF416AC00C418B83D1D, 917EC561EB1C4D8D736DFDCD8456389B3DB0E8CB5AE900FB507F7F1550048BAD ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:34:34.0209 0x14f8 KSecDD - ok
07:34:34.0215 0x14f8 [ C41140DBF0BEA35E480A9CF9823B2B08, 142C4EB8AF27C9B649F24BEECFA1FD3E2B160BC8E8172A04526B73BB157CAD3A ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:34:34.0229 0x14f8 KSecPkg - ok
07:34:34.0268 0x14f8 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
07:34:34.0298 0x14f8 KtmRm - ok
07:34:34.0327 0x14f8 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
07:34:34.0364 0x14f8 LanmanServer - ok
07:34:34.0400 0x14f8 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:34:34.0448 0x14f8 LanmanWorkstation - ok
07:34:34.0502 0x14f8 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:34:34.0525 0x14f8 lltdio - ok
07:34:34.0541 0x14f8 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:34:34.0584 0x14f8 lltdsvc - ok
07:34:34.0606 0x14f8 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:34:34.0648 0x14f8 lmhosts - ok
07:34:34.0681 0x14f8 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:34:34.0694 0x14f8 LSI_FC - ok
07:34:34.0699 0x14f8 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:34:34.0712 0x14f8 LSI_SAS - ok
07:34:34.0724 0x14f8 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:34:34.0736 0x14f8 LSI_SAS2 - ok
07:34:34.0741 0x14f8 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:34:34.0753 0x14f8 LSI_SCSI - ok
07:34:34.0774 0x14f8 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
07:34:34.0822 0x14f8 luafv - ok
07:34:34.0883 0x14f8 [ FDBDEDB746A33BAFC17394D1960ADEAF, 6280BD2559A3A0D058BAAF0BB3719F4BEE5841EC9901452CB6D8319666901876 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
07:34:34.0895 0x14f8 mbamchameleon - ok
07:34:34.0947 0x14f8 [ B4CD87E78A01562E3DA67FE1C2779204, 536AC01C53A18E7B43F02F345FC3088C189A2D01F5E060714C0534FE7ECA2356 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
07:34:34.0957 0x14f8 MBAMProtector - ok
07:34:35.0039 0x14f8 [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
07:34:35.0085 0x14f8 MBAMService - ok
07:34:35.0128 0x14f8 [ 5023F594D5448E16F920157174C61358, A8A188CA4E9995BBFCD419680A43EE8AD1E0C7EE529BEC8E0922581386982C4F ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
07:34:35.0142 0x14f8 MBAMSwissArmy - ok
07:34:35.0180 0x14f8 [ 490F0F3ED8A970E2BAA38F719242B8F7, 03F902365372639424AB654AEBF6EB2B6B73363275435ADC2D086EAA7112AC3D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
07:34:35.0191 0x14f8 MBAMWebAccessControl - ok
07:34:35.0235 0x14f8 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:34:35.0250 0x14f8 Mcx2Svc - ok
07:34:35.0267 0x14f8 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:34:35.0279 0x14f8 megasas - ok
07:34:35.0301 0x14f8 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:34:35.0317 0x14f8 MegaSR - ok
07:34:35.0402 0x14f8 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
07:34:35.0418 0x14f8 Microsoft Office Groove Audit Service - ok
07:34:35.0451 0x14f8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
07:34:35.0494 0x14f8 MMCSS - ok
07:34:35.0515 0x14f8 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
07:34:35.0559 0x14f8 Modem - ok
07:34:35.0598 0x14f8 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:34:35.0612 0x14f8 monitor - ok
07:34:35.0644 0x14f8 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:34:35.0655 0x14f8 mouclass - ok
07:34:35.0691 0x14f8 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:34:35.0721 0x14f8 mouhid - ok
07:34:35.0764 0x14f8 [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:34:35.0776 0x14f8 mountmgr - ok
07:34:35.0854 0x14f8 [ E96D4881189E3241A80EE54EFAB02E00, 13DC3174A2A5CF20C63C3EA5E2FF4060B15B40B02CCB29B41EC7A53047B69D9F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:34:35.0868 0x14f8 MozillaMaintenance - ok
07:34:35.0908 0x14f8 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
07:34:35.0926 0x14f8 mpio - ok
07:34:35.0931 0x14f8 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:34:35.0974 0x14f8 mpsdrv - ok
07:34:36.0080 0x14f8 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:34:36.0129 0x14f8 MpsSvc - ok
07:34:36.0175 0x14f8 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:34:36.0210 0x14f8 MRxDAV - ok
07:34:36.0261 0x14f8 [ BAF4E2BE25E8EDFDAA98AA17D92E3C35, 1C7C7A7217962BE8338F8F989A2DBA2C0FD8A1CCC4E773EA5D02F291C2AF0BCA ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:34:36.0296 0x14f8 mrxsmb - ok
07:34:36.0341 0x14f8 [ 300E85A19AFD4DF992AB6297C6E64CA1, B794DC07336DA64ECB8F6F695978C5B67FBFC7D1B60F3AD94D970FC9DE05A095 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:34:36.0372 0x14f8 mrxsmb10 - ok
07:34:36.0421 0x14f8 [ 70EF9F86474BA28A6898228E1C9ABDCB, 5BCCE0A1D33F7A0780350F3AA870468DB7B51F4FBA267AF663BC946B2259E0F8 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:34:36.0436 0x14f8 mrxsmb20 - ok
07:34:36.0476 0x14f8 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
07:34:36.0490 0x14f8 msahci - ok
07:34:36.0524 0x14f8 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:34:36.0537 0x14f8 msdsm - ok
07:34:36.0559 0x14f8 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
07:34:36.0596 0x14f8 MSDTC - ok
07:34:36.0625 0x14f8 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:34:36.0648 0x14f8 Msfs - ok
07:34:36.0679 0x14f8 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:34:36.0721 0x14f8 mshidkmdf - ok
07:34:36.0770 0x14f8 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:34:36.0781 0x14f8 msisadrv - ok
07:34:36.0807 0x14f8 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:34:36.0844 0x14f8 MSiSCSI - ok
07:34:36.0848 0x14f8 msiserver - ok
07:34:36.0888 0x14f8 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:34:36.0910 0x14f8 MSKSSRV - ok
07:34:36.0932 0x14f8 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:34:36.0955 0x14f8 MSPCLOCK - ok
07:34:36.0967 0x14f8 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:34:37.0016 0x14f8 MSPQM - ok
07:34:37.0047 0x14f8 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:34:37.0062 0x14f8 MsRPC - ok
07:34:37.0101 0x14f8 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:34:37.0112 0x14f8 mssmbios - ok
07:34:37.0193 0x14f8 MSSQL$EASYWINART - ok
07:34:37.0307 0x14f8 [ 8E8E74C953EB0C4F8828D99D6F27FD6F, 94AFB1B09A6E92302D29B3C563B1744CECC5F5487418962BE537B7C57717CA42 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
07:34:37.0317 0x14f8 MSSQLServerADHelper100 - ok
07:34:37.0328 0x14f8 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:34:37.0379 0x14f8 MSTEE - ok
07:34:37.0407 0x14f8 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:34:37.0440 0x14f8 MTConfig - ok
07:34:37.0459 0x14f8 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
07:34:37.0470 0x14f8 Mup - ok
07:34:37.0520 0x14f8 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
07:34:37.0584 0x14f8 napagent - ok
07:34:37.0623 0x14f8 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:34:37.0645 0x14f8 NativeWifiP - ok
07:34:37.0707 0x14f8 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:34:37.0734 0x14f8 NDIS - ok
07:34:37.0755 0x14f8 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:34:37.0798 0x14f8 NdisCap - ok
07:34:37.0836 0x14f8 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:34:37.0872 0x14f8 NdisTapi - ok
07:34:37.0902 0x14f8 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:34:37.0924 0x14f8 Ndisuio - ok
07:34:37.0965 0x14f8 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:34:37.0989 0x14f8 NdisWan - ok
07:34:38.0012 0x14f8 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:34:38.0042 0x14f8 NDProxy - ok
07:34:38.0064 0x14f8 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:34:38.0110 0x14f8 NetBIOS - ok
07:34:38.0152 0x14f8 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:34:38.0199 0x14f8 NetBT - ok
07:34:38.0224 0x14f8 [ 88142648ED929E6D2178CC3B8C13C00F, 7E6B6B2CF61C56FBF8F2A96BDA2E9506467A9A883BFD3BEA78A4F500851E76DB ] Netlogon C:\Windows\system32\lsass.exe
07:34:38.0237 0x14f8 Netlogon - ok
07:34:38.0274 0x14f8 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
07:34:38.0321 0x14f8 Netman - ok
07:34:38.0396 0x14f8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:34:38.0412 0x14f8 NetMsmqActivator - ok
07:34:38.0442 0x14f8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:34:38.0456 0x14f8 NetPipeActivator - ok
07:34:38.0489 0x14f8 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
07:34:38.0520 0x14f8 netprofm - ok
07:34:38.0558 0x14f8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:34:38.0588 0x14f8 NetTcpActivator - ok
07:34:38.0594 0x14f8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:34:38.0612 0x14f8 NetTcpPortSharing - ok
07:34:38.0646 0x14f8 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:34:38.0658 0x14f8 nfrd960 - ok
07:34:38.0695 0x14f8 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:34:38.0728 0x14f8 NlaSvc - ok
07:34:38.0750 0x14f8 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:34:38.0773 0x14f8 Npfs - ok
07:34:38.0783 0x14f8 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
07:34:38.0830 0x14f8 nsi - ok
07:34:38.0849 0x14f8 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:34:38.0897 0x14f8 nsiproxy - ok
07:34:38.0973 0x14f8 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:34:39.0027 0x14f8 Ntfs - ok
07:34:39.0038 0x14f8 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
07:34:39.0082 0x14f8 Null - ok
07:34:39.0114 0x14f8 [ 68C890DDB21028CB1EA5551B47B29E1B, 8C5BCF37C4ED31A77BE6413635AC045F57278C62EF70B071518AE1DD193FBF8A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
07:34:39.0164 0x14f8 nusb3hub - ok
07:34:39.0191 0x14f8 [ 2CF970C1A9E05D3B91039C2DD4471C0E, C4CE638300CC3EE5FE36C538DB372C70C5636421C8AA9183FB5105B3FFC9BF0E ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
07:34:39.0228 0x14f8 nusb3xhc - ok
07:34:39.0274 0x14f8 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:34:39.0288 0x14f8 nvraid - ok
07:34:39.0315 0x14f8 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:34:39.0330 0x14f8 nvstor - ok
07:34:39.0369 0x14f8 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:34:39.0383 0x14f8 nv_agp - ok
07:34:39.0483 0x14f8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:34:39.0503 0x14f8 odserv - ok
07:34:39.0541 0x14f8 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:34:39.0574 0x14f8 ohci1394 - ok
07:34:39.0626 0x14f8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:34:39.0639 0x14f8 ose - ok
07:34:39.0671 0x14f8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:34:39.0736 0x14f8 p2pimsvc - ok
07:34:39.0765 0x14f8 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
07:34:39.0785 0x14f8 p2psvc - ok
07:34:39.0827 0x14f8 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:34:39.0859 0x14f8 Parport - ok
07:34:39.0897 0x14f8 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:34:39.0909 0x14f8 partmgr - ok
07:34:39.0924 0x14f8 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
07:34:39.0936 0x14f8 Parvdm - ok
07:34:39.0976 0x14f8 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll
07:34:40.0006 0x14f8 PcaSvc - ok
07:34:40.0040 0x14f8 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
07:34:40.0054 0x14f8 pci - ok
07:34:40.0094 0x14f8 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
07:34:40.0105 0x14f8 pciide - ok
07:34:40.0120 0x14f8 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:34:40.0135 0x14f8 pcmcia - ok
07:34:40.0151 0x14f8 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
07:34:40.0163 0x14f8 pcw - ok
07:34:40.0184 0x14f8 PDFProFiltSrv - ok
07:34:40.0232 0x14f8 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:34:40.0259 0x14f8 PEAUTH - ok
07:34:40.0310 0x14f8 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
07:34:40.0403 0x14f8 PeerDistSvc - ok
07:34:40.0485 0x14f8 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
07:34:40.0582 0x14f8 pla - ok
07:34:40.0653 0x14f8 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:34:40.0692 0x14f8 PlugPlay - ok
07:34:40.0718 0x14f8 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:34:40.0750 0x14f8 PNRPAutoReg - ok
07:34:40.0775 0x14f8 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:34:40.0792 0x14f8 PNRPsvc - ok
07:34:40.0837 0x14f8 [ E1BDA4A545CB54889CC24DF72A024E75, D7A005CAE89485ED3FE805A84F6A578BFFE6483D30B9C8E1732C5F41832D48CA ] Point32 C:\Windows\system32\DRIVERS\point32.sys
07:34:40.0848 0x14f8 Point32 - ok
07:34:40.0874 0x14f8 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:34:40.0915 0x14f8 PolicyAgent - ok
07:34:40.0953 0x14f8 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
07:34:40.0978 0x14f8 Power - ok
07:34:41.0012 0x14f8 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:34:41.0055 0x14f8 PptpMiniport - ok
07:34:41.0075 0x14f8 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:34:41.0088 0x14f8 Processor - ok
07:34:41.0147 0x14f8 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
07:34:41.0187 0x14f8 ProfSvc - ok
07:34:41.0212 0x14f8 [ 88142648ED929E6D2178CC3B8C13C00F, 7E6B6B2CF61C56FBF8F2A96BDA2E9506467A9A883BFD3BEA78A4F500851E76DB ] ProtectedStorage C:\Windows\system32\lsass.exe
07:34:41.0227 0x14f8 ProtectedStorage - ok
07:34:41.0248 0x14f8 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:34:41.0273 0x14f8 Psched - ok
07:34:41.0327 0x14f8 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:34:41.0380 0x14f8 ql2300 - ok
07:34:41.0404 0x14f8 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:34:41.0417 0x14f8 ql40xx - ok
07:34:41.0435 0x14f8 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
07:34:41.0483 0x14f8 QWAVE - ok
07:34:41.0505 0x14f8 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:34:41.0535 0x14f8 QWAVEdrv - ok
07:34:41.0548 0x14f8 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:34:41.0598 0x14f8 RasAcd - ok
07:34:41.0654 0x14f8 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:34:41.0694 0x14f8 RasAgileVpn - ok
07:34:41.0711 0x14f8 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
07:34:41.0737 0x14f8 RasAuto - ok
07:34:41.0742 0x14f8 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:34:41.0786 0x14f8 Rasl2tp - ok
07:34:41.0858 0x14f8 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
07:34:41.0886 0x14f8 RasMan - ok
07:34:41.0899 0x14f8 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:34:41.0945 0x14f8 RasPppoe - ok
07:34:41.0975 0x14f8 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:34:41.0998 0x14f8 RasSstp - ok
07:34:42.0035 0x14f8 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:34:42.0062 0x14f8 rdbss - ok
07:34:42.0076 0x14f8 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:34:42.0104 0x14f8 rdpbus - ok
07:34:42.0148 0x14f8 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:34:42.0169 0x14f8 RDPCDD - ok
07:34:42.0210 0x14f8 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
07:34:42.0233 0x14f8 RDPDR - ok
07:34:42.0245 0x14f8 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:34:42.0284 0x14f8 RDPENCDD - ok
07:34:42.0310 0x14f8 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:34:42.0331 0x14f8 RDPREFMP - ok
07:34:42.0375 0x14f8 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:34:42.0415 0x14f8 RDPWD - ok
07:34:42.0457 0x14f8 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:34:42.0473 0x14f8 rdyboost - ok
07:34:42.0501 0x14f8 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:34:42.0539 0x14f8 RemoteAccess - ok
07:34:42.0574 0x14f8 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:34:42.0601 0x14f8 RemoteRegistry - ok
07:34:42.0622 0x14f8 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:34:42.0646 0x14f8 RpcEptMapper - ok
07:34:42.0671 0x14f8 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
07:34:42.0684 0x14f8 RpcLocator - ok
07:34:42.0712 0x14f8 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
07:34:42.0742 0x14f8 RpcSs - ok
07:34:42.0811 0x14f8 [ 412FEE325FDC5054AE44CF7797692AF3, AF70081E16A1A90AA635079C8FB1259C7C6588CCC825BCD8374BF558E66D8FEC ] RsFx0153 C:\Windows\system32\DRIVERS\RsFx0153.sys
07:34:42.0829 0x14f8 RsFx0153 - ok
07:34:42.0859 0x14f8 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:34:42.0905 0x14f8 rspndr - ok
07:34:42.0940 0x14f8 [ 5283B9A27FF230F2FF70D92451FF409A, B8BAC70E1DE4485C79CA7B47D4DCFE0223CECEA8ED75CE4F128D47051F95FE5D ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
07:34:42.0958 0x14f8 RTL8167 - ok
07:34:43.0002 0x14f8 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
07:34:43.0060 0x14f8 s3cap - ok
07:34:43.0064 0x14f8 [ 88142648ED929E6D2178CC3B8C13C00F, 7E6B6B2CF61C56FBF8F2A96BDA2E9506467A9A883BFD3BEA78A4F500851E76DB ] SamSs C:\Windows\system32\lsass.exe
07:34:43.0077 0x14f8 SamSs - ok
07:34:43.0132 0x14f8 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:34:43.0144 0x14f8 sbp2port - ok
07:34:43.0159 0x14f8 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:34:43.0205 0x14f8 SCardSvr - ok
07:34:43.0239 0x14f8 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:34:43.0285 0x14f8 scfilter - ok
07:34:43.0343 0x14f8 [ 9060B8D5BCD5F2B019249F85E3D811F3, 7FB32AB7FE118462988321B9230074DAA960B587417EB463187539C3215445AE ] Schedule C:\Windows\system32\schedsvc.dll
07:34:43.0373 0x14f8 Schedule - ok
07:34:43.0419 0x14f8 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
07:34:43.0450 0x14f8 SCPolicySvc - ok
07:34:43.0499 0x14f8 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:34:43.0541 0x14f8 SDRSVC - ok
07:34:43.0581 0x14f8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:34:43.0604 0x14f8 secdrv - ok
07:34:43.0619 0x14f8 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
07:34:43.0656 0x14f8 seclogon - ok
07:34:43.0690 0x14f8 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
07:34:43.0735 0x14f8 SENS - ok
07:34:43.0760 0x14f8 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:34:43.0820 0x14f8 SensrSvc - ok
07:34:43.0837 0x14f8 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:34:43.0865 0x14f8 Serenum - ok
07:34:43.0888 0x14f8 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:34:43.0903 0x14f8 Serial - ok
07:34:43.0943 0x14f8 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:34:43.0972 0x14f8 sermouse - ok
07:34:44.0024 0x14f8 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
07:34:44.0066 0x14f8 SessionEnv - ok
07:34:44.0102 0x14f8 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:34:44.0137 0x14f8 sffdisk - ok
07:34:44.0161 0x14f8 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:34:44.0196 0x14f8 sffp_mmc - ok
07:34:44.0222 0x14f8 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:34:44.0276 0x14f8 sffp_sd - ok
07:34:44.0298 0x14f8 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:34:44.0333 0x14f8 sfloppy - ok
07:34:44.0399 0x14f8 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:34:44.0437 0x14f8 SharedAccess - ok
07:34:44.0490 0x14f8 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:34:44.0524 0x14f8 ShellHWDetection - ok
07:34:44.0564 0x14f8 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
07:34:44.0576 0x14f8 sisagp - ok
07:34:44.0610 0x14f8 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:34:44.0621 0x14f8 SiSRaid2 - ok
07:34:44.0641 0x14f8 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:34:44.0654 0x14f8 SiSRaid4 - ok
07:34:44.0680 0x14f8 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:34:44.0720 0x14f8 Smb - ok
07:34:44.0756 0x14f8 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:34:44.0785 0x14f8 SNMPTRAP - ok
07:34:44.0810 0x14f8 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
07:34:44.0821 0x14f8 spldr - ok
07:34:44.0876 0x14f8 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
07:34:44.0920 0x14f8 Spooler - ok
07:34:45.0028 0x14f8 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
07:34:45.0142 0x14f8 sppsvc - ok
07:34:45.0184 0x14f8 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:34:45.0224 0x14f8 sppuinotify - ok
07:34:45.0294 0x14f8 [ C04D8EFB3906A8B1718ABD7FD21B2918, 870E248B77C034D4FAB5E3572B5AEFCE34D696C2F927FA8D0A507A096AAD0DA3 ] SQLAgent$EASYWINART C:\Program Files\Microsoft SQL Server\MSSQL10_50.EASYWINART\MSSQL\Binn\SQLAGENT.EXE
07:34:45.0316 0x14f8 SQLAgent$EASYWINART - ok
07:34:45.0410 0x14f8 [ 7F37589E64A7C35AB67D0D8C8F53652B, D389FDF5CF7F4926BFDE966E2E92FAE3AFE5C0ACBDAB40E74A1B5D9F3525101E ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:34:45.0428 0x14f8 SQLBrowser - ok
07:34:45.0458 0x14f8 [ 8E6E5CFA06769A417B03FD6FAA29E010, CFF4FF34C2E0D9DFB502FCDB99DF4A21D0DBC335B6AD46805DAB069E789ECF9E ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:34:45.0468 0x14f8 SQLWriter - ok
07:34:45.0525 0x14f8 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:34:45.0590 0x14f8 srv - ok
07:34:45.0613 0x14f8 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:34:45.0633 0x14f8 srv2 - ok
07:34:45.0669 0x14f8 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:34:45.0683 0x14f8 srvnet - ok
07:34:45.0707 0x14f8 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:34:45.0733 0x14f8 SSDPSRV - ok
07:34:45.0766 0x14f8 [ 424566865D82AA4BD8D6546C1F2065FA, 37B4C04C7C0EE0F3347A9E9F35B095478299F7324CA87AAE487BF989B0E6AE03 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
07:34:45.0776 0x14f8 ssmdrv - ok
07:34:45.0790 0x14f8 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:34:45.0846 0x14f8 SstpSvc - ok
07:34:45.0887 0x14f8 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:34:45.0898 0x14f8 stexstor - ok
07:34:45.0940 0x14f8 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
07:34:45.0967 0x14f8 StiSvc - ok
07:34:46.0002 0x14f8 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
07:34:46.0014 0x14f8 storflt - ok
07:34:46.0034 0x14f8 [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
07:34:46.0088 0x14f8 StorSvc - ok
07:34:46.0137 0x14f8 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
07:34:46.0149 0x14f8 storvsc - ok
07:34:46.0189 0x14f8 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
07:34:46.0200 0x14f8 swenum - ok
07:34:46.0224 0x14f8 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
07:34:46.0260 0x14f8 swprv - ok
07:34:46.0340 0x14f8 [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain C:\Windows\system32\sysmain.dll
07:34:46.0393 0x14f8 SysMain - ok
07:34:46.0434 0x14f8 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
07:34:46.0479 0x14f8 TabletInputService - ok
07:34:46.0527 0x14f8 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
07:34:46.0583 0x14f8 TapiSrv - ok
07:34:46.0608 0x14f8 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
07:34:46.0633 0x14f8 TBS - ok
07:34:46.0715 0x14f8 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:34:46.0767 0x14f8 Tcpip - ok
07:34:46.0809 0x14f8 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:34:46.0845 0x14f8 TCPIP6 - ok
07:34:46.0890 0x14f8 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:34:46.0902 0x14f8 tcpipreg - ok
07:34:46.0952 0x14f8 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:34:46.0985 0x14f8 TDPIPE - ok
07:34:47.0032 0x14f8 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:34:47.0044 0x14f8 TDTCP - ok
07:34:47.0085 0x14f8 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:34:47.0099 0x14f8 tdx - ok
07:34:47.0355 0x14f8 [ CFC9B7B465283378D374D5E380D5D244, 5E66A62C6A6272B65181F116031AA80E8DCEDA3B7E2C1130DD631347DF644D79 ] TeamViewer C:\Program Files\TeamViewer\TeamViewer_Service.exe
07:34:47.0548 0x14f8 TeamViewer - ok
07:34:47.0609 0x14f8 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
07:34:47.0621 0x14f8 TermDD - ok
07:34:47.0675 0x14f8 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
07:34:47.0724 0x14f8 TermService - ok
07:34:47.0761 0x14f8 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
07:34:47.0777 0x14f8 Themes - ok
07:34:47.0781 0x14f8 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
07:34:47.0806 0x14f8 THREADORDER - ok
07:34:47.0836 0x14f8 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
07:34:47.0863 0x14f8 TrkWks - ok
07:34:47.0928 0x14f8 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:34:47.0952 0x14f8 TrustedInstaller - ok
07:34:47.0988 0x14f8 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:34:48.0002 0x14f8 tssecsrv - ok
07:34:48.0044 0x14f8 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:34:48.0098 0x14f8 TsUsbFlt - ok
07:34:48.0155 0x14f8 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:34:48.0197 0x14f8 tunnel - ok
07:34:48.0240 0x14f8 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:34:48.0252 0x14f8 uagp35 - ok
07:34:48.0302 0x14f8 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:34:48.0329 0x14f8 udfs - ok
07:34:48.0350 0x14f8 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:34:48.0387 0x14f8 UI0Detect - ok
07:34:48.0428 0x14f8 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:34:48.0440 0x14f8 uliagpkx - ok
07:34:48.0500 0x14f8 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
07:34:48.0534 0x14f8 umbus - ok
07:34:48.0549 0x14f8 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:34:48.0634 0x14f8 UmPass - ok
07:34:48.0678 0x14f8 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
07:34:48.0695 0x14f8 UmRdpService - ok
07:34:48.0718 0x14f8 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
07:34:48.0769 0x14f8 upnphost - ok
07:34:48.0798 0x14f8 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:34:48.0813 0x14f8 usbccgp - ok
07:34:48.0850 0x14f8 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:34:48.0865 0x14f8 usbcir - ok
07:34:48.0885 0x14f8 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:34:48.0897 0x14f8 usbehci - ok
07:34:48.0929 0x14f8 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:34:48.0961 0x14f8 usbhub - ok
07:34:49.0014 0x14f8 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:34:49.0053 0x14f8 usbohci - ok
07:34:49.0088 0x14f8 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:34:49.0119 0x14f8 usbprint - ok
07:34:49.0164 0x14f8 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:34:49.0178 0x14f8 usbscan - ok
07:34:49.0194 0x14f8 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:34:49.0209 0x14f8 USBSTOR - ok
07:34:49.0214 0x14f8 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
07:34:49.0226 0x14f8 usbuhci - ok
07:34:49.0232 0x14f8 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
07:34:49.0255 0x14f8 UxSms - ok
07:34:49.0264 0x14f8 [ 88142648ED929E6D2178CC3B8C13C00F, 7E6B6B2CF61C56FBF8F2A96BDA2E9506467A9A883BFD3BEA78A4F500851E76DB ] VaultSvc C:\Windows\system32\lsass.exe
07:34:49.0277 0x14f8 VaultSvc - ok
07:34:49.0325 0x14f8 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:34:49.0337 0x14f8 vdrvroot - ok
07:34:49.0386 0x14f8 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
07:34:49.0419 0x14f8 vds - ok
07:34:49.0443 0x14f8 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:34:49.0457 0x14f8 vga - ok
07:34:49.0467 0x14f8 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:34:49.0491 0x14f8 VgaSave - ok
07:34:49.0530 0x14f8 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:34:49.0558 0x14f8 vhdmp - ok
07:34:49.0580 0x14f8 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
07:34:49.0593 0x14f8 viaagp - ok
07:34:49.0610 0x14f8 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
07:34:49.0639 0x14f8 ViaC7 - ok
07:34:49.0669 0x14f8 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
07:34:49.0681 0x14f8 viaide - ok
07:34:49.0729 0x14f8 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
07:34:49.0745 0x14f8 vmbus - ok
07:34:49.0778 0x14f8 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
07:34:49.0791 0x14f8 VMBusHID - ok
07:34:49.0811 0x14f8 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:34:49.0824 0x14f8 volmgr - ok
07:34:49.0848 0x14f8 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:34:49.0866 0x14f8 volmgrx - ok
07:34:49.0917 0x14f8 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:34:49.0934 0x14f8 volsnap - ok
07:34:49.0960 0x14f8 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:34:49.0979 0x14f8 vsmraid - ok
07:34:50.0045 0x14f8 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
07:34:50.0107 0x14f8 VSS - ok
07:34:50.0119 0x14f8 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
07:34:50.0157 0x14f8 vwifibus - ok
07:34:50.0212 0x14f8 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
07:34:50.0268 0x14f8 W32Time - ok
07:34:50.0297 0x14f8 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:34:50.0310 0x14f8 WacomPen - ok
07:34:50.0329 0x14f8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:34:50.0352 0x14f8 WANARP - ok
07:34:50.0356 0x14f8 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:34:50.0379 0x14f8 Wanarpv6 - ok
07:34:50.0421 0x14f8 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
07:34:50.0509 0x14f8 wbengine - ok
07:34:50.0544 0x14f8 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:34:50.0564 0x14f8 WbioSrvc - ok
07:34:50.0600 0x14f8 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:34:50.0623 0x14f8 wcncsvc - ok
07:34:50.0674 0x14f8 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:34:50.0697 0x14f8 WcsPlugInService - ok
07:34:50.0718 0x14f8 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:34:50.0747 0x14f8 Wd - ok
07:34:50.0798 0x14f8 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:34:50.0824 0x14f8 Wdf01000 - ok
07:34:50.0867 0x14f8 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:34:50.0924 0x14f8 WdiServiceHost - ok
07:34:50.0929 0x14f8 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:34:50.0944 0x14f8 WdiSystemHost - ok
07:34:50.0984 0x14f8 [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient C:\Windows\System32\webclnt.dll
07:34:51.0004 0x14f8 WebClient - ok
07:34:51.0027 0x14f8 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:34:51.0055 0x14f8 Wecsvc - ok
07:34:51.0068 0x14f8 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:34:51.0093 0x14f8 wercplsupport - ok
07:34:51.0126 0x14f8 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
07:34:51.0151 0x14f8 WerSvc - ok
07:34:51.0181 0x14f8 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:34:51.0225 0x14f8 WfpLwf - ok
07:34:51.0253 0x14f8 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:34:51.0274 0x14f8 WIMMount - ok
07:34:51.0361 0x14f8 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
07:34:51.0452 0x14f8 WinDefend - ok
07:34:51.0477 0x14f8 WinHttpAutoProxySvc - ok
07:34:51.0618 0x14f8 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:34:51.0643 0x14f8 Winmgmt - ok
07:34:51.0704 0x14f8 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
07:34:51.0780 0x14f8 WinRM - ok
07:34:51.0833 0x14f8 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:34:51.0868 0x14f8 Wlansvc - ok
07:34:51.0998 0x14f8 [ 5E7C103F8475C4289847D15E129C20F7, C6325D3557545FA1DA26B0B1EA9A1C95AED1FA84A93BE29A771DAD9ECB00768B ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:34:52.0056 0x14f8 wlidsvc - ok
07:34:52.0105 0x14f8 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:34:52.0117 0x14f8 WmiAcpi - ok
07:34:52.0146 0x14f8 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:34:52.0179 0x14f8 wmiApSrv - ok
07:34:52.0282 0x14f8 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
07:34:52.0371 0x14f8 WMPNetworkSvc - ok
07:34:52.0390 0x14f8 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:34:52.0445 0x14f8 WPCSvc - ok
07:34:52.0486 0x14f8 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:34:52.0508 0x14f8 WPDBusEnum - ok
07:34:52.0521 0x14f8 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:34:52.0544 0x14f8 ws2ifsl - ok
07:34:52.0567 0x14f8 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
07:34:52.0606 0x14f8 wscsvc - ok
07:34:52.0610 0x14f8 WSearch - ok
07:34:52.0710 0x14f8 [ 3EFC48CE17BE25D2F8C04C5A0FAE1F53, 6439396AE1C59966E3C0DF519956F9D25568155174004F9562F764CEF8A49802 ] wuauserv C:\Windows\system32\wuaueng.dll
07:34:52.0835 0x14f8 wuauserv - ok
07:34:52.0871 0x14f8 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:34:52.0927 0x14f8 WudfPf - ok
07:34:52.0950 0x14f8 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:34:52.0965 0x14f8 WUDFRd - ok
07:34:53.0020 0x14f8 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:34:53.0034 0x14f8 wudfsvc - ok
07:34:53.0086 0x14f8 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
07:34:53.0121 0x14f8 WwanSvc - ok
07:34:53.0172 0x14f8 ================ Scan global ===============================
07:34:53.0225 0x14f8 [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
07:34:53.0266 0x14f8 [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
07:34:53.0276 0x14f8 [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
07:34:53.0306 0x14f8 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
07:34:53.0359 0x14f8 [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
07:34:53.0366 0x14f8 [ Global ] - ok
07:34:53.0367 0x14f8 ================ Scan MBR ==================================
07:34:53.0379 0x14f8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:34:53.0634 0x14f8 \Device\Harddisk0\DR0 - ok
07:34:53.0638 0x14f8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
07:34:53.0962 0x14f8 \Device\Harddisk1\DR1 - ok
07:34:53.0962 0x14f8 ================ Scan VBR ==================================
07:34:53.0965 0x14f8 [ 594ED6F7102CD84D36D5785FC46FDFD7 ] \Device\Harddisk0\DR0\Partition1
07:34:53.0966 0x14f8 \Device\Harddisk0\DR0\Partition1 - ok
07:34:53.0969 0x14f8 [ 09141DF045B43AEC335919A27EF1DAF9 ] \Device\Harddisk0\DR0\Partition2
07:34:53.0970 0x14f8 \Device\Harddisk0\DR0\Partition2 - ok
07:34:53.0973 0x14f8 [ 628C22D8F2231DDB1BACF78AE8534434 ] \Device\Harddisk1\DR1\Partition1
07:34:53.0974 0x14f8 \Device\Harddisk1\DR1\Partition1 - ok
07:34:53.0974 0x14f8 ================ Scan generic autorun ======================
07:34:54.0020 0x14f8 [ 087A06DB98D0E84C0DE90EE308707E63, 96E8CDC492115A93B1B244196947E45D3C30CF64F538EAB634E0B02BEFBF1607 ] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
07:34:54.0027 0x14f8 NUSB3MON - detected UnsignedFile.Multi.Generic ( 1 )
07:34:56.0956 0x14f8 Detect skipped due to KSN trusted
07:34:56.0956 0x14f8 NUSB3MON - ok
07:34:57.0005 0x14f8 [ 2C1B1E9174D94E9F6EE3CF373ABAB7DD, 729D283DF70F727824EBCA223D5E5B27D16E3E2B5312B1B34CAE1E763192D7B5 ] C:\Windows\system32\igfxtray.exe
07:34:57.0018 0x14f8 IgfxTray - ok
07:34:57.0028 0x14f8 [ 87D78CF6365BDDACBE9D34B60FE0E23B, 4561DE7171FD9035FEDF7EEA059859732996A5E72364D0D9F230563A1A6AE3D4 ] C:\Windows\system32\hkcmd.exe
07:34:57.0042 0x14f8 HotKeysCmds - ok
07:34:57.0055 0x14f8 [ 89D3DE5E2C77DCD99C56F0E46310AEA0, 02E1B2353E5D5F65D7968698AFE079A4DF11C230F6213C07D128F47147BACA29 ] C:\Windows\system32\igfxpers.exe
07:34:57.0069 0x14f8 Persistence - ok
07:34:57.0174 0x14f8 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
07:34:57.0237 0x14f8 Adobe ARM - ok
07:34:57.0264 0x14f8 [ DCD896D043D9F19664029AA35118497F, AEE3F281AE1EE791CE4DE91467CBCCB7EDDA790776CE1F80595803C36FA8CE87 ] C:\Program Files\avmwlanstick\FRITZWLANMini.exe
07:34:57.0276 0x14f8 AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
07:35:00.0331 0x14f8 Detect skipped due to KSN trusted
07:35:00.0331 0x14f8 AVMWlanClient - ok
07:35:00.0444 0x14f8 [ 4D5D968FE6AE6BF94A807F73F7FF6B3D, 3D5D5D775EE251C2B903AA8DA804AE4D1632DD59A8A0A36C545FE984FCFE06DD ] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
07:35:00.0496 0x14f8 BrMfcWnd - detected UnsignedFile.Multi.Generic ( 1 )
07:35:03.0924 0x14f8 Detect skipped due to KSN trusted
07:35:03.0924 0x14f8 BrMfcWnd - ok
07:35:04.0003 0x14f8 [ 4DE3EF07E0854547309C6B40235A9D44, F73D8E6D98583865D1C8DB728058D83C72A3908E21E04EF313FCB829C040A1EC ] C:\Program Files\Brother\ControlCenter3\brctrcen.exe
07:35:04.0029 0x14f8 ControlCenter3 - detected UnsignedFile.Multi.Generic ( 1 )
07:35:07.0238 0x14f8 Detect skipped due to KSN trusted
07:35:07.0238 0x14f8 ControlCenter3 - ok
07:35:07.0351 0x14f8 [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
07:35:07.0383 0x14f8 avgnt - ok
07:35:07.0459 0x14f8 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
07:35:07.0475 0x14f8 SunJavaUpdateSched - ok
07:35:07.0598 0x14f8 [ 7A84DB64E06281C86AD66CC6F2D6F4C7, 14C8E6A21B92732E17567B3F4591E70E8248853A8A517CE7CB8319F9A27F7C57 ] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
07:35:07.0674 0x14f8 Wondershare Helper Compact.exe - ok
07:35:07.0866 0x14f8 [ 8CB85437667AEDBD8497D2CA85F4A17A, 196F1F3208674944C554624E5DA6A614F8070467E32F0C1BAB9AC409783E5804 ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
07:35:07.0880 0x14f8 Avira Systray - ok
07:35:08.0058 0x14f8 [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
07:35:08.0072 0x14f8 GrooveMonitor - ok
07:35:08.0180 0x14f8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
07:35:08.0330 0x14f8 Sidebar - ok
07:35:08.0332 0x14f8 Waiting for KSN requests completion. In queue: 6
07:35:09.0332 0x14f8 Waiting for KSN requests completion. In queue: 6
07:35:10.0335 0x14f8 Waiting for KSN requests completion. In queue: 6
07:35:11.0379 0x14f8 AV detected via SS2: Avira Antivirus, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated )
07:35:11.0383 0x14f8 Win FW state via NFP2: enabled ( trusted )
07:35:14.0179 0x14f8 ============================================================
07:35:14.0179 0x14f8 Scan finished
07:35:14.0179 0x14f8 ============================================================
07:35:14.0188 0x09e0 Detected object count: 0
07:35:14.0188 0x09e0 Actual detected object count: 0
|
|
30.09.2015, 19:36
| #6 |
| /// the machine /// TB-Ausbilder | PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts hi, Scan mit Combofix
__________________ --> PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts |
|
01.10.2015, 05:48
| #7 |
| | PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts Danke schön ! Hier nun der erforderliche Log von Combofix: Code:
ATTFilter ComboFix 15-09-25.01 - Kerstin 01.10.2015 5:52.6.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3293.1661 [GMT 2:00]
ausgeführt von:: c:\users\Kerstin\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kerstin\AppData\Local\temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-09-01 bis 2015-10-01 ))))))))))))))))))))))))))))))
.
.
2015-10-01 04:01 . 2015-10-01 04:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-10-01 04:01 . 2015-10-01 04:01 -------- d-----w- c:\users\Neu\AppData\Local\temp
2015-10-01 04:01 . 2015-10-01 04:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-01 04:01 . 2015-10-01 04:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-10-01 03:54 . 2015-10-01 03:54 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEE10804-3B5B-443B-96AD-A3BBBE60ABD2}\offreg.240.dll
2015-09-30 04:42 . 2015-09-30 05:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-09-29 12:00 . 2015-08-31 23:05 8884144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEE10804-3B5B-443B-96AD-A3BBBE60ABD2}\mpengine.dll
2015-09-29 06:25 . 2015-09-30 17:18 -------- d-----w- c:\users\Kerstin\AppData\Local\gtk-2.0
2015-09-29 04:01 . 2015-09-29 04:03 -------- d-----w- c:\program files\GIMP 2
2015-09-29 03:57 . 2015-09-29 03:57 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-09-25 08:26 . 2015-09-25 08:26 -------- d-----w- c:\users\Kerstin\AppData\Local\Passbild_Generator
2015-09-18 11:12 . 2015-09-18 11:12 -------- d-----w- c:\program files\XING
2015-09-18 11:07 . 2015-09-18 11:07 -------- d-----w- c:\program files\MSECache
2015-09-18 11:03 . 2015-09-18 11:12 -------- d-----w- c:\users\Kerstin\AppData\Roaming\XING
2015-09-09 04:07 . 2015-07-09 17:42 67584 ----a-w- c:\windows\system32\dwmapi.dll
2015-09-09 04:06 . 2015-08-26 17:56 93184 ----a-w- c:\windows\system32\wudriver.dll
2015-09-09 04:06 . 2015-08-26 17:56 35840 ----a-w- c:\windows\system32\wups2.dll
2015-09-09 04:06 . 2015-08-26 17:56 30208 ----a-w- c:\windows\system32\wups.dll
2015-09-09 04:06 . 2015-08-26 17:56 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-09-09 04:06 . 2015-08-26 17:56 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-09-09 04:06 . 2015-08-26 17:56 2953728 ----a-w- c:\windows\system32\wucltux.dll
2015-09-09 04:06 . 2015-08-26 17:56 2061824 ----a-w- c:\windows\system32\wuaueng.dll
2015-09-09 04:06 . 2015-08-26 17:55 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-09-09 04:06 . 2015-08-26 17:55 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-09-09 04:06 . 2015-08-26 17:55 34816 ----a-w- c:\windows\system32\wuapp.exe
2015-09-09 04:06 . 2015-08-26 17:55 135680 ----a-w- c:\windows\system32\wuauclt.exe
2015-09-09 04:06 . 2015-07-15 02:54 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-03 04:41 . 2015-09-03 04:44 -------- d-----w- c:\users\Kerstin\AppData\Local\gladinet
2015-09-02 13:19 . 2015-09-02 13:19 -------- d-----w- c:\users\Kerstin\AppData\Roaming\FLEXnet
2015-09-02 11:53 . 2015-09-02 11:53 -------- d--h--w- c:\programdata\Gladinet
2015-09-02 11:50 . 2015-09-02 11:50 -------- d-----w- c:\programdata\Licenses
2015-09-02 11:47 . 2015-09-02 11:47 -------- d-----w- c:\programdata\FLEXnet
2015-09-02 11:38 . 2015-09-02 11:39 -------- d-----w- C:\ppdf-12-std-web-efgdiswabtmjkpryznch-15356.100
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-30 04:42 . 2015-04-04 10:20 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-30 04:41 . 2015-04-04 10:19 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-24 10:13 . 2013-05-06 10:30 55912 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-09-24 10:13 . 2013-02-11 09:05 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-09-22 07:11 . 2012-04-18 06:12 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-09-22 07:11 . 2012-02-13 21:15 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-28 08:55 . 2015-08-28 08:55 99208 ----a-w- c:\windows\system32\pdfcmon.dll
2015-07-30 17:57 . 2015-08-12 05:03 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57 . 2015-08-12 05:03 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-12 05:03 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 13:13 . 2015-08-12 15:32 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-29 03:36 . 2013-02-11 09:05 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-07-28 20:04 . 2015-08-12 05:04 15808 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:00 . 2015-08-12 05:04 635904 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:00 . 2015-08-12 05:04 598528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:00 . 2015-08-12 05:04 346112 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:00 . 2015-08-12 05:04 952832 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:00 . 2015-08-12 05:04 60416 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:00 . 2015-08-12 05:04 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:54 . 2015-08-12 05:04 934400 ----a-w- c:\windows\system32\aeinv.dll
2015-07-15 18:37 . 2015-08-12 05:03 2560 ----a-w- c:\windows\system32\drivers\de-DE\mountmgr.sys.mui
2015-07-15 17:59 . 2015-08-12 05:04 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:55 . 2015-08-12 05:04 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 17:54 . 2015-08-12 05:03 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 02:55 . 2015-08-12 05:03 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-07-10 17:34 . 2015-08-12 05:04 36864 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-10 17:34 . 2015-08-12 05:04 3221504 ----a-w- c:\windows\system32\mstscax.dll
2015-07-10 17:33 . 2015-08-12 05:04 131584 ----a-w- c:\windows\system32\aaclient.dll
2015-07-09 17:42 . 2015-08-12 05:04 179712 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 17:42 . 2015-08-12 05:04 179712 ----a-w- c:\windows\notepad.exe
2015-07-04 17:48 . 2015-07-15 06:54 1414656 ----a-w- c:\windows\system32\ole32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-07-16 14:47 1605832 ----a-w- c:\users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-07-16 14:47 1605832 ----a-w- c:\users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-07-16 14:47 1605832 ----a-w- c:\users\Kerstin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2007-02-02 283136]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-09-24 782520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-06-04 2024800]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2015-02-12 127792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2015-09-24 932912]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2015-09-24 1148688]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2015-02-12 184056]
R2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-06-18 1133880]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [x]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2014-01-07 65232]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-08-15 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys [2015-03-29 250152]
R4 SQLAgent$EASYWINART;SQL Server Agent (EASYWINART);c:\program files\Microsoft SQL Server\MSSQL10_50.EASYWINART\MSSQL\Binn\SQLAGENT.EXE [2015-03-29 381104]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-07 13560]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2015-05-07 37896]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2015-09-24 461672]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-09-24 55912]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-02-27 81920]
S2 MSSQL$EASYWINART;SQL Server (EASYWINART);c:\program files\Microsoft SQL Server\MSSQL10_50.EASYWINART\MSSQL\Binn\sqlservr.exe [2015-03-29 43130032]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-02-27 2732032]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 58880]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 137728]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
Inhalt des "geplante Tasks" Ordners
.
2015-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 07:11]
.
2015-08-21 c:\windows\Tasks\AsLiftRightsForClient_SessionSessionId1.job
- c:\users\Kerstin\AppData\Local\pcvisit Software AG\caloa\pcvisit.Support.guest.15\release\15.0.6.7994\client.exe [2015-08-21 00:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.goolge.de/
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\Kerstin\AppData\Local\Temp\ie_script.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\d47kip6p.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} - c:\program files\PDFCreator\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,7e,5c,d8,37,cd,f9,46,bc,6e,03,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,7e,5c,d8,37,cd,f9,46,bc,6e,03,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-10-01 06:32:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-10-01 04:32
ComboFix2.txt 2015-04-04 10:16
ComboFix3.txt 2014-08-26 13:05
ComboFix4.txt 2014-03-20 07:40
ComboFix5.txt 2015-10-01 03:48
.
Vor Suchlauf: 1136 Verzeichnis(se), 387.602.481.152 Bytes frei
Nach Suchlauf: 1139 Verzeichnis(se), 389.053.026.304 Bytes frei
.
- - End Of File - - EE42028E6CD16402DF11E3D62B9BD836
A36C5E4F47E84449FF07ED3517B43A31
|
|
01.10.2015, 18:30
| #8 |
| /// the machine /// TB-Ausbilder | PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.10.2015, 13:38
| #9 |
| | PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts Guten Tag, Schrauber, vielen Dank für alles. Leider hat sich noch nichts geändert oder gebessert. Gestern, naja wie soll ich sagen, ein richtiger Irrsinn wie abhängig ich vom Pc bin (beruflich). Durch die Problematiik ist automatisch meine eigene Arbeitsleistung massivst reduziert. Wenn ich rechne, was ich in dieser Woche gearbeitet habe, also umgesetzt, so gut wie nichts... Hier mal einige Fehlermeldungen die ich dauernd habe: Mozilla = Keine Rückmeldung / IE = Keine Rückmeldung & Google reagiert nicht Sowie Warnung: Nicht antwortendes Plugin ist möglicherweise beschäftigt oder reagiert nicht mehr. Sie können das Plugin jetzt stoppen um zu sehen ob das Plugin weiter arbeitet. Hier nun die Logs: 1.MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 02.10.2015 Suchlaufzeit: 07:04 Protokolldatei: Log Mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.10.02.01 Rootkit-Datenbank: v2015.09.22.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Kerstin Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 421812 Abgelaufene Zeit: 14 Min., 56 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) 2. ADW Cleaner Code:
ATTFilter # AdwCleaner v5.009 - Bericht erstellt am 02/10/2015 um 07:36:56
# Aktualisiert am 27/09/2015 von Xplode
# Datenbank : 2015-09-30.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Kerstin - USER1011-PC
# Gestartet von : C:\Users\Kerstin\Desktop\AdwCleaner_5.009.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
Ordner Gefunden : C:\Program Files\DriverTuner
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
Ordner Gefunden : C:\Users\Kerstin\AppData\Local\DriverTuner
Ordner Gefunden : C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\simple_new_tab
***** [ Dateien ] *****
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
Task Gefunden : Adobe Flash Player Updater
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SDP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [plushd8.1-validator.job]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [plushd8.1-validator.job.fp]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [plushd8.1-firefoxinstaller.job]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [plushd8.1-firefoxinstaller.job.fp]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [plushd8.1-codedownloader.job]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [plushd8.1-codedownloader.job.fp]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [plushd8.1-enabler.job]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [plushd8.1-enabler.job.fp]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [plushd8.1-updater.job]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [plushd8.1-updater.job.fp]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [plushd8.1-bg.exe]
Schlüssel Gefunden : HKCU\Software\Classes\CLSID\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Smart PC Solutions
Schlüssel Gefunden : HKCU\Software\Yahoo\Companion
Schlüssel Gefunden : HKU\S-1-5-21-3467251772-538213018-3341465458-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\pdfforge
Schlüssel Gefunden : HKU\S-1-5-21-3467251772-538213018-3341465458-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\AppDataLow\Software\pdfforge
***** [ Internetbrowser ] *****
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3570 Bytes] ##########
3. JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Professional x86
Ran by Kerstin on 02.10.2015 at 7:41:40,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
~~~ Files
~~~ Folders
~~~ Chrome
[C:\Users\Kerstin\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Kerstin\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Kerstin\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Kerstin\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.10.2015 at 7:43:39,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ich glaube ich habe die Ursache gefunden. Bitte geben Sie mir noch einige Tage Zeit um den Pc zu beobachten und ob ich mit meiner Einschätzung richtig liege. Ich melde mich definitiv um den Beitrag zu schliessen wenn es das war was ich vermute: Ich habe ein HTML Template (Webseitentemplate) auf dem Dektop liegen das eine Videodatei als Hintergrund hat. Kein Vollbildvideo. Aber mir fiel heute auf, dass erst nachdem ich die HTML DAtei in einem Browser geöffnet hatte, das Ganze anfing. Wenn ich den PC morgens ganz frisch hochfuhr schien alles normal, dann fing es an. Hinweis: Ich arbeite zur Zeit an diesem Template zwecks Anpassung. Ich habe nun den Videobackground im HTML Code entfernt und durch ein simples Bild ersetzt. Im Moment kann ich nun keine Probleme im betriebsablauf des Pcs mehr feststellen. Ich bitte freundlichst um Ihre Geduld ob sich mit meiner Vermutung das Problem gelöst hat. UNabängig davon sage ich: Vielen, vielen Dank! Diesen Beitrag bitte noch offen lassen falls ich mich irre. Ich melde mich - garantiert - wenn er gegenstandlos sein sollte. Vielen Dank - sandsonne. Geändert von sandsonne (02.10.2015 um 07:28 Uhr) |
|
03.10.2015, 11:31
| #10 |
| /// the machine /// TB-Ausbilder | PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts Hi, trotzdem auf jeden Fall nochmal den AdwCleaner laufen lassen, es wurde nur gesucht, nix entfernt 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.10.2015, 07:03
| #11 |
| | PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts Guten Tag, Schrauber, also: Es war tatsächlich wie ich vermutet habe: das Video ist aus der HTML raus und alles läuft gut. Verstehen kann ich es nicht, denn es ist kein großes Video, kein gekauftes oder gar schlimmeres. Trotzdem hat die Datei irgendetwas an sich, was den Pcbetrieb massivst lahmlegt. Schade weil ich es sehr gerne in die HTML einbaut gelassen hätte. Nun noch zwei Sachen: Du sagtest, AdwCleaner laufen lassen, es wurde nur gesucht, nix entfernt. Um zu entfernen, was muss ich denn dann anders machen? Hast Du weitere Reinigungsratschläge die ich heute durchführen sollte, lass es mich bitte freundlicherweise wissen. Und last but not least: Ich habe heute einen Spendenbeitrag überweisen, mich an die Kontoangaben hier http://www.trojaner-board.de/payments.php gehalten. Sollten diese nicht mehr aktuell sein, lass es mich doch bitte wissen. Ansonsten auch diesmal wieder: Vielen Dank. sandsonne. |
|
06.10.2015, 17:21
| #12 |
| /// the machine /// TB-Ausbilder | PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts Wie in der Anleitung zu AdwCleaner vorgehen, die ich weiter oben gepostet habe, du musst auch auf Löschen klicken Spende passt, danke Dann weiter zur Kontrolle: ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu PC läuft extrem zeitverzögert - Tastatureingaben & Befehle sowie Programmstarts |
| angezeigt, ausser, befehle, beobachtung, bildschirm, brauche, dauerhaft, dauert, erscheint, firefox, guten, hinweis, jahre, neuinstallation, niemand, nutze, nutzt, programm, programme, programmstart, servicepack, system, täglich, verzögert, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
