Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Unzählige Abstürze, Win7 sehr instabil und langsam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.04.2015, 18:43   #1
NeedHelp08
 
Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



Hallo Leute,

Ich habe seit einiger Zeit ein ziemlich schwerwiegendes Problem. Der Laptop, insbesondere Firefox und IE stürzen andauernd ab, WIN7 wird meist mit einem kryptischen Bluescreen neugestartet. Kurz gesagt, mein System läuft sehr instabil in letzter Zeit.

Ich habe euch die Log nach dem letzten Absturz von Firefox unten angehängt. Ich würde mich freuen, wenn die Profis mir weiterhelfen könnten, damit ich mein Laptop wieder wie gewohnt weiterverwenden kann.

Vielen Dank im Voraus
Grüße Andy

Alt 07.04.2015, 18:44   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



hi,

ich seh kein Log.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 07.04.2015, 18:54   #3
NeedHelp08
 
Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



Hallo

Die Firefox Log habe ich in meinen ersten Beitrag reineditiert. Die Logs von Frst sind am Ende dieses Beitrags zu finden.

Vielen Dank
__________________

Alt 08.04.2015, 10:59   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.04.2015, 20:56   #5
NeedHelp08
 
Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



Hallo

Entschuldige bitte die späte Antwort.

Firefox-Log
Code:
ATTFilter
Accessibility: Active
AdapterDeviceID: 0x9806
AdapterDriverVersion: 14.100.0.0
AdapterSubsysID: 3577103c
AdapterVendorID: 0x1002
Add-ons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1,ich%40maltegoetz.de:2.0.0.1,%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.6.7
AvailablePageFile: 6308663296
AvailablePhysicalMemory: 2619604992
AvailableVirtualMemory: 1651757056
BIOS_Manufacturer: Hewlett-Packard
BlockedDllList: 
BreakpadReserveAddress: 30539776
BreakpadReserveSize: 41943040
BuildID: 20150122214805
CrashTime: 1428428323
EMCheckCompatibility: true
Email: 
FramePoisonBase: 00000000f0de0000
FramePoisonSize: 65536
InstallTime: 1422433444
Notes: AdapterVendorID: 0x1002, AdapterDeviceID: 0x9806, AdapterSubsysID: 3577103c, AdapterDriverVersion: 14.100.0.0
D3D11 Layers? D3D11 Layers+ 
ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
ProductName: Firefox
ReleaseChannel: release
SecondsSinceLastCrash: 1540
StartupTime: 1428428288
SystemMemoryUsePercentage: 30
Theme: classic/1.0
Throttleable: 1
TotalPageFile: 7503716352
TotalPhysicalMemory: 3752755200
TotalVirtualMemory: 2147352576
URL: http://www.trojaner-board.de/newthre...=newthread&f=8
User32BeforeBlocklist: 1
Vendor: Mozilla
Version: 35.0.1
Winsock_LSP: MSAFD-Tcpip [TCP/IPv6] : 2 : 1 :  
 MSAFD-Tcpip [UDP/IPv6] : 2 : 2 : %SystemRoot%\system32\mswsock.dll 
 MSAFD-Tcpip [RAW/IPv6] : 2 : 3 :  
 MSAFD-Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%\system32\mswsock.dll 
 MSAFD-Tcpip [UDP/IP] : 2 : 2 :  
 MSAFD-Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll 
 RSVP-TCPv6-Dienstanbieter : 2 : 1 :  
 RSVP-TCP-Dienstanbieter : 2 : 1 : %SystemRoot%\system32\mswsock.dll 
 RSVP-UDPv6-Dienstanbieter : 2 : 2 :  
 RSVP-UDP-Dienstanbieter : 2 : 2 : %SystemRoot%\system32\mswsock.dll 
 MSAFD RfComm [Bluetooth] : 2 : 1 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BF6BE29-2A05-4678-BEB7-7DE59B4224F0}] SEQPACKET 6 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BF6BE29-2A05-4678-BEB7-7DE59B4224F0}] DATAGRAM 6 : 2 : 2 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D8C590F-06BB-4832-8DDE-8F828F5AC71F}] SEQPACKET 7 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D8C590F-06BB-4832-8DDE-8F828F5AC71F}] DATAGRAM 7 : 2 : 2 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{60E5978C-5410-4666-B4D5-55EDAADCB26A}] SEQPACKET 4 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{60E5978C-5410-4666-B4D5-55EDAADCB26A}] DATAGRAM 4 : 2 : 2 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{9354444B-C0C9-4ABF-86AE-42265F0D16E2}] SEQPACKET 0 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip_{9354444B-C0C9-4ABF-86AE-42265F0D16E2}] DATAGRAM 0 : 2 : 2 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{320E1C48-CA5F-4848-ACE0-6CD608130A3C}] SEQPACKET 10 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{320E1C48-CA5F-4848-ACE0-6CD608130A3C}] DATAGRAM 10 : 2 : 2 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D90F9DF7-CF8D-411F-BCB5-84E72D536F03}] SEQPACKET 1 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D90F9DF7-CF8D-411F-BCB5-84E72D536F03}] DATAGRAM 1 : 2 : 2 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7CF8ADA3-E8AB-4A45-A7B1-032E3ABE1514}] SEQPACKET 11 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7CF8ADA3-E8AB-4A45-A7B1-032E3ABE1514}] DATAGRAM 11 : 2 : 2 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BDF26C6F-9C6C-4DE7-9BB0-5627731B5D8F}] SEQPACKET 12 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BDF26C6F-9C6C-4DE7-9BB0-5627731B5D8F}] DATAGRAM 12 : 2 : 2 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7A3E67B3-56E3-4CD8-A4F2-639259FB6D57}] SEQPACKET 3 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7A3E67B3-56E3-4CD8-A4F2-639259FB6D57}] DATAGRAM 3 : 2 : 2 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5BF6BE29-2A05-4678-BEB7-7DE59B4224F0}] SEQPACKET 9 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5BF6BE29-2A05-4678-BEB7-7DE59B4224F0}] DATAGRAM 9 : 2 : 2 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6D8C590F-06BB-4832-8DDE-8F828F5AC71F}] SEQPACKET 8 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6D8C590F-06BB-4832-8DDE-8F828F5AC71F}] DATAGRAM 8 : 2 : 2 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{60E5978C-5410-4666-B4D5-55EDAADCB26A}] SEQPACKET 5 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{60E5978C-5410-4666-B4D5-55EDAADCB26A}] DATAGRAM 5 : 2 : 2 :  
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9354444B-C0C9-4ABF-86AE-42265F0D16E2}] SEQPACKET 2 : 2 : 5 : %SystemRoot%\system32\mswsock.dll 
 MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9354444B-C0C9-4ABF-86AE-42265F0D16E2}] DATAGRAM 2 : 2 : 2 : 
useragent_locale: de

Diese Meldung enthält Informationen über den Status der Anwendung zum Zeitpunkt des Absturzes.
         
Frst-Log

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by xxx (administrator) on xxx-PC on 07-04-2015 19:47:02
Running from C:\Users\xxx\Downloads
Loaded Profiles: xxx (Available profiles: xxx)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6253160 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-03-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-18] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [370912 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-905575457-879607011-4093534939-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-905575457-879607011-4093534939-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-16] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-16] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-16] (Oracle Corporation)
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\searchplugins\suche.xml [2014-01-26]
FF Extension: WOT - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-15]
FF Extension: ProxTube - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\Extensions\ich@maltegoetz.de.xpi [2014-09-30]
FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-16]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-16] (AVAST Software)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66688 2011-04-16] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [33408 2011-04-16] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [184032 2014-03-28] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-02-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73480 2015-02-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-02-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-02-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-02-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-02-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-02-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-02-16] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-01] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-01] (Atheros)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 catchme; \??\C:\Users\xxx\AppData\Local\Temp\catchme.sys [X]
S3 gnvgvkgd; \??\C:\Windows\system32\drivers\ngiodriver_x86 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 19:47 - 2015-04-07 19:47 - 00010694 _____ () C:\Users\xxx\Downloads\FRST.txt
2015-04-07 19:46 - 2015-04-07 19:46 - 01135104 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe
2015-04-07 19:31 - 2015-04-07 19:31 - 301823138 _____ () C:\Windows\MEMORY.DMP
2015-04-07 19:31 - 2015-04-07 19:31 - 00574624 _____ () C:\Windows\Minidump\040715-23634-01.dmp
2015-04-07 19:31 - 2015-04-07 19:31 - 00000056 _____ () C:\Windows\setupact.log
2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-18 17:53 - 2015-02-16 13:52 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 19:47 - 2014-05-12 09:50 - 00000000 ____D () C:\FRST
2015-04-07 19:40 - 2009-07-14 06:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-07 19:40 - 2009-07-14 06:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-07 19:39 - 2010-11-20 23:01 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-07 19:36 - 2012-05-10 19:50 - 01822201 _____ () C:\Windows\WindowsUpdate.log
2015-04-07 19:33 - 2012-05-11 00:10 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-07 19:31 - 2014-11-29 11:25 - 00000000 ____D () C:\Windows\Minidump
2015-04-07 19:31 - 2012-05-10 22:02 - 00000000 ____D () C:\Users\xxx
2015-04-07 19:31 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-07 19:16 - 2012-07-22 11:37 - 00000000 ____D () C:\Users\xxx\AppData\Local\CrashDumps
2015-03-18 17:54 - 2015-02-16 13:53 - 00002005 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

==================== Files in the root of some directories =======

2014-10-20 13:24 - 2014-10-20 13:25 - 50063360 _____ () C:\Program Files\GUT6123.tmp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-18 19:38

==================== End Of Log ============================
         
--- --- ---


Addition
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by xxx at 2015-04-07 19:48:15
Running from C:\Users\xxx\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{7FEFA920-0095-A7D7-C394-096E1A5470C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.2.0.60 - Atheros Communications)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5120 - CyberLink Corp.)
FileHippo App Manager (HKLM\...\FileHippo.com) (Version:  - FileHippo.com)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
HydraVision (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6461 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

25-11-2014 20:06:02 Windows Update
26-11-2014 11:05:03 Windows Update
04-12-2014 16:56:34 Windows Update
13-12-2014 11:16:37 Windows Update
14-12-2014 18:39:21 Windows Update
06-01-2015 17:07:00 Windows Update
09-01-2015 13:26:20 Windows Update
25-01-2015 17:16:38 Windows Update
16-02-2015 13:21:30 avast! antivirus system restore point
16-02-2015 13:29:32 Windows Update
16-02-2015 13:34:59 avast! antivirus system restore point
16-02-2015 13:50:42 avast! antivirus system restore point
16-02-2015 14:38:55 avast! antivirus system restore point
18-03-2015 17:51:38 avast! antivirus system restore point
07-04-2015 19:28:30 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {204756FC-1FE5-43A6-BE1F-EE4F49EAD7F4} - System32\Tasks\{2341CCD2-678C-46D8-AB43-1360BA2365EA} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.1.0.105&amp;LastError=-3
Task: {56CD1937-36E8-4EA0-B2A1-803B1194E747} - System32\Tasks\{57D855B7-0760-459E-942E-962D5C7336DE} => pcalua.exe -a E:\sp53753.exe -d E:\
Task: {677CD973-55A4-4872-A68B-E1A687D2B65B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-16] (AVAST Software)
Task: {8B7E67A8-61D7-4265-BC4B-1E971B5FFCBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {996DA765-C3B6-4AF0-87AC-6725715D9F12} - System32\Tasks\MirageAgent => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [2012-03-20] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2015-03-18 17:51 - 2015-03-18 17:51 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031800\algo.dll
2014-04-17 22:28 - 2014-04-17 22:28 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-16 13:52 - 2015-02-16 13:52 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-21 04:06 - 2015-01-21 04:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-04-17 22:28 - 2014-04-17 22:28 - 00095744 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-15 13:45 - 2015-01-28 10:23 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-905575457-879607011-4093534939-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

==================== Accounts: =============================

Administrator (S-1-5-21-905575457-879607011-4093534939-500 - Administrator - Disabled)
Gast (S-1-5-21-905575457-879607011-4093534939-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-905575457-879607011-4093534939-1003 - Limited - Enabled)
xxx (S-1-5-21-905575457-879607011-4093534939-1000 - Administrator - Enabled) => C:\Users\xxx

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2015 07:33:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2015 07:28:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {716af39f-471f-4c05-9e2d-93e9f6b35bea}

Error: (04/07/2015 07:07:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2015 06:02:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21746

Error: (03/18/2015 06:02:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21746

Error: (03/18/2015 06:02:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/18/2015 05:51:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {138fd23b-bced-4121-833c-864138f0207e}

Error: (03/18/2015 05:40:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_WinDefend, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00052c26
ID des fehlerhaften Prozesses: 0x220
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_WinDefend0
Pfad der fehlerhaften Anwendung: svchost.exe_WinDefend1
Pfad des fehlerhaften Moduls: svchost.exe_WinDefend2
Berichtskennung: svchost.exe_WinDefend3

Error: (03/18/2015 05:38:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_WinDefend, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.11302.0, Zeitstempel: 0x547d9816
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b2f69
ID des fehlerhaften Prozesses: 0x86c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_WinDefend0
Pfad der fehlerhaften Anwendung: svchost.exe_WinDefend1
Pfad des fehlerhaften Moduls: svchost.exe_WinDefend2
Berichtskennung: svchost.exe_WinDefend3

Error: (03/18/2015 05:35:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/07/2015 07:34:13 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 80.

Error: (04/07/2015 07:33:24 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (04/07/2015 07:32:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TeamViewer 10" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/07/2015 07:32:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TeamViewer 10 erreicht.

Error: (04/07/2015 07:31:37 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000116 (0x86bc6510, 0x928e670e, 0x00000000, 0x00000002)C:\Windows\MEMORY.DMP040715-23634-01

Error: (04/07/2015 07:31:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎07.‎04.‎2015 um 19:30:15 unerwartet heruntergefahren.

Error: (04/07/2015 07:21:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 51. Der interne Fehlerstatus lautet: 802.

Error: (04/07/2015 07:21:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 51. Der interne Fehlerstatus lautet: 1106.

Error: (04/07/2015 07:19:25 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 51. Der interne Fehlerstatus lautet: 802.

Error: (04/07/2015 07:19:25 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 51. Der interne Fehlerstatus lautet: 1106.


Microsoft Office Sessions:
=========================
Error: (04/07/2015 07:33:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2015 07:28:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {716af39f-471f-4c05-9e2d-93e9f6b35bea}

Error: (04/07/2015 07:07:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/18/2015 06:02:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21746

Error: (03/18/2015 06:02:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21746

Error: (03/18/2015 06:02:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/18/2015 05:51:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {138fd23b-bced-4121-833c-864138f0207e}

Error: (03/18/2015 05:40:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_WinDefend6.1.7600.163854a5bc100ntdll.dll6.1.7601.18247521ea91cc00000fd00052c2622001d06191cd6cd0a4C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll17f56a9d-cd85-11e4-ba7a-74de2bb9bf22

Error: (03/18/2015 05:38:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_WinDefend6.1.7600.163854a5bc100mpengine.dll1.1.11302.0547d9816c0000005000b2f6986c01d061910cdf8ae5C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C6C4A887-E207-4F59-B0C0-79722F1BAD92}\mpengine.dlle2f5470e-cd84-11e4-ba7a-74de2bb9bf22

Error: (03/18/2015 05:35:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 3578.91 MB
Available physical RAM: 2417.02 MB
Total Pagefile: 7156.1 MB
Available Pagefile: 5830.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:261.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B03E7563)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---


Alt 11.04.2015, 07:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Unzählige Abstürze, Win7 sehr instabil und langsam

Alt 11.04.2015, 09:37   #7
NeedHelp08
 
Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



Hallo und vielen Dank bisher. Der TDSSKiller hat ein Objekt gefunden.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.11.01
  rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
xxx :: xxx-PC [administrator]

11.04.2015 10:12:43
mbar-log-2015-04-11 (10-12-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 26727
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
10:28:28.0965 0x1370  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
10:28:34.0344 0x1370  ============================================================
10:28:34.0345 0x1370  Current date / time: 2015/04/11 10:28:34.0344
10:28:34.0345 0x1370  SystemInfo:
10:28:34.0345 0x1370  
10:28:34.0345 0x1370  OS Version: 6.1.7601 ServicePack: 1.0
10:28:34.0345 0x1370  Product type: Workstation
10:28:34.0345 0x1370  ComputerName: xxx-PC
10:28:34.0346 0x1370  UserName: xxx
10:28:34.0346 0x1370  Windows directory: C:\Windows
10:28:34.0346 0x1370  System windows directory: C:\Windows
10:28:34.0346 0x1370  Processor architecture: Intel x86
10:28:34.0346 0x1370  Number of processors: 2
10:28:34.0346 0x1370  Page size: 0x1000
10:28:34.0346 0x1370  Boot type: Normal boot
10:28:34.0346 0x1370  ============================================================
10:28:34.0723 0x1370  KLMD registered as C:\Windows\system32\drivers\52806375.sys
10:28:35.0233 0x1370  System UUID: {5395D611-7D34-E0C6-DC8B-B7AAD5B8349D}
10:28:36.0629 0x1370  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:28:36.0629 0x1370  ============================================================
10:28:36.0629 0x1370  \Device\Harddisk0\DR0:
10:28:36.0629 0x1370  MBR partitions:
10:28:36.0629 0x1370  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:28:36.0629 0x1370  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
10:28:36.0629 0x1370  ============================================================
10:28:36.0660 0x1370  C: <-> \Device\Harddisk0\DR0\Partition2
10:28:36.0660 0x1370  ============================================================
10:28:36.0660 0x1370  Initialize success
10:28:36.0660 0x1370  ============================================================
10:29:33.0803 0x165c  ============================================================
10:29:33.0803 0x165c  Scan started
10:29:33.0803 0x165c  Mode: Manual; SigCheck; TDLFS; 
10:29:33.0803 0x165c  ============================================================
10:29:33.0803 0x165c  KSN ping started
10:29:47.0687 0x165c  KSN ping finished: true
10:29:48.0732 0x165c  ================ Scan system memory ========================
10:29:48.0732 0x165c  System memory - ok
10:29:48.0732 0x165c  ================ Scan services =============================
10:29:49.0153 0x165c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:29:49.0325 0x165c  1394ohci - ok
10:29:49.0387 0x165c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:29:49.0434 0x165c  ACPI - ok
10:29:49.0465 0x165c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:29:49.0512 0x165c  AcpiPmi - ok
10:29:49.0590 0x165c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:29:49.0637 0x165c  adp94xx - ok
10:29:49.0699 0x165c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:29:49.0746 0x165c  adpahci - ok
10:29:49.0761 0x165c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:29:49.0793 0x165c  adpu320 - ok
10:29:49.0839 0x165c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:29:49.0917 0x165c  AeLookupSvc - ok
10:29:50.0105 0x165c  [ A6CE73469591554279DA63BE715DBC93, E0F2441A3814173DD93A28727DF7ECB9B58613B8E5D0C3A3FC082AF816C68CA8 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
10:29:50.0151 0x165c  AERTFilters - ok
10:29:50.0229 0x165c  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
10:29:50.0307 0x165c  AFD - ok
10:29:50.0339 0x165c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
10:29:50.0370 0x165c  agp440 - ok
10:29:50.0401 0x165c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
10:29:50.0432 0x165c  aic78xx - ok
10:29:50.0479 0x165c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
10:29:50.0541 0x165c  ALG - ok
10:29:50.0604 0x165c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:29:50.0619 0x165c  aliide - ok
10:29:50.0713 0x165c  [ 90EC928E9542B166583D865F99F85BE8, F484697A6D0FE6E1DC7CAE3D21BEC8041D45111109E887FE6754817ADFCF6DDA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:29:50.0791 0x165c  AMD External Events Utility - ok
10:29:50.0885 0x165c  AMD FUEL Service - ok
10:29:50.0931 0x165c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:29:50.0963 0x165c  amdagp - ok
10:29:51.0009 0x165c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:29:51.0041 0x165c  amdide - ok
10:29:51.0056 0x165c  amdiox86 - ok
10:29:51.0087 0x165c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:29:51.0150 0x165c  AmdK8 - ok
10:29:52.0039 0x165c  [ D4EF00B622EBEBEF85AB53C51A509A14, AFDFF78D61D1495BD51197CF26EB34F77871DA0A13E9056DE3776C9364FBC9A9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:29:53.0162 0x165c  amdkmdag - ok
10:29:53.0349 0x165c  [ 0A536B713BF916E62A14D48B0C1739A3, 425184896AD276AD45822655ADEC9EC499A9574E5815426AD6231029B46DD194 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:29:53.0443 0x165c  amdkmdap - ok
10:29:53.0459 0x165c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:29:53.0521 0x165c  AmdPPM - ok
10:29:53.0568 0x165c  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:29:53.0599 0x165c  amdsata - ok
10:29:53.0646 0x165c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:29:53.0677 0x165c  amdsbs - ok
10:29:53.0693 0x165c  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:29:53.0724 0x165c  amdxata - ok
10:29:53.0771 0x165c  [ D4D9F054F50CC176B8AD96957CBF34A0, C79EF80F23952218F12B3CCBDC86410084238AB797E0006E1224F42AAE204B4D ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
10:29:53.0802 0x165c  amd_sata - ok
10:29:53.0833 0x165c  [ 3D50F8F1A7BEC39E3225203A34BB2BF6, 64947CA469B75E459434B62D9B0712EA61E0DE0D56026433D98A7C2CF819F338 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
10:29:53.0864 0x165c  amd_xata - ok
10:29:53.0880 0x165c  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
10:29:53.0973 0x165c  AppID - ok
10:29:54.0020 0x165c  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:29:54.0114 0x165c  AppIDSvc - ok
10:29:54.0161 0x165c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
10:29:54.0223 0x165c  Appinfo - ok
10:29:54.0270 0x165c  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:29:54.0332 0x165c  AppMgmt - ok
10:29:54.0410 0x165c  [ B43355930C1DC271315E463647A4F6EE, FF0F15E5B92993F963A5E71A0F5A39FC65A06FCFD708527F1770186B861976A5 ] APXACC          C:\Windows\system32\DRIVERS\appexDrv.sys
10:29:54.0441 0x165c  APXACC - ok
10:29:54.0473 0x165c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
10:29:54.0504 0x165c  arc - ok
10:29:54.0519 0x165c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:29:54.0551 0x165c  arcsas - ok
10:29:54.0878 0x165c  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:29:54.0925 0x165c  aspnet_state - ok
10:29:54.0987 0x165c  [ 9D23DE88C3B18BA87CD4587177CA6CEA, 46DBB867FC73E30320852F744F38B66906DD5B96C4EBB03F504CF33E867A8470 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
10:29:55.0019 0x165c  aswHwid - ok
10:29:55.0050 0x165c  [ 98F4C60F5C3E77B4A2CD1F06F7198D49, 00F04E8FB7625821837612FEACEE28AE2A5517F5BB7FBBA0DDD4C7E8FE36248B ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
10:29:55.0081 0x165c  aswMonFlt - ok
10:29:55.0143 0x165c  [ DE8D7912469E4BC5FAED78D9D1076888, 8545139B7A7D0B672A0225686BFB03EBEA6E7202D93B772CB2F74CA9E4D7F81D ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
10:29:55.0175 0x165c  aswRdr - ok
10:29:55.0253 0x165c  [ 6544697080421E62E97AAFBD0A8AA391, BB3F492BF828A147B82FDD1FC9EB9867D96DE0481554A59745D41C6BAB551700 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
10:29:55.0284 0x165c  aswRvrt - ok
10:29:55.0409 0x165c  [ E73CBE3420ECFA8FF7D0467E170E335D, B994342C92AE9167908B8CA3D03DC278E919C7073512461AFFD4C25E8D2D8D66 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
10:29:55.0533 0x165c  aswSnx - ok
10:29:55.0658 0x165c  [ 1624D5AD126B8AFE2B2E85E5B8364EB6, AB97A74C1CA9921F7753D98516D7E11750D5D3ACD143C83273B0B295625440A0 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
10:29:55.0705 0x165c  aswSP - ok
10:29:55.0814 0x165c  [ 401E663D9CBAFB580FF37A1A44AC84D9, EFF1DA23A1F316B0FA03467F6C04B83EA39D8484A1A7EDF5FCFF20F1CF8DC2E2 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
10:29:55.0861 0x165c  aswStm - ok
10:29:55.0970 0x165c  [ 0EFBC2962B156E8AC267F96D4D93EF06, 8A69672CE8B68A0A683D583287473BFAB7CF8B9771C22E398607CF2A151C7124 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
10:29:56.0017 0x165c  aswVmm - ok
10:29:56.0048 0x165c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:29:56.0126 0x165c  AsyncMac - ok
10:29:56.0189 0x165c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:29:56.0204 0x165c  atapi - ok
10:29:56.0313 0x165c  [ 4C4A576818EA028257C624AE36FF7A03, 951521E0531D943EF55737EE99BBCBD6CC6ABC50530985D774EEBE8564166EDB ] Atheros Bt&Wlan Coex Agent C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
10:29:56.0391 0x165c  Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
10:29:58.0997 0x165c  Detect skipped due to KSN trusted
10:29:58.0997 0x165c  Atheros Bt&Wlan Coex Agent - ok
10:29:59.0246 0x165c  [ CFE432E8EEACBCEA3DBF53EA76978A65, 1495A2E450B4000FBB8DCF7AC2AFE96A08AD23CBE0C7DC2BFB6A70E68CF1AEAA ] athr            C:\Windows\system32\DRIVERS\athr.sys
10:29:59.0480 0x165c  athr - ok
10:29:59.0558 0x165c  [ 636C40DAC5D13F4C354973017AA8ADC2, A32B0F39092765FCBC7D0135D8CD905C9FDB302B7A7474195108F8118833A842 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
10:29:59.0621 0x165c  AtiHDAudioService - ok
10:29:59.0683 0x165c  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:29:59.0761 0x165c  AudioEndpointBuilder - ok
10:29:59.0792 0x165c  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:29:59.0855 0x165c  Audiosrv - ok
10:30:00.0026 0x165c  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:30:00.0073 0x165c  avast! Antivirus - ok
10:30:00.0120 0x165c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:30:00.0167 0x165c  AxInstSV - ok
10:30:00.0229 0x165c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
10:30:00.0291 0x165c  b06bdrv - ok
10:30:00.0385 0x165c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
10:30:00.0447 0x165c  b57nd60x - ok
10:30:00.0494 0x165c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
10:30:00.0541 0x165c  BDESVC - ok
10:30:00.0588 0x165c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:30:00.0650 0x165c  Beep - ok
10:30:00.0713 0x165c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
10:30:00.0775 0x165c  BFE - ok
10:30:00.0837 0x165c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\system32\qmgr.dll
10:30:00.0993 0x165c  BITS - ok
10:30:01.0025 0x165c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:30:01.0071 0x165c  blbdrive - ok
10:30:01.0243 0x165c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:30:01.0274 0x165c  Bonjour Service - ok
10:30:01.0337 0x165c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:30:01.0399 0x165c  bowser - ok
10:30:01.0430 0x165c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:30:01.0493 0x165c  BrFiltLo - ok
10:30:01.0493 0x165c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:30:01.0539 0x165c  BrFiltUp - ok
10:30:01.0664 0x165c  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
10:30:01.0742 0x165c  BridgeMP - ok
10:30:01.0805 0x165c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
10:30:01.0867 0x165c  Browser - ok
10:30:01.0898 0x165c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:30:01.0961 0x165c  Brserid - ok
10:30:01.0976 0x165c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:30:02.0023 0x165c  BrSerWdm - ok
10:30:02.0023 0x165c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:30:02.0085 0x165c  BrUsbMdm - ok
10:30:02.0085 0x165c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:30:02.0132 0x165c  BrUsbSer - ok
10:30:02.0195 0x165c  [ F60E0C722442EA91F0C253B7814D8192, FCD383C9DD38B57FADB8EC5F915D8040E6B116E59DC062BD3600C7BED4039F21 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
10:30:02.0226 0x165c  BTATH_BUS - ok
10:30:02.0335 0x165c  [ 8F2223374E9FA01A016EAC0E05888D1D, E00CC0698FDB77E987804E7846D98996A29F645E32D46D87B2EAA1C1113AEB2C ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
10:30:02.0397 0x165c  BtFilter - ok
10:30:02.0460 0x165c  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
10:30:02.0522 0x165c  BthEnum - ok
10:30:02.0538 0x165c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:30:02.0600 0x165c  BTHMODEM - ok
10:30:02.0647 0x165c  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:30:02.0709 0x165c  BthPan - ok
10:30:02.0787 0x165c  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
10:30:02.0850 0x165c  BTHPORT - ok
10:30:02.0897 0x165c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
10:30:02.0975 0x165c  bthserv - ok
10:30:03.0021 0x165c  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
10:30:03.0068 0x165c  BTHUSB - ok
10:30:03.0302 0x165c  catchme - ok
10:30:03.0349 0x165c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:30:03.0427 0x165c  cdfs - ok
10:30:03.0458 0x165c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:30:03.0521 0x165c  cdrom - ok
10:30:03.0567 0x165c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:30:03.0645 0x165c  CertPropSvc - ok
10:30:03.0661 0x165c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
10:30:03.0708 0x165c  circlass - ok
10:30:03.0786 0x165c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
10:30:03.0833 0x165c  CLFS - ok
10:30:03.0973 0x165c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:30:04.0004 0x165c  clr_optimization_v2.0.50727_32 - ok
10:30:04.0098 0x165c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:30:04.0129 0x165c  clr_optimization_v4.0.30319_32 - ok
10:30:04.0176 0x165c  [ 125C828BF3673406DFD642D7BEE8434F, 0D35DFFC1B7958E5C44F8ABCAFBF965D41AB431E7829568F391B6F771523B243 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
10:30:04.0207 0x165c  clwvd - ok
10:30:04.0223 0x165c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:30:04.0269 0x165c  CmBatt - ok
10:30:04.0316 0x165c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:30:04.0347 0x165c  cmdide - ok
10:30:04.0425 0x165c  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
10:30:04.0488 0x165c  CNG - ok
10:30:04.0535 0x165c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:30:04.0566 0x165c  Compbatt - ok
10:30:04.0597 0x165c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:30:04.0644 0x165c  CompositeBus - ok
10:30:04.0659 0x165c  COMSysApp - ok
10:30:04.0675 0x165c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:30:04.0706 0x165c  crcdisk - ok
10:30:04.0769 0x165c  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:30:04.0831 0x165c  CryptSvc - ok
10:30:04.0893 0x165c  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
10:30:04.0956 0x165c  CSC - ok
10:30:05.0018 0x165c  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
10:30:05.0096 0x165c  CscService - ok
10:30:05.0159 0x165c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:30:05.0252 0x165c  DcomLaunch - ok
10:30:05.0299 0x165c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
10:30:05.0393 0x165c  defragsvc - ok
10:30:05.0439 0x165c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:30:05.0517 0x165c  DfsC - ok
10:30:05.0564 0x165c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:30:05.0627 0x165c  Dhcp - ok
10:30:05.0658 0x165c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
10:30:05.0736 0x165c  discache - ok
10:30:05.0767 0x165c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
10:30:05.0798 0x165c  Disk - ok
10:30:05.0845 0x165c  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
10:30:05.0892 0x165c  dmvsc - ok
10:30:05.0939 0x165c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:30:05.0985 0x165c  Dnscache - ok
10:30:06.0032 0x165c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:30:06.0126 0x165c  dot3svc - ok
10:30:06.0219 0x165c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
10:30:06.0313 0x165c  DPS - ok
10:30:06.0391 0x165c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:30:06.0453 0x165c  drmkaud - ok
10:30:06.0531 0x165c  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:30:06.0656 0x165c  DXGKrnl - ok
10:30:06.0719 0x165c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
10:30:06.0797 0x165c  EapHost - ok
10:30:06.0999 0x165c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
10:30:07.0202 0x165c  ebdrv - ok
10:30:07.0296 0x165c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
10:30:07.0343 0x165c  EFS - ok
10:30:07.0483 0x165c  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:30:07.0545 0x165c  ehRecvr - ok
10:30:07.0561 0x165c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
10:30:07.0608 0x165c  ehSched - ok
10:30:07.0670 0x165c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:30:07.0733 0x165c  elxstor - ok
10:30:07.0733 0x165c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:30:07.0779 0x165c  ErrDev - ok
10:30:07.0904 0x165c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
10:30:07.0998 0x165c  EventSystem - ok
10:30:08.0029 0x165c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:30:08.0091 0x165c  exfat - ok
10:30:08.0138 0x165c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:30:08.0216 0x165c  fastfat - ok
10:30:08.0279 0x165c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
10:30:08.0357 0x165c  Fax - ok
10:30:08.0388 0x165c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
10:30:08.0419 0x165c  fdc - ok
10:30:08.0450 0x165c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
10:30:08.0528 0x165c  fdPHost - ok
10:30:08.0544 0x165c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:30:08.0622 0x165c  FDResPub - ok
10:30:08.0653 0x165c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:30:08.0684 0x165c  FileInfo - ok
10:30:08.0700 0x165c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:30:08.0762 0x165c  Filetrace - ok
10:30:08.0762 0x165c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:30:08.0809 0x165c  flpydisk - ok
10:30:08.0840 0x165c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:30:08.0871 0x165c  FltMgr - ok
10:30:08.0965 0x165c  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
10:30:09.0105 0x165c  FontCache - ok
10:30:09.0199 0x165c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:30:09.0246 0x165c  FontCache3.0.0.0 - ok
10:30:09.0261 0x165c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:30:09.0293 0x165c  FsDepends - ok
10:30:09.0324 0x165c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:30:09.0355 0x165c  Fs_Rec - ok
10:30:09.0433 0x165c  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:30:09.0464 0x165c  fvevol - ok
10:30:09.0527 0x165c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:30:09.0558 0x165c  gagp30kx - ok
10:30:09.0620 0x165c  gnvgvkgd - ok
10:30:09.0745 0x165c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:30:09.0932 0x165c  gpsvc - ok
10:30:09.0979 0x165c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:30:10.0026 0x165c  hcw85cir - ok
10:30:10.0057 0x165c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:30:10.0119 0x165c  HdAudAddService - ok
10:30:10.0151 0x165c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:30:10.0197 0x165c  HDAudBus - ok
10:30:10.0213 0x165c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:30:10.0244 0x165c  HidBatt - ok
10:30:10.0275 0x165c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:30:10.0338 0x165c  HidBth - ok
10:30:10.0354 0x165c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:30:10.0400 0x165c  HidIr - ok
10:30:10.0432 0x165c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
10:30:10.0510 0x165c  hidserv - ok
10:30:10.0556 0x165c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:30:10.0619 0x165c  HidUsb - ok
10:30:10.0634 0x165c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:30:10.0712 0x165c  hkmsvc - ok
10:30:10.0744 0x165c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:30:10.0790 0x165c  HomeGroupListener - ok
10:30:10.0837 0x165c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:30:10.0900 0x165c  HomeGroupProvider - ok
10:30:10.0931 0x165c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:30:10.0962 0x165c  HpSAMD - ok
10:30:10.0993 0x165c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:30:11.0071 0x165c  HTTP - ok
10:30:11.0087 0x165c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:30:11.0118 0x165c  hwpolicy - ok
10:30:11.0134 0x165c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:30:11.0165 0x165c  i8042prt - ok
10:30:11.0227 0x165c  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:30:11.0274 0x165c  iaStorV - ok
10:30:11.0680 0x165c  [ E4693409D06785477A49FB34AFAE1B92, 3855CE03672D73084BBAC219F2B350CF22608A82828F82A9E842034F6A975F14 ] IconMan_R       C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
10:30:12.0522 0x165c  IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
10:30:15.0158 0x165c  Detect skipped due to KSN trusted
10:30:15.0158 0x165c  IconMan_R - ok
10:30:15.0299 0x165c  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:30:15.0439 0x165c  idsvc - ok
10:30:15.0502 0x165c  IEEtwCollectorService - ok
10:30:15.0548 0x165c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:30:15.0580 0x165c  iirsp - ok
10:30:15.0673 0x165c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:30:15.0829 0x165c  IKEEXT - ok
10:30:16.0157 0x165c  [ 4D51D6277B20E10050201D55C3360CFC, 72D24448AFB1FBFC22442A152DE6AE024945FEDCF699BDBFB230133C7D76FE22 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:30:16.0422 0x165c  IntcAzAudAddService - ok
10:30:16.0500 0x165c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:30:16.0531 0x165c  intelide - ok
10:30:16.0594 0x165c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\drivers\intelppm.sys
10:30:16.0625 0x165c  intelppm - ok
10:30:16.0672 0x165c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:30:16.0734 0x165c  IPBusEnum - ok
10:30:16.0750 0x165c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:30:16.0828 0x165c  IpFilterDriver - ok
10:30:16.0874 0x165c  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:30:16.0952 0x165c  iphlpsvc - ok
10:30:16.0984 0x165c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:30:17.0015 0x165c  IPMIDRV - ok
10:30:17.0046 0x165c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:30:17.0124 0x165c  IPNAT - ok
10:30:17.0140 0x165c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:30:17.0186 0x165c  IRENUM - ok
10:30:17.0202 0x165c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:30:17.0233 0x165c  isapnp - ok
10:30:17.0264 0x165c  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:30:17.0296 0x165c  iScsiPrt - ok
10:30:17.0327 0x165c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:30:17.0358 0x165c  kbdclass - ok
10:30:17.0389 0x165c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:30:17.0436 0x165c  kbdhid - ok
10:30:17.0483 0x165c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
10:30:17.0514 0x165c  KeyIso - ok
10:30:17.0561 0x165c  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:30:17.0592 0x165c  KSecDD - ok
10:30:17.0639 0x165c  [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:30:17.0670 0x165c  KSecPkg - ok
10:30:17.0717 0x165c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:30:17.0810 0x165c  KtmRm - ok
10:30:17.0857 0x165c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:30:17.0951 0x165c  LanmanServer - ok
10:30:17.0998 0x165c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:30:18.0076 0x165c  LanmanWorkstation - ok
10:30:18.0122 0x165c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:30:18.0200 0x165c  lltdio - ok
10:30:18.0247 0x165c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:30:18.0325 0x165c  lltdsvc - ok
10:30:18.0341 0x165c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:30:18.0419 0x165c  lmhosts - ok
10:30:18.0450 0x165c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:30:18.0481 0x165c  LSI_FC - ok
10:30:18.0528 0x165c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:30:18.0559 0x165c  LSI_SAS - ok
10:30:18.0559 0x165c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:30:18.0590 0x165c  LSI_SAS2 - ok
10:30:18.0606 0x165c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:30:18.0637 0x165c  LSI_SCSI - ok
10:30:18.0653 0x165c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:30:18.0715 0x165c  luafv - ok
10:30:18.0762 0x165c  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:30:18.0793 0x165c  Mcx2Svc - ok
10:30:18.0809 0x165c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:30:18.0840 0x165c  megasas - ok
10:30:18.0871 0x165c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:30:18.0902 0x165c  MegaSR - ok
10:30:18.0934 0x165c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
10:30:19.0012 0x165c  MMCSS - ok
10:30:19.0027 0x165c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
10:30:19.0105 0x165c  Modem - ok
10:30:19.0136 0x165c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:30:19.0183 0x165c  monitor - ok
10:30:19.0214 0x165c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:30:19.0246 0x165c  mouclass - ok
10:30:19.0261 0x165c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:30:19.0308 0x165c  mouhid - ok
10:30:19.0339 0x165c  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:30:19.0370 0x165c  mountmgr - ok
10:30:19.0433 0x165c  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:30:19.0464 0x165c  MozillaMaintenance - ok
10:30:19.0495 0x165c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:30:19.0542 0x165c  mpio - ok
10:30:19.0573 0x165c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:30:19.0620 0x165c  mpsdrv - ok
10:30:19.0682 0x165c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:30:19.0776 0x165c  MpsSvc - ok
10:30:19.0807 0x165c  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:30:19.0870 0x165c  MRxDAV - ok
10:30:19.0901 0x165c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:30:19.0948 0x165c  mrxsmb - ok
10:30:19.0963 0x165c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:30:20.0010 0x165c  mrxsmb10 - ok
10:30:20.0041 0x165c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:30:20.0104 0x165c  mrxsmb20 - ok
10:30:20.0135 0x165c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:30:20.0166 0x165c  msahci - ok
10:30:20.0197 0x165c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:30:20.0228 0x165c  msdsm - ok
10:30:20.0291 0x165c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
10:30:20.0353 0x165c  MSDTC - ok
10:30:20.0369 0x165c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:30:20.0431 0x165c  Msfs - ok
10:30:20.0447 0x165c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:30:20.0509 0x165c  mshidkmdf - ok
10:30:20.0509 0x165c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:30:20.0540 0x165c  msisadrv - ok
10:30:20.0572 0x165c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:30:20.0650 0x165c  MSiSCSI - ok
10:30:20.0665 0x165c  msiserver - ok
10:30:20.0696 0x165c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:30:20.0759 0x165c  MSKSSRV - ok
10:30:20.0774 0x165c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:30:20.0837 0x165c  MSPCLOCK - ok
10:30:20.0852 0x165c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:30:20.0930 0x165c  MSPQM - ok
10:30:20.0946 0x165c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:30:20.0977 0x165c  MsRPC - ok
10:30:20.0993 0x165c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:30:21.0024 0x165c  mssmbios - ok
10:30:21.0024 0x165c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:30:21.0086 0x165c  MSTEE - ok
10:30:21.0102 0x165c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:30:21.0149 0x165c  MTConfig - ok
10:30:21.0164 0x165c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:30:21.0196 0x165c  Mup - ok
10:30:21.0242 0x165c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
10:30:21.0336 0x165c  napagent - ok
10:30:21.0414 0x165c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:30:21.0476 0x165c  NativeWifiP - ok
10:30:21.0554 0x165c  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:30:21.0617 0x165c  NDIS - ok
10:30:21.0679 0x165c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:30:21.0742 0x165c  NdisCap - ok
10:30:21.0757 0x165c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:30:21.0835 0x165c  NdisTapi - ok
10:30:21.0835 0x165c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:30:21.0913 0x165c  Ndisuio - ok
10:30:21.0929 0x165c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:30:22.0007 0x165c  NdisWan - ok
10:30:22.0022 0x165c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:30:22.0069 0x165c  NDProxy - ok
10:30:22.0116 0x165c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:30:22.0178 0x165c  NetBIOS - ok
10:30:22.0194 0x165c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:30:22.0272 0x165c  NetBT - ok
10:30:22.0303 0x165c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
10:30:22.0350 0x165c  Netlogon - ok
10:30:22.0397 0x165c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
10:30:22.0490 0x165c  Netman - ok
10:30:22.0553 0x165c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:30:22.0600 0x165c  NetMsmqActivator - ok
10:30:22.0600 0x165c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:30:22.0646 0x165c  NetPipeActivator - ok
10:30:22.0678 0x165c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
10:30:22.0771 0x165c  netprofm - ok
10:30:22.0787 0x165c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:30:22.0818 0x165c  NetTcpActivator - ok
10:30:22.0834 0x165c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:30:22.0880 0x165c  NetTcpPortSharing - ok
10:30:22.0912 0x165c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:30:22.0943 0x165c  nfrd960 - ok
10:30:23.0005 0x165c  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:30:23.0083 0x165c  NlaSvc - ok
10:30:23.0083 0x165c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:30:23.0161 0x165c  Npfs - ok
10:30:23.0177 0x165c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
10:30:23.0239 0x165c  nsi - ok
10:30:23.0255 0x165c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:30:23.0333 0x165c  nsiproxy - ok
10:30:23.0458 0x165c  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:30:23.0567 0x165c  Ntfs - ok
10:30:23.0629 0x165c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
10:30:23.0707 0x165c  Null - ok
10:30:23.0754 0x165c  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:30:23.0785 0x165c  nvraid - ok
10:30:23.0832 0x165c  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:30:23.0863 0x165c  nvstor - ok
10:30:23.0894 0x165c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:30:23.0926 0x165c  nv_agp - ok
10:30:23.0941 0x165c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:30:23.0988 0x165c  ohci1394 - ok
10:30:24.0019 0x165c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:30:24.0097 0x165c  p2pimsvc - ok
10:30:24.0144 0x165c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:30:24.0206 0x165c  p2psvc - ok
10:30:24.0238 0x165c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
10:30:24.0284 0x165c  Parport - ok
10:30:24.0316 0x165c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:30:24.0347 0x165c  partmgr - ok
10:30:24.0362 0x165c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
10:30:24.0394 0x165c  Parvdm - ok
10:30:24.0440 0x165c  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:30:24.0487 0x165c  PcaSvc - ok
10:30:24.0503 0x165c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
10:30:24.0550 0x165c  pci - ok
10:30:24.0581 0x165c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:30:24.0612 0x165c  pciide - ok
10:30:24.0643 0x165c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:30:24.0674 0x165c  pcmcia - ok
10:30:24.0690 0x165c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:30:24.0721 0x165c  pcw - ok
10:30:24.0768 0x165c  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:30:24.0862 0x165c  PEAUTH - ok
10:30:24.0940 0x165c  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:30:25.0064 0x165c  PeerDistSvc - ok
10:30:25.0236 0x165c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
10:30:25.0408 0x165c  pla - ok
10:30:25.0454 0x165c  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:30:25.0517 0x165c  PlugPlay - ok
10:30:25.0548 0x165c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:30:25.0579 0x165c  PNRPAutoReg - ok
10:30:25.0610 0x165c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:30:25.0657 0x165c  PNRPsvc - ok
10:30:25.0720 0x165c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:30:25.0813 0x165c  PolicyAgent - ok
10:30:25.0844 0x165c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
10:30:25.0954 0x165c  Power - ok
10:30:26.0000 0x165c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:30:26.0078 0x165c  PptpMiniport - ok
10:30:26.0094 0x165c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
10:30:26.0141 0x165c  Processor - ok
10:30:26.0203 0x165c  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:30:26.0281 0x165c  ProfSvc - ok
10:30:26.0312 0x165c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:30:26.0359 0x165c  ProtectedStorage - ok
10:30:26.0390 0x165c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:30:26.0468 0x165c  Psched - ok
10:30:26.0578 0x165c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:30:26.0671 0x165c  ql2300 - ok
10:30:26.0687 0x165c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:30:26.0718 0x165c  ql40xx - ok
10:30:26.0765 0x165c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
10:30:26.0827 0x165c  QWAVE - ok
10:30:26.0843 0x165c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:30:26.0890 0x165c  QWAVEdrv - ok
10:30:26.0890 0x165c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:30:26.0968 0x165c  RasAcd - ok
10:30:26.0999 0x165c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:30:27.0061 0x165c  RasAgileVpn - ok
10:30:27.0092 0x165c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
10:30:27.0170 0x165c  RasAuto - ok
10:30:27.0186 0x165c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:30:27.0264 0x165c  Rasl2tp - ok
10:30:27.0311 0x165c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
10:30:27.0389 0x165c  RasMan - ok
10:30:27.0420 0x165c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:30:27.0482 0x165c  RasPppoe - ok
10:30:27.0498 0x165c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:30:27.0560 0x165c  RasSstp - ok
10:30:27.0592 0x165c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:30:27.0670 0x165c  rdbss - ok
10:30:27.0685 0x165c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:30:27.0732 0x165c  rdpbus - ok
10:30:27.0732 0x165c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:30:27.0810 0x165c  RDPCDD - ok
10:30:27.0857 0x165c  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:30:27.0888 0x165c  RDPDR - ok
10:30:27.0904 0x165c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:30:27.0982 0x165c  RDPENCDD - ok
10:30:27.0997 0x165c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:30:28.0044 0x165c  RDPREFMP - ok
10:30:28.0106 0x165c  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:30:28.0169 0x165c  RdpVideoMiniport - ok
10:30:28.0216 0x165c  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:30:28.0294 0x165c  RDPWD - ok
10:30:28.0340 0x165c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:30:28.0372 0x165c  rdyboost - ok
10:30:28.0403 0x165c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:30:28.0481 0x165c  RemoteAccess - ok
10:30:28.0512 0x165c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:30:28.0590 0x165c  RemoteRegistry - ok
10:30:28.0637 0x165c  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:30:28.0684 0x165c  RFCOMM - ok
10:30:28.0730 0x165c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:30:28.0808 0x165c  RpcEptMapper - ok
10:30:28.0840 0x165c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
10:30:28.0886 0x165c  RpcLocator - ok
10:30:28.0964 0x165c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
10:30:29.0042 0x165c  RpcSs - ok
10:30:29.0120 0x165c  [ 4ADA96CDEDCA3CA8DD70F51575F6A7AF, 9BF86ACDC96B080A587D6C3C868F64CDD8FC1FE27CFDF5C72C076A2DC2111562 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
10:30:29.0167 0x165c  RSPCIESTOR - ok
10:30:29.0230 0x165c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:30:29.0292 0x165c  rspndr - ok
10:30:29.0354 0x165c  [ 5283B9A27FF230F2FF70D92451FF409A, B8BAC70E1DE4485C79CA7B47D4DCFE0223CECEA8ED75CE4F128D47051F95FE5D ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
10:30:29.0401 0x165c  RTL8167 - ok
10:30:29.0448 0x165c  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:30:29.0495 0x165c  s3cap - ok
10:30:29.0510 0x165c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
10:30:29.0557 0x165c  SamSs - ok
10:30:29.0604 0x165c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:30:29.0635 0x165c  sbp2port - ok
10:30:29.0666 0x165c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:30:29.0760 0x165c  SCardSvr - ok
10:30:29.0760 0x165c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:30:29.0838 0x165c  scfilter - ok
10:30:29.0978 0x165c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
10:30:30.0119 0x165c  Schedule - ok
10:30:30.0150 0x165c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:30:30.0212 0x165c  SCPolicySvc - ok
10:30:30.0228 0x165c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:30:30.0290 0x165c  SDRSVC - ok
10:30:30.0322 0x165c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:30:30.0384 0x165c  secdrv - ok
10:30:30.0400 0x165c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
10:30:30.0493 0x165c  seclogon - ok
10:30:30.0509 0x165c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
10:30:30.0587 0x165c  SENS - ok
10:30:30.0618 0x165c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:30:30.0665 0x165c  SensrSvc - ok
10:30:30.0680 0x165c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
10:30:30.0727 0x165c  Serenum - ok
10:30:30.0743 0x165c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
10:30:30.0790 0x165c  Serial - ok
10:30:30.0805 0x165c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:30:30.0852 0x165c  sermouse - ok
10:30:30.0899 0x165c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:30:30.0977 0x165c  SessionEnv - ok
10:30:30.0977 0x165c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:30:31.0039 0x165c  sffdisk - ok
10:30:31.0070 0x165c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:30:31.0117 0x165c  sffp_mmc - ok
10:30:31.0117 0x165c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:30:31.0164 0x165c  sffp_sd - ok
10:30:31.0180 0x165c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:30:31.0226 0x165c  sfloppy - ok
10:30:31.0304 0x165c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:30:31.0398 0x165c  SharedAccess - ok
10:30:31.0445 0x165c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:30:31.0538 0x165c  ShellHWDetection - ok
10:30:31.0554 0x165c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:30:31.0585 0x165c  sisagp - ok
10:30:31.0616 0x165c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:30:31.0648 0x165c  SiSRaid2 - ok
10:30:31.0663 0x165c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:30:31.0694 0x165c  SiSRaid4 - ok
10:30:31.0757 0x165c  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
10:30:31.0804 0x165c  SkypeUpdate - ok
10:30:31.0835 0x165c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:30:31.0913 0x165c  Smb - ok
10:30:31.0975 0x165c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:30:32.0038 0x165c  SNMPTRAP - ok
10:30:32.0053 0x165c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:30:32.0084 0x165c  spldr - ok
10:30:32.0147 0x165c  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
10:30:32.0209 0x165c  Spooler - ok
10:30:32.0428 0x165c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
10:30:32.0724 0x165c  sppsvc - ok
10:30:32.0771 0x165c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:30:32.0849 0x165c  sppuinotify - ok
10:30:32.0911 0x165c  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:30:32.0989 0x165c  srv - ok
10:30:33.0067 0x165c  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:30:33.0130 0x165c  srv2 - ok
10:30:33.0161 0x165c  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:30:33.0208 0x165c  srvnet - ok
10:30:33.0254 0x165c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:30:33.0332 0x165c  SSDPSRV - ok
10:30:33.0379 0x165c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:30:33.0442 0x165c  SstpSvc - ok
10:30:33.0473 0x165c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:30:33.0504 0x165c  stexstor - ok
10:30:33.0566 0x165c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
10:30:33.0644 0x165c  StiSvc - ok
10:30:33.0676 0x165c  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:30:33.0707 0x165c  storflt - ok
10:30:33.0738 0x165c  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
10:30:33.0785 0x165c  StorSvc - ok
10:30:33.0800 0x165c  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:30:33.0832 0x165c  storvsc - ok
10:30:33.0863 0x165c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:30:33.0894 0x165c  swenum - ok
10:30:33.0941 0x165c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
10:30:34.0034 0x165c  swprv - ok
10:30:34.0081 0x165c  [ 6DD49E1A5FA0F01824652F1A0A8866FB, E8839AF50AAA06A51A24004D26562694286DF638C7F86AB8408E496A7FEE52A4 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:30:34.0112 0x165c  SynTP - ok
10:30:34.0206 0x165c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
10:30:34.0331 0x165c  SysMain - ok
10:30:34.0362 0x165c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
10:30:34.0424 0x165c  TabletInputService - ok
10:30:34.0471 0x165c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:30:34.0549 0x165c  TapiSrv - ok
10:30:34.0565 0x165c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
10:30:34.0658 0x165c  TBS - ok
10:30:34.0783 0x165c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:30:34.0861 0x165c  Tcpip - ok
10:30:35.0002 0x165c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:30:35.0080 0x165c  TCPIP6 - ok
10:30:35.0158 0x165c  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:30:35.0204 0x165c  tcpipreg - ok
10:30:35.0236 0x165c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:30:35.0282 0x165c  TDPIPE - ok
10:30:35.0329 0x165c  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:30:35.0360 0x165c  TDTCP - ok
10:30:35.0407 0x165c  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:30:35.0470 0x165c  tdx - ok
10:30:36.0125 0x165c  [ 37A33B6CA6CC370C1B269DDDCA716F06, 5A2A3D4FAD63ADB749252D7F85B2D813215834E0C8D9B84030D2AEAA9E967ABE ] TeamViewer      C:\Program Files\TeamViewer\TeamViewer_Service.exe
10:30:36.0421 0x165c  TeamViewer - ok
10:30:36.0515 0x165c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:30:36.0546 0x165c  TermDD - ok
10:30:36.0640 0x165c  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
10:30:36.0733 0x165c  TermService - ok
10:30:36.0764 0x165c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
10:30:36.0811 0x165c  Themes - ok
10:30:36.0842 0x165c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
10:30:36.0905 0x165c  THREADORDER - ok
10:30:36.0952 0x165c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
10:30:37.0030 0x165c  TrkWks - ok
10:30:37.0076 0x165c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:30:37.0139 0x165c  TrustedInstaller - ok
10:30:37.0201 0x165c  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:30:37.0232 0x165c  tssecsrv - ok
10:30:37.0279 0x165c  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:30:37.0326 0x165c  TsUsbFlt - ok
10:30:37.0357 0x165c  [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
10:30:37.0404 0x165c  TsUsbGD - ok
10:30:37.0466 0x165c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:30:37.0529 0x165c  tunnel - ok
10:30:37.0544 0x165c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:30:37.0576 0x165c  uagp35 - ok
10:30:37.0591 0x165c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:30:37.0685 0x165c  udfs - ok
10:30:37.0716 0x165c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:30:37.0778 0x165c  UI0Detect - ok
10:30:37.0810 0x165c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:30:37.0841 0x165c  uliagpkx - ok
10:30:37.0856 0x165c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:30:37.0903 0x165c  umbus - ok
10:30:37.0919 0x165c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:30:37.0950 0x165c  UmPass - ok
10:30:37.0981 0x165c  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:30:38.0044 0x165c  UmRdpService - ok
10:30:38.0075 0x165c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
10:30:38.0168 0x165c  upnphost - ok
10:30:38.0231 0x165c  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
10:30:38.0246 0x165c  USBAAPL - detected UnsignedFile.Multi.Generic ( 1 )
10:30:40.0727 0x165c  Detect skipped due to KSN trusted
10:30:40.0727 0x165c  USBAAPL - ok
10:30:40.0789 0x165c  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:30:40.0852 0x165c  usbccgp - ok
10:30:40.0898 0x165c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:30:40.0945 0x165c  usbcir - ok
10:30:41.0008 0x165c  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:30:41.0039 0x165c  usbehci - ok
10:30:41.0086 0x165c  [ 08369F1FDD7C0D4287373D253D64D75E, D937015F3E76F7018C7C943017A0528A9DC48F754342BCD55BD0FBBE98EDF3C2 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
10:30:41.0117 0x165c  usbfilter - ok
10:30:41.0179 0x165c  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:30:41.0257 0x165c  usbhub - ok
10:30:41.0304 0x165c  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
10:30:41.0351 0x165c  usbohci - ok
10:30:41.0398 0x165c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
10:30:41.0444 0x165c  usbprint - ok
10:30:41.0554 0x165c  [ 007C0C8D5B01D82ACEB70431D15083F6, 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C ] usbser          C:\Windows\system32\drivers\usbser.sys
10:30:41.0616 0x165c  usbser - ok
10:30:41.0663 0x165c  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:30:41.0710 0x165c  USBSTOR - ok
10:30:41.0772 0x165c  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:30:41.0819 0x165c  usbuhci - ok
10:30:41.0866 0x165c  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:30:41.0912 0x165c  usbvideo - ok
10:30:41.0944 0x165c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
10:30:42.0022 0x165c  UxSms - ok
10:30:42.0053 0x165c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
10:30:42.0084 0x165c  VaultSvc - ok
10:30:42.0131 0x165c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:30:42.0162 0x165c  vdrvroot - ok
10:30:42.0240 0x165c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
10:30:42.0334 0x165c  vds - ok
10:30:42.0349 0x165c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:30:42.0396 0x165c  vga - ok
10:30:42.0396 0x165c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:30:42.0458 0x165c  VgaSave - ok
10:30:42.0474 0x165c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:30:42.0521 0x165c  vhdmp - ok
10:30:42.0552 0x165c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:30:42.0583 0x165c  viaagp - ok
10:30:42.0599 0x165c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
10:30:42.0646 0x165c  ViaC7 - ok
10:30:42.0692 0x165c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:30:42.0708 0x165c  viaide - ok
10:30:42.0770 0x165c  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:30:42.0802 0x165c  vmbus - ok
10:30:42.0817 0x165c  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:30:42.0864 0x165c  VMBusHID - ok
10:30:42.0895 0x165c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:30:42.0926 0x165c  volmgr - ok
10:30:42.0942 0x165c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:30:42.0989 0x165c  volmgrx - ok
10:30:43.0020 0x165c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:30:43.0067 0x165c  volsnap - ok
10:30:43.0098 0x165c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:30:43.0129 0x165c  vsmraid - ok
10:30:43.0223 0x165c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
10:30:43.0379 0x165c  VSS - ok
10:30:43.0410 0x165c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:30:43.0457 0x165c  vwifibus - ok
10:30:43.0488 0x165c  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:30:43.0535 0x165c  vwififlt - ok
10:30:43.0582 0x165c  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:30:43.0644 0x165c  vwifimp - ok
10:30:43.0738 0x165c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
10:30:43.0831 0x165c  W32Time - ok
10:30:43.0862 0x165c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:30:43.0909 0x165c  WacomPen - ok
10:30:43.0940 0x165c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:30:44.0003 0x165c  WANARP - ok
10:30:44.0018 0x165c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:30:44.0065 0x165c  Wanarpv6 - ok
10:30:44.0159 0x165c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
10:30:44.0284 0x165c  wbengine - ok
10:30:44.0299 0x165c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:30:44.0362 0x165c  WbioSrvc - ok
10:30:44.0440 0x165c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:30:44.0502 0x165c  wcncsvc - ok
10:30:44.0518 0x165c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:30:44.0564 0x165c  WcsPlugInService - ok
10:30:44.0596 0x165c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
10:30:44.0627 0x165c  Wd - ok
10:30:44.0689 0x165c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:30:44.0752 0x165c  Wdf01000 - ok
10:30:44.0783 0x165c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:30:44.0845 0x165c  WdiServiceHost - ok
10:30:44.0845 0x165c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:30:44.0892 0x165c  WdiSystemHost - ok
10:30:44.0939 0x165c  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
10:30:45.0017 0x165c  WebClient - ok
10:30:45.0032 0x165c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:30:45.0110 0x165c  Wecsvc - ok
10:30:45.0142 0x165c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:30:45.0204 0x165c  wercplsupport - ok
10:30:45.0251 0x165c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
10:30:45.0329 0x165c  WerSvc - ok
10:30:45.0360 0x165c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:30:45.0422 0x165c  WfpLwf - ok
10:30:45.0454 0x165c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:30:45.0485 0x165c  WIMMount - ok
10:30:45.0578 0x165c  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:30:45.0766 0x165c  WinDefend - ok
10:30:45.0781 0x165c  WinHttpAutoProxySvc - ok
10:30:45.0906 0x165c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:30:45.0984 0x165c  Winmgmt - ok
10:30:46.0093 0x165c  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:30:46.0234 0x165c  WinRM - ok
10:30:46.0358 0x165c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:30:46.0421 0x165c  WinUsb - ok
10:30:46.0483 0x165c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:30:46.0608 0x165c  Wlansvc - ok
10:30:46.0655 0x165c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
10:30:46.0702 0x165c  WmiAcpi - ok
10:30:46.0748 0x165c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:30:46.0795 0x165c  wmiApSrv - ok
10:30:46.0904 0x165c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:30:47.0060 0x165c  WMPNetworkSvc - ok
10:30:47.0092 0x165c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:30:47.0138 0x165c  WPCSvc - ok
10:30:47.0154 0x165c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:30:47.0201 0x165c  WPDBusEnum - ok
10:30:47.0248 0x165c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:30:47.0326 0x165c  ws2ifsl - ok
10:30:47.0341 0x165c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
10:30:47.0388 0x165c  wscsvc - ok
10:30:47.0404 0x165c  WSearch - ok
10:30:47.0575 0x165c  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
10:30:47.0731 0x165c  wuauserv - ok
10:30:47.0778 0x165c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:30:47.0825 0x165c  WudfPf - ok
10:30:47.0950 0x165c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:30:48.0043 0x165c  WUDFRd - ok
10:30:48.0090 0x165c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:30:48.0137 0x165c  wudfsvc - ok
10:30:48.0215 0x165c  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:30:48.0277 0x165c  WwanSvc - ok
10:30:48.0340 0x165c  ================ Scan global ===============================
10:30:48.0371 0x165c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
10:30:48.0418 0x165c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:30:48.0449 0x165c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:30:48.0511 0x165c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
10:30:48.0542 0x165c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
10:30:48.0558 0x165c  [ Global ] - ok
10:30:48.0574 0x165c  ================ Scan MBR ==================================
10:30:48.0589 0x165c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:30:50.0555 0x165c  \Device\Harddisk0\DR0 - ok
10:30:50.0555 0x165c  ================ Scan VBR ==================================
10:30:50.0555 0x165c  [ F44B47723F3A4A95E7A6424513E7685A ] \Device\Harddisk0\DR0\Partition1
10:30:50.0570 0x165c  \Device\Harddisk0\DR0\Partition1 - ok
10:30:50.0570 0x165c  [ 146518271D0C31A3E8948D49E8D1BCD0 ] \Device\Harddisk0\DR0\Partition2
10:30:50.0586 0x165c  \Device\Harddisk0\DR0\Partition2 - ok
10:30:50.0586 0x165c  ================ Scan generic autorun ======================
10:30:51.0054 0x165c  [ 53239ADD6E16C0E38D649D1B3705AC73, 7AAC4469C1D7146A5563658655670C8723C0865D1011F9D72D14B75D9B33580B ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
10:30:51.0366 0x165c  RTHDVCPL - ok
10:30:51.0553 0x165c  [ F2A36C5B73B2CCBCE7F1FED7974E5A96, 04E07A512BCA30B66DDB63DA7D033A6386FB87DDA761B94A4FE18496F70929DF ] C:\Program Files\Bluetooth Suite\BtvStack.exe
10:30:51.0600 0x165c  AtherosBtStack - detected UnsignedFile.Multi.Generic ( 1 )
10:31:01.0756 0x165c  AtherosBtStack ( UnsignedFile.Multi.Generic ) - warning
10:31:01.0756 0x165c  Force sending object to P2P due to detect: C:\Program Files\Bluetooth Suite\BtvStack.exe
10:31:06.0311 0x165c  Object send P2P result: true
10:31:08.0932 0x165c  [ 5F8F697C3F86FE943CC474CF57CD0BE0, 2B960B303A0A2B8CC516C10AB4EA7F6387F3648B0D89CADC363F374E8377D201 ] C:\Program Files\Bluetooth Suite\AthBtTray.exe
10:31:08.0978 0x165c  AthBtTray - detected UnsignedFile.Multi.Generic ( 1 )
10:31:11.0443 0x165c  Detect skipped due to KSN trusted
10:31:11.0443 0x165c  AthBtTray - ok
10:31:11.0833 0x165c  [ 94444693EA13A72F6820DFF844A1122E, DAB1D45F39CA196C6EF22F4E817C32558D87051B98FC525A07ABBAE1A52B59AB ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
10:31:11.0974 0x165c  SynTPEnh - ok
10:31:12.0286 0x165c  [ 629A67F63BEED0FB31D5EA2FDB545E8A, 99E4F7D1C1D8AA34DAA3B9121A86C82B0568B5E2D6FAF13BC811B4A3B0F3CF31 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe
10:31:12.0379 0x165c  StartCCC - ok
10:31:12.0878 0x165c  [ 695BE0A3D240FFF4B876D9289110634A, C4F4A2D0E09DCA92C74C805FB77C0710213CD9DD8B6D62499373F8E56B83C8A9 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
10:31:13.0175 0x165c  AvastUI.exe - ok
10:31:13.0300 0x165c  [ 9153F2335BCDB87F41559CF066223BF9, C0F89F9A63B1F49F007A971F5180128EC0AFBBBF7CFA82CA1FA44CB9DB5F8BB3 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
10:31:13.0346 0x165c  SunJavaUpdateSched - ok
10:31:13.0440 0x165c  [ B253230DA792A12F57A6C6DF6381648D, D32509D5B459D5E455249A78BC42302C3F1F3E175D16C5DFC061DCFF21843962 ] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
10:31:13.0487 0x165c  AppEx Accelerator UI - ok
10:31:13.0736 0x165c  [ 78E70968C04DE6C85541CF70F8CF4E78, 247480142CD098739FF5E68499911CB43E9215AC38328B6452D74FEC9F7BA0EA ] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
10:31:13.0939 0x165c  HydraVisionDesktopManager - detected UnsignedFile.Multi.Generic ( 1 )
10:31:16.0482 0x165c  Detect skipped due to KSN trusted
10:31:16.0482 0x165c  HydraVisionDesktopManager - ok
10:31:17.0090 0x165c  [ 9A1F3AEA8D61AA67D90F1B336C00984E, CE652BB13364BAA585340CD44E884F51BA314056B9E8221D34848C0B0C52F19A ] C:\Program Files\CCleaner\CCleaner.exe
10:31:17.0387 0x165c  CCleaner Monitoring - ok
10:31:17.0402 0x165c  Waiting for KSN requests completion. In queue: 6
10:31:18.0416 0x165c  Waiting for KSN requests completion. In queue: 6
10:31:19.0430 0x165c  Waiting for KSN requests completion. In queue: 6
10:31:20.0491 0x165c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
10:31:20.0507 0x165c  Win FW state via NFP2: enabled
10:31:23.0050 0x165c  ============================================================
10:31:23.0050 0x165c  Scan finished
10:31:23.0050 0x165c  ============================================================
10:31:23.0065 0x17e4  Detected object count: 1
10:31:23.0065 0x17e4  Actual detected object count: 1
10:34:10.0734 0x17e4  AtherosBtStack ( UnsignedFile.Multi.Generic ) - skipped by user
10:34:10.0734 0x17e4  AtherosBtStack ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 11.04.2015, 18:17   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.04.2015, 22:04   #9
NeedHelp08
 
Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



Hallo Schrauber, hier die Combofix-Log

Combofix Logfile:
Code:
ATTFilter
ComboFix 15-04-09.01 - xxx 11.04.2015  22:42:29.4.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3579.2636 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-11 bis 2015-04-11  ))))))))))))))))))))))))))))))
.
.
2015-04-11 08:12 . 2015-04-11 08:23	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-11 08:12 . 2015-04-11 08:12	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-11 08:11 . 2015-04-11 08:11	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-16 12:37 . 2015-02-16 12:40	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-02-16 11:53 . 2015-02-16 11:52	73480	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-02-16 11:53 . 2015-02-16 11:52	787800	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2015-02-16 11:53 . 2015-02-16 11:52	423784	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-02-16 11:52 . 2015-02-16 11:52	91496	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-02-16 11:52 . 2015-02-16 11:52	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-02-16 11:52 . 2015-02-16 11:52	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-02-16 11:52 . 2015-02-16 11:52	206248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-02-16 11:52 . 2015-02-16 11:52	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-02-16 11:52 . 2015-02-16 11:52	43152	----a-w-	c:\windows\avastSS.scr
2014-10-20 11:25 . 2014-10-20 11:24	50063360	----a-w-	c:\program files\GUT6123.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-16 11:52	723976	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppEx Accelerator UI"="c:\program files\AMD Quick Stream\AMDQuickStream.exe" [2014-03-31 370912]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-17 1967616]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-01-20 5496600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2011-09-15 6253160]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-01 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-01 302240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-04-17 748256]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-18 5227648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 10:20	30877280	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-02-16 91496]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 gnvgvkgd;gnvgvkgd;c:\windows\system32\drivers\ngiodriver_x86 [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 66688]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 33408]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-02-16 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-02-16 423784]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-18 87968]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-04-18 208896]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-04-17 276992]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys [2014-03-28 184032]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-02-16 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-02-16 73480]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-12-19 77824]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 24736]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 242336]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 27632]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 37504]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gnvgvkgd]
"ImagePath"="\??\c:\windows\system32\drivers\ngiodriver_x86"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-04-11  23:02:40
ComboFix-quarantined-files.txt  2015-04-11 21:02
ComboFix2.txt  2015-02-16 12:26
ComboFix3.txt  2014-05-14 07:37
ComboFix4.txt  2013-06-06 08:28
.
Vor Suchlauf: 12 Verzeichnis(se), 280.334.675.968 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 279.922.589.696 Bytes frei
.
- - End Of File - - 7E4DC3C375DDBCD3E68EC3A6BD2A7338
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/code]

Alt 12.04.2015, 08:03   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.04.2015, 19:18   #11
NeedHelp08
 
Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



Hallo Schrauber

Das Problem scheint schlimmer geworden zu sein. Zunächst konnte ich keine der Programme downloaden. Beim Versuch die Programme zu installieren, kam immer die Meldung Quellcode beschädigt. Dieses Problem habe ich gelöst, in dem ich die Programme an einem anderen Laptop heruntergeladen habe.

Beim ersten Scanversuch mit Malwarebytes Anti Malware komme ich bis zum Punkt Speicher durchsuchen. Hier erscheint die folgende Fehlermeldung

Zitat:
SDKDatabaseLoadDefaults failes with code: 20012
Was kann ich dagegen machen?

Vielen Dank im Voraus
Grüße

Alt 13.04.2015, 09:47   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



Mach mal bitte folgendes von Aussen:


Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.04.2015, 10:29   #13
NeedHelp08
 
Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



Hallo Schrauber,

Hier die von dir gewünscht FRST-Log nach der o.g. Anleitung.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by SYSTEM on MININT-JQEN539 on 13-04-2015 11:22:47
Running from f:\
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6253160 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-11] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [HPOSD] => C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKU\xxx\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [370912 2014-03-31] (AppEx Networks Corporation)
HKU\xxx\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\xxx\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-04-17] (Advanced Micro Devices, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-11] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-04-11] (Avast Software)
S2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66688 2011-04-16] (Advanced Micro Devices)
S0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [33408 2011-04-16] (Advanced Micro Devices)
S2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [184032 2014-03-28] (AppEx Networks Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-11] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-11] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-11] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49904 2015-04-11] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-11] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-11] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-11] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208024 2015-04-11] ()
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.)
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-04-11] (Avast Software)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 catchme; \??\C:\Users\xxx\AppData\Local\Temp\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 gnvgvkgd; \??\C:\Windows\system32\drivers\ngiodriver_x86 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 10:07 - 2015-04-13 10:07 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-04-13 10:01 - 2015-04-13 10:07 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-04-13 10:00 - 2015-04-13 10:00 - 00000000 ____D () C:\HP
2015-04-13 10:00 - 2015-04-13 09:58 - 07495808 _____ (Hewlett-Packard Company ) C:\Users\xxx\Desktop\sp57398.exe
2015-04-13 10:00 - 2015-04-13 09:56 - 01504816 _____ (Hewlett-Packard Company ) C:\Users\xxx\Desktop\sp52956.exe
2015-04-13 09:42 - 2015-04-13 09:42 - 00000000 ____D () C:\Windows\System32\vbox
2015-04-12 19:10 - 2015-04-12 19:10 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-12 19:09 - 2015-04-12 19:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-04-12 19:09 - 2015-04-12 19:05 - 02686959 _____ (Thisisu) C:\Users\xxx\Downloads\JRT.exe
2015-04-12 19:09 - 2015-04-12 19:04 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-12 19:09 - 2015-04-12 19:04 - 02217984 _____ () C:\Users\xxx\Downloads\AdwCleaner_4.201.exe
2015-04-12 19:09 - 2015-03-17 05:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-04-12 19:09 - 2015-03-17 05:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-04-12 18:33 - 2015-04-12 18:33 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2015-04-12 18:06 - 2015-04-11 22:07 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\System32\aswBoot.exe
2015-04-11 22:09 - 2015-04-13 09:26 - 00002468 _____ () C:\Windows\PFRO.log
2015-04-11 22:07 - 2015-04-11 22:07 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-11 22:02 - 2015-04-11 22:02 - 00007660 _____ () C:\ComboFix.txt
2015-04-11 21:36 - 2015-04-11 21:34 - 05617275 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2015-04-11 21:34 - 2015-04-11 21:34 - 05617275 _____ (Swearware) C:\Users\xxx\Downloads\ComboFix.exe
2015-04-11 09:35 - 2015-04-11 09:35 - 00101546 _____ () C:\Users\xxx\Desktop\tdsskiller.txt
2015-04-11 09:27 - 2015-04-11 09:28 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\xxx\Downloads\tdsskiller.exe
2015-04-11 09:12 - 2015-04-12 19:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-04-11 09:12 - 2015-04-11 09:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-11 09:11 - 2015-03-17 05:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-04-11 09:09 - 2015-04-11 09:23 - 00000000 ____D () C:\Users\xxx\Desktop\mbar
2015-04-11 09:05 - 2015-04-11 09:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\xxx\Downloads\mbar-1.09.1.1004.exe
2015-04-07 18:48 - 2015-04-07 18:49 - 00017799 _____ () C:\Users\xxx\Downloads\Addition.txt
2015-04-07 18:47 - 2015-04-07 18:49 - 00013668 _____ () C:\Users\xxx\Downloads\FRST.txt
2015-04-07 18:46 - 2015-04-07 18:46 - 01135104 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe
2015-04-07 18:31 - 2015-04-13 09:50 - 00001495 _____ () C:\Windows\setupact.log
2015-04-07 18:31 - 2015-04-07 18:31 - 301823138 _____ () C:\Windows\MEMORY.DMP
2015-04-07 18:31 - 2015-04-07 18:31 - 00574624 _____ () C:\Windows\Minidump\040715-23634-01.dmp
2015-04-07 18:31 - 2015-04-07 18:31 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 11:22 - 2014-05-12 08:50 - 00000000 ____D () C:\FRST
2015-04-13 10:12 - 2012-05-10 18:50 - 01945677 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 09:57 - 2009-07-14 05:34 - 00031280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 09:57 - 2009-07-14 05:34 - 00031280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:10 - 2010-11-20 22:01 - 01619700 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-04-12 18:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\NDF
2015-04-12 18:44 - 2012-07-22 10:37 - 00000000 ____D () C:\Users\xxx\AppData\Local\CrashDumps
2015-04-12 18:07 - 2015-02-16 12:53 - 00001963 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-11 22:07 - 2015-02-16 12:52 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSnx.sys
2015-04-11 22:07 - 2015-02-16 12:52 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSP.sys
2015-04-11 22:07 - 2015-02-16 12:52 - 00208024 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2015-04-11 22:07 - 2015-02-16 12:52 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswStm.sys
2015-04-11 22:07 - 2015-02-16 12:52 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswRdr2.sys
2015-04-11 22:07 - 2015-02-16 12:52 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswMonFlt.sys
2015-04-11 22:07 - 2015-02-16 12:52 - 00049904 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2015-04-11 22:07 - 2015-02-16 12:52 - 00024144 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2015-04-11 22:02 - 2013-06-06 09:09 - 00000000 ____D () C:\Qoobox
2015-04-11 21:58 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-04-11 09:12 - 2014-05-15 14:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-07 18:31 - 2014-11-29 10:25 - 00000000 ____D () C:\Windows\Minidump
2015-04-07 18:31 - 2012-05-10 21:02 - 00000000 ____D () C:\users\xxx

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-01-06 16:08:06
Restore point made on: 2015-01-09 12:27:28
Restore point made on: 2015-01-25 16:17:47
Restore point made on: 2015-02-16 12:21:53
Restore point made on: 2015-02-16 12:30:00
Restore point made on: 2015-02-16 12:35:22
Restore point made on: 2015-02-16 12:51:17
Restore point made on: 2015-02-16 13:39:48
Restore point made on: 2015-03-18 16:52:27
Restore point made on: 2015-04-07 18:29:02
Restore point made on: 2015-04-07 18:51:47
Restore point made on: 2015-04-11 09:33:21
Restore point made on: 2015-04-11 21:38:41
Restore point made on: 2015-04-11 22:05:34
Restore point made on: 2015-04-11 22:10:56
Restore point made on: 2015-04-12 18:04:30
Restore point made on: 2015-04-12 18:22:02
Restore point made on: 2015-04-12 18:24:03
Restore point made on: 2015-04-12 18:32:03
Restore point made on: 2015-04-13 09:43:12
Restore point made on: 2015-04-13 10:00:58
Restore point made on: 2015-04-13 10:07:17

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 3690.91 MB
Available physical RAM: 3193.05 MB
Total Pagefile: 3689.19 MB
Available Pagefile: 3186.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:256.51 GB) NTFS
Drive e: (GSP1RMCPRFRER_DE_DVD) (CDROM) (Total:2.34 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B03E7563)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 6E652072)
No partition Table on disk 1.


LastRegBack: 2015-03-18 18:38

==================== End Of Log ============================
         
--- --- ---

Alt 13.04.2015, 15:45   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



Windows Defender abschalten. Nochmal einen Download testen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.04.2015, 17:44   #15
NeedHelp08
 
Unzählige Abstürze, Win7 sehr instabil und langsam - Standard

Unzählige Abstürze, Win7 sehr instabil und langsam



Wahnsinn, durch das Deaktivieren des Windows Defenders hat es geklappt.

Hier die Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 13.04.2015
Suchlauf-Zeit: 17:15:45
Logdatei: malwarebytes_log.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.13.05
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: xxx

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333415
Verstrichene Zeit: 25 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 13/04/2015 um 17:54:57
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : xxx - xxx-PC
# Gestarted von : C:\Users\xxx\Downloads\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\foxydeal.sqlite

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [1438 Bytes] - [15/05/2014 16:02:13]
AdwCleaner[R1].txt - [1133 Bytes] - [13/04/2015 17:52:00]
AdwCleaner[S0].txt - [1499 Bytes] - [15/05/2014 16:03:50]
AdwCleaner[S1].txt - [1054 Bytes] - [13/04/2015 17:54:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1113  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.4 (04.13.2015:1)
OS: Windows 7 Professional x86
Ran by xxx on 13.04.2015 at 18:28:25,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\n5mi6n41.default\minidumps [14 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.04.2015 at 18:33:33,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
Ran by xxx (administrator) on xxx-PC on 13-04-2015 18:43:02
Running from C:\Users\xxx\Downloads
Loaded Profiles: xxx (Available profiles: xxx)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6253160 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-11] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [HPOSD] => C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\86af064e-4ba0-443d-ba9a-d8dc64937b55.exe [183232 2015-04-13] (AVAST Software)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [370912 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-905575457-879607011-4093534939-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-905575457-879607011-4093534939-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-905575457-879607011-4093534939-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-11] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-16] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-16] (Oracle Corporation)
FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\searchplugins\suche.xml [2014-01-26]
FF Extension: WOT - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-15]
FF Extension: ProxTube - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\Extensions\ich@maltegoetz.de.xpi [2014-09-30]
FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\n5mi6n41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-16]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-11] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-04-11] (Avast Software)
S2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66688 2011-04-16] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [33408 2011-04-16] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [184032 2014-03-28] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-11] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-11] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-11] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-11] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-11] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-11] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-04-11] (Avast Software)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 catchme; \??\C:\Users\xxx\AppData\Local\Temp\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 gnvgvkgd; \??\C:\Windows\system32\drivers\ngiodriver_x86 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 18:42 - 2015-04-13 18:42 - 01135616 _____ (Farbar) C:\Users\xxx\Downloads\FRST.exe
2015-04-13 18:41 - 2015-04-13 18:42 - 00000000 ____D () C:\Users\xxx\Downloads\FRST-OlderVersion
2015-04-13 18:33 - 2015-04-13 18:33 - 00000759 _____ () C:\Users\xxx\Desktop\JRT.txt
2015-04-13 18:28 - 2015-04-13 18:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-xxx-PC-Windows-7-Professional-(32-bit).dat
2015-04-13 18:28 - 2015-04-13 18:28 - 00000000 ____D () C:\RegBackup
2015-04-13 18:00 - 2015-04-13 17:58 - 02687136 _____ (Thisisu) C:\Users\xxx\Desktop\JRT_NEW.exe
2015-04-13 18:00 - 2015-04-11 23:07 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswC3DE.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswC5D6.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-13 18:00 - 2015-04-11 23:07 - 00208024 _____ () C:\Windows\system32\Drivers\aswC673.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswC6C2.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswC4D8.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswC528.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00049904 _____ () C:\Windows\system32\Drivers\aswC568.tmp
2015-04-13 18:00 - 2015-04-11 23:07 - 00024144 _____ () C:\Windows\system32\Drivers\aswC4F9.tmp
2015-04-13 17:50 - 2015-04-13 17:50 - 00001212 _____ () C:\Users\xxx\Desktop\mbam.txt
2015-04-13 11:07 - 2015-04-13 11:07 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-04-13 11:01 - 2015-04-13 17:11 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-04-13 11:00 - 2015-04-13 11:00 - 00000000 ____D () C:\HP
2015-04-13 11:00 - 2015-04-13 10:58 - 07495808 _____ (Hewlett-Packard Company ) C:\Users\xxx\Desktop\sp57398.exe
2015-04-13 11:00 - 2015-04-13 10:56 - 01504816 _____ (Hewlett-Packard Company ) C:\Users\xxx\Desktop\sp52956.exe
2015-04-13 10:42 - 2015-04-13 10:42 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-12 20:10 - 2015-04-12 20:10 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-12 20:10 - 2015-04-12 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-12 20:09 - 2015-04-12 20:10 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-04-12 20:09 - 2015-04-12 20:05 - 02686959 _____ (Thisisu) C:\Users\xxx\Downloads\JRT.exe
2015-04-12 20:09 - 2015-04-12 20:04 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-12 20:09 - 2015-04-12 20:04 - 02217984 _____ () C:\Users\xxx\Downloads\AdwCleaner_4.201.exe
2015-04-12 20:09 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-12 20:09 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 19:33 - 2015-04-12 19:33 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2015-04-11 23:09 - 2015-04-13 10:26 - 00002468 _____ () C:\Windows\PFRO.log
2015-04-11 23:07 - 2015-04-11 23:07 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-11 23:02 - 2015-04-11 23:02 - 00007660 _____ () C:\ComboFix.txt
2015-04-11 22:36 - 2015-04-11 22:34 - 05617275 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2015-04-11 22:34 - 2015-04-11 22:34 - 05617275 _____ (Swearware) C:\Users\xxx\Downloads\ComboFix.exe
2015-04-11 10:35 - 2015-04-11 10:35 - 00101546 _____ () C:\Users\xxx\Desktop\tdsskiller.txt
2015-04-11 10:27 - 2015-04-11 10:28 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\xxx\Downloads\tdsskiller.exe
2015-04-11 10:12 - 2015-04-13 17:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 10:12 - 2015-04-11 10:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-11 10:11 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 10:09 - 2015-04-11 10:23 - 00000000 ____D () C:\Users\xxx\Desktop\mbar
2015-04-11 10:05 - 2015-04-11 10:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\xxx\Downloads\mbar-1.09.1.1004.exe
2015-04-07 19:48 - 2015-04-07 19:49 - 00017799 _____ () C:\Users\xxx\Downloads\Addition.txt
2015-04-07 19:47 - 2015-04-13 18:43 - 00010278 _____ () C:\Users\xxx\Downloads\FRST.txt
2015-04-07 19:31 - 2015-04-13 17:56 - 00001663 _____ () C:\Windows\setupact.log
2015-04-07 19:31 - 2015-04-07 19:31 - 301823138 _____ () C:\Windows\MEMORY.DMP
2015-04-07 19:31 - 2015-04-07 19:31 - 00574624 _____ () C:\Windows\Minidump\040715-23634-01.dmp
2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 18:43 - 2014-05-12 09:50 - 00000000 ____D () C:\FRST
2015-04-13 18:04 - 2009-07-14 06:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 18:04 - 2009-07-14 06:34 - 00031280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 18:01 - 2015-02-16 13:53 - 00001963 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-13 18:00 - 2012-05-10 19:50 - 01962881 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 17:56 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 17:55 - 2014-05-15 16:02 - 00000000 ____D () C:\AdwCleaner
2015-04-12 20:10 - 2010-11-20 23:01 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 19:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-12 19:44 - 2012-07-22 11:37 - 00000000 ____D () C:\Users\xxx\AppData\Local\CrashDumps
2015-04-12 19:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-11 23:07 - 2015-02-16 13:52 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-11 23:07 - 2015-02-16 13:52 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-11 23:02 - 2013-06-06 10:09 - 00000000 ____D () C:\Qoobox
2015-04-11 22:58 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-04-11 10:12 - 2014-05-15 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-07 19:31 - 2014-11-29 11:25 - 00000000 ____D () C:\Windows\Minidump
2015-04-07 19:31 - 2012-05-10 22:02 - 00000000 ____D () C:\Users\xxx

==================== Files in the root of some directories =======

2014-10-20 13:24 - 2014-10-20 13:25 - 50063360 _____ () C:\Program Files\GUT6123.tmp

Some content of TEMP:
====================
C:\Users\xxx\AppData\Local\Temp\Quarantine.exe
C:\Users\xxx\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-18 19:38

==================== End Of Log ============================
         
--- --- ---

Antwort

Themen zu Unzählige Abstürze, Win7 sehr instabil und langsam
absturz, abstürze, andauernd, bluescreen, dauernd, einiger, firefox, freue, insbesondere, instabil, kryptische, langsam, laptop, leute, log, profis, schwerwiegendes, stabil, stürzen, system, weiterhelfen, win, win7, würde, ziemlich



Ähnliche Themen: Unzählige Abstürze, Win7 sehr instabil und langsam


  1. Windows 7 läuft sehr langsam, immer wieder abstürze und Fehlermeldungen
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (24)
  2. Win7: Webseiten laden sehr langsam in jedem Browser
    Log-Analyse und Auswertung - 05.01.2015 (17)
  3. WIN7:CI.A - sehr langsam/diverse abstürze von programmen/explorer.exe absturz
    Log-Analyse und Auswertung - 01.11.2014 (9)
  4. Win7 PC beim Surfen sehr langsam (Aufbau von Websites)
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (28)
  5. Win7 sehr langsam - Virus?
    Log-Analyse und Auswertung - 01.08.2014 (4)
  6. Win7: Internet sehr langsam...wegen Virus?
    Log-Analyse und Auswertung - 29.07.2014 (23)
  7. Win7 manchmal normal, manchmal sehr sehr langsam
    Log-Analyse und Auswertung - 28.06.2014 (29)
  8. Win7: Internet sehr langsam/Seitenladefehler
    Plagegeister aller Art und deren Bekämpfung - 06.11.2013 (3)
  9. tbhcn in Autostart - Win7 64bit sehr langsam
    Log-Analyse und Auswertung - 02.11.2013 (9)
  10. Win7 Laptop sehr langsam, Virus vermutet
    Plagegeister aller Art und deren Bekämpfung - 31.10.2013 (11)
  11. compaq 615 win7 zeigt Fehlermeldungen und ist sehr langsam
    Log-Analyse und Auswertung - 18.10.2013 (9)
  12. Virusverdacht: PC, insbes. Firefox und Flashplayer sehr langsam z.T. instabil
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (24)
  13. win7 firefox läuft sehr langsam google-redirect
    Log-Analyse und Auswertung - 29.05.2011 (4)
  14. Win7 / Herunterfahren -> sehr langsam / Log
    Log-Analyse und Auswertung - 26.06.2010 (0)
  15. System sehr instabil. Helft mir bitte
    Log-Analyse und Auswertung - 13.02.2006 (1)
  16. Internet sehr langsam, Abstürze
    Log-Analyse und Auswertung - 30.11.2005 (13)

Zum Thema Unzählige Abstürze, Win7 sehr instabil und langsam - Hallo Leute, Ich habe seit einiger Zeit ein ziemlich schwerwiegendes Problem. Der Laptop, insbesondere Firefox und IE stürzen andauernd ab, WIN7 wird meist mit einem kryptischen Bluescreen neugestartet. Kurz gesagt, - Unzählige Abstürze, Win7 sehr instabil und langsam...
Archiv
Du betrachtest: Unzählige Abstürze, Win7 sehr instabil und langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.