| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen FestplatteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.01.2014, 12:10
| #1 |
 |  BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte Hallo, habe eine Zweitinstallation von Windows 7 auf meiner neuen SSD gemacht. Seitdem bringt AntiVir die oben genannte Meldung. Nachdem ich hier einige Postings gefunden habe, habe ich bereits mBar installiert und den PC gecleant. Momentan kommt keine Fehlermeldung mehr. Aber so wie ich es verstanden habe muss das noch nicht alles sein, deswegen eröffne ich ein neues Thema. Die Logfiles poste ich in der Reihenfolge wie sie erstellt wurden. 1.mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2014.01.04.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Erich :: ERICH-PC [administrator]
04.01.2014 10:53:31
mbar-log-2014-01-04 (10-53-31).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 211952
Time elapsed: 5 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 1
Physical Sector #703277505 on Drive #0 (Rootkit.Alureon.E.VBR) -> Replace on reboot.
(end)
2.mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2014.01.04.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Erich :: ERICH-PC [administrator]
04.01.2014 11:06:05
mbar-log-2014-01-04 (11-06-05).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 211387
Time elapsed: 4 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Nun habe ich nach der Themeneröffnungsanleitung defogger ausgeführt. Als nächstes FSRT.txt.: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014
Ran by Erich (administrator) on ERICH-PC on 04-01-2014 11:57:29
Running from F:\Desktop\Reinigung
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files\CE\CovenantEyesCommService.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
() C:\Windows\System32\authServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\CE\CovenantEyes.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\CE\CovenantEyesHelper.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Microsoft Corporation) C:\Users\Erich\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Dropbox, Inc.) C:\Users\Erich\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Covenant Eyes] - C:\Program Files\CE\CovenantEyes.exe [7065104 2013-12-05] ()
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKCU\...\Run: [SkyDrive] - C:\Users\Erich\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2014-01-03] (Microsoft Corporation)
MountPoints2: {3eb36303-7461-11e3-bfd7-806e6f6e6963} - G:\setup.exe
Startup: C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Erich\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF8319B656F08CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Covenant Eyes for Internet Explorer - {927BD2E1-2287-49D2-AE71-95F492CE662E} - C:\Program Files\CE\extensions\ie\x86\ceie-0.7.0.dll (Covenant Eyes)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Winsock: Catalog9 01 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Winsock: Catalog9 02 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Winsock: Catalog9 03 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Winsock: Catalog9 04 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Winsock: Catalog9 23 C:\Windows\system32\CovenantEyesProxy.dll [322584] (CovenantEyes)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi
FF Extension: Adblock Plus - C:\Users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [firefox-integrated-extension@covenanteyes.com] - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com
FF Extension: Covenant Eyes for Firefox - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 Auth Service; C:\Windows\system32\authServer.exe [3204104 2013-12-05] ()
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [4510240 2013-12-05] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [3654168 2013-10-04] (CovenantEyes)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 cewd32; C:\Windows\system32\Drivers\cewd32.sys [26624 2013-10-04] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-04 11:26 - 2014-01-04 11:26 - 00000000 _____ C:\Users\Erich\defogger_reenable
2014-01-04 10:53 - 2014-01-04 11:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 10:53 - 2014-01-04 11:06 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-04 10:53 - 2014-01-04 10:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 10:51 - 2014-01-04 10:51 - 00000000 ____D C:\FRST
2014-01-04 10:50 - 2014-01-04 11:20 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-04 10:31 - 2014-01-04 10:32 - 00002562 _____ C:\Windows\diagwrn.xml
2014-01-04 10:31 - 2014-01-04 10:32 - 00001908 _____ C:\Windows\diagerr.xml
2014-01-03 14:30 - 2014-01-03 15:01 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Swiss Academic Software
2014-01-03 14:19 - 2014-01-03 14:19 - 00000040 _____ C:\Autoconfig.ini
2014-01-03 14:19 - 2014-01-03 14:19 - 00000000 ____D C:\ProgramData\Samsung
2014-01-03 14:18 - 2014-01-03 14:18 - 00000000 ____D C:\Program Files\Samsung
2014-01-03 14:18 - 2013-06-01 06:13 - 01571160 ____N C:\Windows\TotalUninstaller.exe
2014-01-03 14:18 - 2013-05-10 10:48 - 00162136 _____ C:\Windows\system32\spe__ci.exe
2014-01-03 14:18 - 2012-11-17 09:29 - 00000363 _____ C:\Windows\system32\spe__l.smt
2014-01-03 14:18 - 2011-04-11 06:26 - 00024064 _____ () C:\Windows\system32\spe__l.dll
2014-01-03 14:18 - 2010-10-20 09:49 - 00065536 _____ (SS) C:\Windows\system32\spe__ci.dll
2014-01-03 14:16 - 2014-01-03 14:16 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2014-01-03 14:15 - 2014-01-03 14:15 - 00000000 ____D C:\Program Files\Citavi 4
2014-01-03 14:11 - 2014-01-03 14:11 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2014-01-03 14:11 - 2009-09-17 09:12 - 00303104 _____ (CANON INC.) C:\Windows\system32\CNC640L.dll
2014-01-03 14:11 - 2009-04-03 16:00 - 01310720 _____ (CANON INC.) C:\Windows\system32\CNC640C.dll
2014-01-03 14:11 - 2009-04-03 15:59 - 00110592 _____ (CANON INC.) C:\Windows\system32\CNC640I.dll
2014-01-03 14:11 - 2009-04-03 15:57 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC640U.dll
2014-01-03 14:11 - 2008-12-25 16:23 - 00013312 _____ C:\Windows\system32\CNC173FD.TBL
2014-01-03 14:11 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\system32\CNHMCA.dll
2014-01-03 14:10 - 2014-01-03 14:10 - 00000000 ____D C:\Windows\system32\STRING
2014-01-03 14:10 - 2012-06-14 17:18 - 00366592 _____ (CANON INC.) C:\Windows\system32\CNMNPPM.DLL
2014-01-03 14:10 - 2012-06-14 17:18 - 00035840 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2014-01-03 13:18 - 2014-01-04 11:55 - 00000000 ___RD C:\Users\Erich\Dropbox
2014-01-03 13:15 - 2014-01-03 13:15 - 00000000 ____D C:\Windows\system32\Lang
2014-01-03 13:15 - 2014-01-03 13:15 - 00000000 ____D C:\Program Files\Intel
2014-01-03 13:15 - 2009-09-23 11:50 - 00398336 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe
2014-01-03 13:15 - 2009-09-23 11:49 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2014-01-03 13:15 - 2009-09-23 11:47 - 00121232 _____ C:\Windows\system32\IScrNB.bmp
2014-01-03 13:14 - 2014-01-03 13:14 - 00000000 ____D C:\ProgramData\CovenantEyes
2014-01-03 12:51 - 2014-01-03 12:51 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-03 12:50 - 2014-01-04 11:55 - 00000000 ___RD C:\Users\Erich\SkyDrive
2014-01-03 12:50 - 2014-01-03 12:50 - 00002180 _____ C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00002082 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00002082 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2014-01-03 12:50 - 2014-01-03 12:50 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2014-01-03 12:49 - 2014-01-04 11:55 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Dropbox
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\Program Files\CanonBJ
2014-01-03 12:47 - 2010-04-24 05:00 - 00272384 _____ (CANON INC.) C:\Windows\system32\CNMLMA2.DLL
2014-01-03 12:47 - 2009-03-18 09:09 - 00178176 _____ (CANON INC.) C:\Windows\system32\CNMIUA2.DLL
2014-01-03 12:46 - 2014-01-03 14:11 - 00000000 ____D C:\Program Files\Canon
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Avira
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\ProgramData\APN
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2014-01-03 12:31 - 2014-01-03 12:31 - 00000000 ____D C:\ProgramData\Avira
2014-01-03 12:31 - 2014-01-03 12:31 - 00000000 ____D C:\Program Files\Avira
2014-01-03 12:31 - 2013-12-09 11:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-01-03 12:31 - 2013-12-09 11:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-01-03 12:31 - 2013-12-09 11:37 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-01-03 12:31 - 2013-12-09 11:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-01-03 12:31 - 2013-12-09 11:37 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-01-03 12:19 - 2014-01-03 12:19 - 00000000 ____D C:\ProgramData\ALM
2014-01-03 12:19 - 2008-04-07 05:38 - 00022872 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Macromedia
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2014-01-03 12:14 - 2014-01-03 13:15 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Adobe
2014-01-03 12:14 - 2014-01-03 12:32 - 00000000 ____D C:\Program Files\Adobe
2014-01-03 12:14 - 2014-01-03 12:19 - 00000000 ____D C:\ProgramData\Adobe
2014-01-03 12:13 - 2014-01-03 12:13 - 00000000 ____D C:\Windows\system32\Macromed
2014-01-03 12:13 - 2014-01-03 12:13 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2014-01-03 12:08 - 2014-01-03 15:11 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-03 12:05 - 2014-01-03 12:05 - 00000000 ____D C:\Program Files\capella-software
2014-01-03 11:51 - 2014-01-03 12:04 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Mozilla
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-03 11:46 - 2014-01-03 14:13 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Windows\PCHEALTH
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Works
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-03 11:46 - 2013-11-26 12:25 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-03 11:40 - 2014-01-04 11:54 - 00005848 _____ C:\Windows\system32\CovenantEyesProxy.ini
2014-01-03 11:40 - 2014-01-04 11:54 - 00003096 _____ C:\Windows\system32\CovenantEyesProxyOff.ini
2014-01-03 11:40 - 2014-01-03 13:14 - 00000000 ____D C:\Program Files\CE
2014-01-03 11:40 - 2014-01-03 11:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-03 11:40 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-03 11:40 - 2014-01-03 11:40 - 00009626 _____ C:\ceInstall.log
2014-01-03 11:40 - 2014-01-03 11:40 - 00000794 __RSH C:\ProgramData\ntuser.pol
2014-01-03 11:40 - 2014-01-03 11:40 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-03 11:40 - 2013-12-05 10:32 - 03204104 _____ C:\Windows\system32\authServer.exe
2014-01-03 11:40 - 2013-10-04 13:19 - 00322584 _____ (CovenantEyes) C:\Windows\system32\CovenantEyesProxy.dll
2014-01-03 11:40 - 2013-10-04 13:19 - 00026624 _____ C:\Windows\system32\Drivers\cewd32.sys
2014-01-03 11:39 - 2014-01-03 11:39 - 00000000 __RHD C:\MSOCache
2014-01-03 11:39 - 2014-01-03 11:39 - 00000000 ____D C:\Windows\system32\x64
2014-01-03 11:39 - 2009-09-23 19:30 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
2014-01-03 11:38 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-01-03 11:38 - 2012-02-17 05:14 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-01-03 11:38 - 2012-02-17 05:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-01-03 11:34 - 2014-01-03 11:34 - 00001413 _____ C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-03 11:34 - 2012-06-02 23:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-01-03 11:34 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-01-03 11:34 - 2012-06-02 23:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-01-03 11:34 - 2012-06-02 23:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-01-03 11:34 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-01-03 11:34 - 2012-06-02 23:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-01-03 11:34 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-01-03 11:34 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-01-03 11:34 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-01-03 11:33 - 2014-01-04 11:26 - 00000000 ____D C:\Users\Erich
2014-01-03 11:33 - 2014-01-03 11:33 - 00000020 ___SH C:\Users\Erich\ntuser.ini
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Netzwerkumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Druckumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\ProgramData\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\ProgramData\Dokumente
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 __SHD C:\Recovery
2014-01-03 11:33 - 2009-07-14 05:42 - 00000000 ___RD C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-03 11:33 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-03 11:31 - 2014-01-04 11:32 - 02070071 _____ C:\Windows\WindowsUpdate.log
2014-01-03 11:25 - 2014-01-03 11:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-03 11:24 - 2014-01-03 11:33 - 00000000 ____D C:\Windows\Panther
2014-01-03 11:24 - 2014-01-03 11:26 - 00001355 _____ C:\Windows\TSSysprep.log
==================== One Month Modified Files and Folders =======
2014-01-04 11:55 - 2014-01-03 13:18 - 00000000 ___RD C:\Users\Erich\Dropbox
2014-01-04 11:55 - 2014-01-03 12:50 - 00000000 ___RD C:\Users\Erich\SkyDrive
2014-01-04 11:55 - 2014-01-03 12:49 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Dropbox
2014-01-04 11:54 - 2014-01-03 11:40 - 00005848 _____ C:\Windows\system32\CovenantEyesProxy.ini
2014-01-04 11:54 - 2014-01-03 11:40 - 00003096 _____ C:\Windows\system32\CovenantEyesProxyOff.ini
2014-01-04 11:54 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 11:54 - 2009-07-14 05:39 - 00001085 _____ C:\Windows\setupact.log
2014-01-04 11:32 - 2014-01-03 11:31 - 02070071 _____ C:\Windows\WindowsUpdate.log
2014-01-04 11:26 - 2014-01-04 11:26 - 00000000 _____ C:\Users\Erich\defogger_reenable
2014-01-04 11:26 - 2014-01-03 11:33 - 00000000 ____D C:\Users\Erich
2014-01-04 11:20 - 2014-01-04 10:50 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-04 11:14 - 2014-01-04 10:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 11:12 - 2009-07-14 05:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 11:12 - 2009-07-14 05:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 11:10 - 2010-11-20 22:01 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 11:06 - 2014-01-04 10:53 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-04 10:53 - 2014-01-04 10:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 10:51 - 2014-01-04 10:51 - 00000000 ____D C:\FRST
2014-01-04 10:32 - 2014-01-04 10:31 - 00002562 _____ C:\Windows\diagwrn.xml
2014-01-04 10:32 - 2014-01-04 10:31 - 00001908 _____ C:\Windows\diagerr.xml
2014-01-04 10:31 - 2009-07-14 05:39 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 23:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2014-01-03 23:38 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-03 15:11 - 2014-01-03 12:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-03 15:04 - 2010-11-20 22:48 - 00108404 _____ C:\Windows\PFRO.log
2014-01-03 15:01 - 2014-01-03 14:30 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Swiss Academic Software
2014-01-03 14:19 - 2014-01-03 14:19 - 00000040 _____ C:\Autoconfig.ini
2014-01-03 14:19 - 2014-01-03 14:19 - 00000000 ____D C:\ProgramData\Samsung
2014-01-03 14:18 - 2014-01-03 14:18 - 00000000 ____D C:\Program Files\Samsung
2014-01-03 14:16 - 2014-01-03 14:16 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2014-01-03 14:15 - 2014-01-03 14:15 - 00000000 ____D C:\Program Files\Citavi 4
2014-01-03 14:13 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-03 14:11 - 2014-01-03 14:11 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2014-01-03 14:11 - 2014-01-03 12:46 - 00000000 ____D C:\Program Files\Canon
2014-01-03 14:11 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\twain_32
2014-01-03 14:11 - 2009-07-14 03:37 - 00000000 __RSD C:\Windows\Media
2014-01-03 14:10 - 2014-01-03 14:10 - 00000000 ____D C:\Windows\system32\STRING
2014-01-03 13:15 - 2014-01-03 13:15 - 00000000 ____D C:\Windows\system32\Lang
2014-01-03 13:15 - 2014-01-03 13:15 - 00000000 ____D C:\Program Files\Intel
2014-01-03 13:15 - 2014-01-03 12:14 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Adobe
2014-01-03 13:14 - 2014-01-03 13:14 - 00000000 ____D C:\ProgramData\CovenantEyes
2014-01-03 13:14 - 2014-01-03 11:40 - 00000000 ____D C:\Program Files\CE
2014-01-03 13:14 - 2009-07-14 05:33 - 02278184 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 13:14 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2014-01-03 12:51 - 2014-01-03 12:51 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-03 12:50 - 2014-01-03 12:50 - 00002180 _____ C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00002082 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00002082 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-01-03 12:50 - 2014-01-03 12:50 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2014-01-03 12:50 - 2014-01-03 12:50 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-03 12:47 - 2014-01-03 12:47 - 00000000 ___HD C:\Program Files\CanonBJ
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Avira
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\ProgramData\APN
2014-01-03 12:33 - 2014-01-03 12:33 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2014-01-03 12:32 - 2014-01-03 12:14 - 00000000 ____D C:\Program Files\Adobe
2014-01-03 12:31 - 2014-01-03 12:31 - 00000000 ____D C:\ProgramData\Avira
2014-01-03 12:31 - 2014-01-03 12:31 - 00000000 ____D C:\Program Files\Avira
2014-01-03 12:30 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-03 12:19 - 2014-01-03 12:19 - 00000000 ____D C:\ProgramData\ALM
2014-01-03 12:19 - 2014-01-03 12:14 - 00000000 ____D C:\ProgramData\Adobe
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Macromedia
2014-01-03 12:16 - 2014-01-03 12:16 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2014-01-03 12:13 - 2014-01-03 12:13 - 00000000 ____D C:\Windows\system32\Macromed
2014-01-03 12:13 - 2014-01-03 12:13 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2014-01-03 12:05 - 2014-01-03 12:05 - 00000000 ____D C:\Program Files\capella-software
2014-01-03 12:04 - 2014-01-03 11:51 - 00000000 ____D C:\Users\Erich\AppData\Roaming\Mozilla
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-03 11:51 - 2014-01-03 11:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-03 11:50 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\LogFiles
2014-01-03 11:47 - 2014-01-03 11:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Windows\PCHEALTH
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Works
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2014-01-03 11:46 - 2014-01-03 11:46 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-03 11:46 - 2014-01-03 11:40 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-03 11:40 - 2014-01-03 11:40 - 00009626 _____ C:\ceInstall.log
2014-01-03 11:40 - 2014-01-03 11:40 - 00000794 __RSH C:\ProgramData\ntuser.pol
2014-01-03 11:40 - 2014-01-03 11:40 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-03 11:40 - 2011-04-12 02:39 - 00000000 ____D C:\Windows\ShellNew
2014-01-03 11:40 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-03 11:40 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-03 11:40 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini
2014-01-03 11:39 - 2014-01-03 11:39 - 00000000 __RHD C:\MSOCache
2014-01-03 11:39 - 2014-01-03 11:39 - 00000000 ____D C:\Windows\system32\x64
2014-01-03 11:34 - 2014-01-03 11:34 - 00001413 _____ C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-03 11:34 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\restore
2014-01-03 11:33 - 2014-01-03 11:33 - 00000020 ___SH C:\Users\Erich\ntuser.ini
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Netzwerkumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\Druckumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\Programme
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\ProgramData\Startmenü
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 _SHDL C:\ProgramData\Dokumente
2014-01-03 11:33 - 2014-01-03 11:33 - 00000000 __SHD C:\Recovery
2014-01-03 11:33 - 2014-01-03 11:24 - 00000000 ____D C:\Windows\Panther
2014-01-03 11:33 - 2010-11-20 21:57 - 00000000 ____D C:\Users\Administrator
2014-01-03 11:33 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-03 11:33 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2014-01-03 11:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\Recovery
2014-01-03 11:33 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Windows NT
2014-01-03 11:26 - 2014-01-03 11:24 - 00001355 _____ C:\Windows\TSSysprep.log
2014-01-03 11:25 - 2014-01-03 11:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-03 11:24 - 2011-04-12 02:39 - 00000000 ____D C:\Windows\CSC
2014-01-03 11:24 - 2009-07-14 05:34 - 00002790 _____ C:\Windows\DtcInstall.log
2014-01-03 11:23 - 2009-07-14 05:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2014-01-03 11:23 - 2009-07-14 05:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-12-09 11:37 - 2014-01-03 12:31 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2014-01-03 12:31 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2014-01-03 12:31 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2014-01-03 12:31 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-09 11:37 - 2014-01-03 12:31 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2013-12-05 10:32 - 2014-01-03 11:40 - 03204104 _____ C:\Windows\system32\authServer.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-01-2014
Ran by Erich at 2014-01-04 11:57:55
Running from F:\Desktop\Reinigung
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 1.2.443 - Adobe Systems Incorporated)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0 - Adobe Systems) Hidden
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Design Standard (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Design Standard (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 10 Plugin (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SGM CS4 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (Version: 12.10.0.2951 - APN, LLC)
Canon Easy-PhotoPrint EX (Version: 4.1.6 - Canon Inc.)
Canon IJ Network Scan Utility (Version: - )
Canon IJ Network Tool (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 3.0 (Version: - )
Canon MP640 series MP Drivers (Version: - Canon Inc.)
capella 2008 (Version: 6.00.9001 - capella-software)
Citavi 4 (Version: 4.2.0.11 - Swiss Academic Software)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Covenant Eyes (Version: 5.0.4.49 - Covenant Eyes, Inc.)
Dropbox (Version: 2.4.11 - Dropbox, Inc.)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (Version: - Intel Corporation)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SkyDrive (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Samsung Universal Print Driver 2 (Version: 2.50.03.00 - Samsung Electronics Co., Ltd.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
==================== Loaded Modules (whitelisted) =============
Wie gesagt, der Echtzeit-Scanner von Avira startet nicht mehr, deswegen kann es sein, dass deswegen die Meldung nicht mehr kommt. Was wäre als nächstes zu tun? Geändert von uagla (04.01.2014 um 12:53 Uhr) Grund: Fehler im Titel |
|
04.01.2014, 13:31
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte Hallo und
__________________ Zitat:
Wenn nicht, wozu dann CS4, Professional Windows und Office?
__________________ |
|
04.01.2014, 13:33
| #3 |
| | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte Nein privat genutzt. Ich arbeit ehrenamtlich im Verlag von Zuhause aus. CS4 ist eine Studenten Version. Windows 7 Professional habe ich von der Uni kostenlos bezogen.
__________________ |
|
04.01.2014, 13:34
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte Ok...dann mach mal nen Log mit dem TDSS-Tool von Kaspersky Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.01.2014, 14:05
| #5 |
| | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte TDSS Killer: Code:
ATTFilter 13:58:02.0222 0x1288 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
13:58:06.0936 0x1288 ============================================================
13:58:06.0936 0x1288 Current date / time: 2014/01/04 13:58:06.0936
13:58:06.0936 0x1288 SystemInfo:
13:58:06.0936 0x1288
13:58:06.0936 0x1288 OS Version: 6.1.7601 ServicePack: 1.0
13:58:06.0936 0x1288 Product type: Workstation
13:58:06.0937 0x1288 ComputerName: ERICH-PC
13:58:06.0937 0x1288 UserName: Erich
13:58:06.0937 0x1288 Windows directory: C:\Windows
13:58:06.0937 0x1288 System windows directory: C:\Windows
13:58:06.0937 0x1288 Processor architecture: Intel x86
13:58:06.0937 0x1288 Number of processors: 4
13:58:06.0937 0x1288 Page size: 0x1000
13:58:06.0937 0x1288 Boot type: Normal boot
13:58:06.0937 0x1288 ============================================================
13:58:07.0012 0x1288 KLMD registered as C:\Windows\system32\drivers\45415290.sys
13:58:07.0095 0x1288 System UUID: {05C356DA-F0DB-28F9-9D87-00542ABC9A36}
13:58:07.0617 0x1288 Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0x19A85, SectorsPerTrack: 0x1C, TracksPerCylinder: 0xEF, Type 'K0', Flags 0x00000050
13:58:07.0618 0x1288 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
13:58:07.0637 0x1288 ============================================================
13:58:07.0637 0x1288 \Device\Harddisk0\DR0:
13:58:07.0642 0x1288 MBR partitions:
13:58:07.0642 0x1288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x292B12C
13:58:07.0642 0x1288 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x292B92C, BlocksNum 0x69E8BAC
13:58:07.0642 0x1288 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9314580, BlocksNum 0x20B9E441
13:58:07.0642 0x1288 \Device\Harddisk1\DR1:
13:58:07.0642 0x1288 MBR partitions:
13:58:07.0642 0x1288 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:58:07.0643 0x1288 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
13:58:07.0643 0x1288 ============================================================
13:58:07.0644 0x1288 C: <-> \Device\Harddisk1\DR1\Partition2
13:58:07.0666 0x1288 D: <-> \Device\Harddisk0\DR0\Partition2
13:58:07.0698 0x1288 E: <-> \Device\Harddisk0\DR0\Partition1
13:58:07.0724 0x1288 F: <-> \Device\Harddisk0\DR0\Partition3
13:58:07.0724 0x1288 ============================================================
13:58:07.0724 0x1288 Initialize success
13:58:07.0724 0x1288 ============================================================
13:58:42.0833 0x16a0 ============================================================
13:58:42.0833 0x16a0 Scan started
13:58:42.0833 0x16a0 Mode: Manual; SigCheck; TDLFS;
13:58:42.0833 0x16a0 ============================================================
13:58:42.0833 0x16a0 KSN ping started
13:58:57.0544 0x16a0 KSN ping finished: true
13:58:57.0957 0x16a0 ================ Scan system memory ========================
13:58:57.0957 0x16a0 System memory - ok
13:58:57.0957 0x16a0 ================ Scan services =============================
13:58:58.0009 0x16a0 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:58:58.0099 0x16a0 1394ohci - ok
13:58:58.0121 0x16a0 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:58:58.0145 0x16a0 ACPI - ok
13:58:58.0152 0x16a0 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:58:58.0183 0x16a0 AcpiPmi - ok
13:58:58.0199 0x16a0 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:58:58.0236 0x16a0 adp94xx - ok
13:58:58.0249 0x16a0 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:58:58.0280 0x16a0 adpahci - ok
13:58:58.0289 0x16a0 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:58:58.0313 0x16a0 adpu320 - ok
13:58:58.0322 0x16a0 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:58:58.0383 0x16a0 AeLookupSvc - ok
13:58:58.0397 0x16a0 [ 1151FD4FB0216CFED887BFDE29EBD516, 673C2B498744C7EB846F6BD4FDC852B0A9722377D75FD694F7F78E727ADF4563 ] AFD C:\Windows\system32\drivers\afd.sys
13:58:58.0450 0x16a0 AFD - ok
13:58:58.0456 0x16a0 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:58:58.0478 0x16a0 agp440 - ok
13:58:58.0484 0x16a0 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:58:58.0509 0x16a0 aic78xx - ok
13:58:58.0515 0x16a0 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
13:58:58.0546 0x16a0 ALG - ok
13:58:58.0551 0x16a0 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
13:58:58.0570 0x16a0 aliide - ok
13:58:58.0576 0x16a0 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:58:58.0597 0x16a0 amdagp - ok
13:58:58.0601 0x16a0 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
13:58:58.0620 0x16a0 amdide - ok
13:58:58.0626 0x16a0 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:58:58.0653 0x16a0 AmdK8 - ok
13:58:58.0658 0x16a0 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:58:58.0685 0x16a0 AmdPPM - ok
13:58:58.0691 0x16a0 [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:58:58.0714 0x16a0 amdsata - ok
13:58:58.0722 0x16a0 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:58:58.0746 0x16a0 amdsbs - ok
13:58:58.0752 0x16a0 [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:58:58.0772 0x16a0 amdxata - ok
13:58:58.0791 0x16a0 [ FE79366FECD444A16CCA9979134DBEA8, 91D2301E35C89B9FAD5680124EA51DC346159DC78556ACCD935F9B236B9FDCBC ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:58:58.0832 0x16a0 AntiVirSchedulerService - ok
13:58:58.0846 0x16a0 [ FDE9C7030FB1E9E2715E113EE6A10F90, 541F278D743C34C6D9940FC1250B90674EB88EC429D481012F27817DAB1B557A ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:58:58.0870 0x16a0 AntiVirService - ok
13:58:58.0898 0x16a0 [ 8D69B1551F51E18AE12E01DE6A2050EA, E1BF3E1AB82E90DC32811C934933D761340DAE44B7ACDF3B9C19725465BE3590 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
13:58:58.0943 0x16a0 AntiVirWebService - ok
13:58:58.0953 0x16a0 [ B342CD9AA44E4AE99E2368EBDBC2E17A, C3081358313A982F53CAD54C214AFECAD9660A59FB4A3DDFE068724E83041AF8 ] APNMCP C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
13:58:58.0968 0x16a0 APNMCP - ok
13:58:58.0973 0x16a0 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
13:58:59.0009 0x16a0 AppID - ok
13:58:59.0014 0x16a0 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:58:59.0057 0x16a0 AppIDSvc - ok
13:58:59.0062 0x16a0 [ FB1959012294D6AD43E5304DF65E3C26, CFE906B07FF71A178CF9C254B056C6F5A303DDC511F0E4E1E75808F1D5326495 ] Appinfo C:\Windows\System32\appinfo.dll
13:58:59.0107 0x16a0 Appinfo - ok
13:58:59.0115 0x16a0 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:58:59.0153 0x16a0 AppMgmt - ok
13:58:59.0161 0x16a0 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
13:58:59.0185 0x16a0 arc - ok
13:58:59.0191 0x16a0 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:58:59.0219 0x16a0 arcsas - ok
13:58:59.0237 0x16a0 [ 2FE0D5DB69014980A970D3BF9A85D2B1, 3837F176B0CB7FEA2689D90B50B62F660FE579A5EB1E47C827DFA95596B72D1E ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:58:59.0253 0x16a0 aspnet_state - ok
13:58:59.0260 0x16a0 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:58:59.0316 0x16a0 AsyncMac - ok
13:58:59.0322 0x16a0 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
13:58:59.0337 0x16a0 atapi - ok
13:58:59.0353 0x16a0 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:58:59.0417 0x16a0 AudioEndpointBuilder - ok
13:58:59.0432 0x16a0 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:58:59.0479 0x16a0 Audiosrv - ok
13:58:59.0563 0x16a0 [ 4C152B2B811F26C1B30EC25AB2E363AB, 45E95FF015C46C84A07AAC086D6C49EAED69B09C72244DA5866842F461505589 ] Auth Service C:\Windows\system32\authServer.exe
13:58:59.0694 0x16a0 Auth Service - ok
13:58:59.0709 0x16a0 [ B8C10FF9369394EB84993F331810CF29, 84D674EF4FB73FD9D1539DFCC52361C2FBAFD5A2DEF1FFF4F1F416721AA80F85 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:58:59.0763 0x16a0 avgntflt - ok
13:58:59.0772 0x16a0 [ 4189E5AB2CAD6F395D87DAAE73EB090F, 8A98667451F0A9E81204BC9DD34B7BDA147FB867F0969361ED6F9C0CD422E49C ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:58:59.0796 0x16a0 avipbb - ok
13:58:59.0802 0x16a0 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:58:59.0829 0x16a0 avkmgr - ok
13:58:59.0838 0x16a0 [ 444E1CF85DD54019DC6CBB73C0875728, DC0BC6EDE0E81E7F062C173F6D6B22B207504CF5274F88ABEB3FA521E4A51E01 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
13:58:59.0859 0x16a0 avnetflt - ok
13:58:59.0866 0x16a0 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:58:59.0911 0x16a0 AxInstSV - ok
13:58:59.0926 0x16a0 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
13:58:59.0974 0x16a0 b06bdrv - ok
13:58:59.0985 0x16a0 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:59:00.0019 0x16a0 b57nd60x - ok
13:59:00.0027 0x16a0 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
13:59:00.0068 0x16a0 BDESVC - ok
13:59:00.0072 0x16a0 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
13:59:00.0107 0x16a0 Beep - ok
13:59:00.0124 0x16a0 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
13:59:00.0182 0x16a0 BFE - ok
13:59:00.0201 0x16a0 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
13:59:00.0393 0x16a0 BITS - ok
13:59:00.0399 0x16a0 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:59:00.0424 0x16a0 blbdrive - ok
13:59:00.0429 0x16a0 [ FCAFAEF6798D7B51FF029F99A9898961, BFB37686B1386EB883B99DB6AC342C20514939F8B7A5CEC5D63865B3DC2B4D4F ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:59:00.0468 0x16a0 bowser - ok
13:59:00.0473 0x16a0 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:59:00.0501 0x16a0 BrFiltLo - ok
13:59:00.0506 0x16a0 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:59:00.0534 0x16a0 BrFiltUp - ok
13:59:00.0541 0x16a0 [ 6E11F33D14D020F58D5E02E4D67DFA19, 9563E4E8CE769B7619745F6F6DE618389A1595785023BF1F295AD8301B27F0AF ] Browser C:\Windows\System32\browser.dll
13:59:00.0595 0x16a0 Browser - ok
13:59:00.0607 0x16a0 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:59:00.0648 0x16a0 Brserid - ok
13:59:00.0655 0x16a0 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:59:00.0685 0x16a0 BrSerWdm - ok
13:59:00.0690 0x16a0 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:59:00.0717 0x16a0 BrUsbMdm - ok
13:59:00.0723 0x16a0 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:59:00.0749 0x16a0 BrUsbSer - ok
13:59:00.0755 0x16a0 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:59:00.0786 0x16a0 BTHMODEM - ok
13:59:00.0794 0x16a0 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
13:59:00.0848 0x16a0 bthserv - ok
13:59:00.0854 0x16a0 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:59:00.0896 0x16a0 cdfs - ok
13:59:00.0903 0x16a0 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:59:00.0936 0x16a0 cdrom - ok
13:59:00.0943 0x16a0 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
13:59:00.0996 0x16a0 CertPropSvc - ok
13:59:01.0002 0x16a0 [ A75038E709CE20CDABF491C486F5C631, D4161A4B5C8980A611CDE45FD16ECCC8444BC5AFD167D8DC53362D1538549FF9 ] cewd32 C:\Windows\system32\Drivers\cewd32.sys
13:59:01.0007 0x16a0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cewd32.sys. md5: A75038E709CE20CDABF491C486F5C631, sha256: D4161A4B5C8980A611CDE45FD16ECCC8444BC5AFD167D8DC53362D1538549FF9
13:59:01.0007 0x16a0 cewd32 - detected LockedFile.Multi.Generic ( 1 )
13:59:03.0522 0x16a0 cewd32 ( LockedFile.Multi.Generic ) - warning
13:59:03.0522 0x16a0 Force sending object to P2P due to detect: C:\Windows\system32\Drivers\cewd32.sys
13:59:06.0801 0x16a0 Object send P2P result: true
13:59:09.0174 0x16a0 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
13:59:09.0209 0x16a0 circlass - ok
13:59:09.0220 0x16a0 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
13:59:09.0268 0x16a0 CLFS - ok
13:59:09.0276 0x16a0 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:59:09.0306 0x16a0 clr_optimization_v2.0.50727_32 - ok
13:59:09.0312 0x16a0 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:59:09.0339 0x16a0 clr_optimization_v4.0.30319_32 - ok
13:59:09.0345 0x16a0 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
13:59:09.0371 0x16a0 CmBatt - ok
13:59:09.0377 0x16a0 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:59:09.0398 0x16a0 cmdide - ok
13:59:09.0411 0x16a0 [ 1B675691ED940766149C93E8F4488D68, A55C41B2B343B1CF53D737ED1752D0510052094FFC60FDB833279A8A52398132 ] CNG C:\Windows\system32\Drivers\cng.sys
13:59:09.0453 0x16a0 CNG - ok
13:59:09.0459 0x16a0 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:59:09.0481 0x16a0 Compbatt - ok
13:59:09.0486 0x16a0 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:59:09.0515 0x16a0 CompositeBus - ok
13:59:09.0520 0x16a0 COMSysApp - ok
13:59:09.0639 0x16a0 [ F6315EACDCECC0924970CAF2FE22367B, E6C6CFAEA6042E3E1DF2DB8DEE424A2398D9338A02E71D9954C4B827592E1CDA ] CovenantEyesCommService C:\Program Files\CE\CovenantEyesCommService.exe
13:59:09.0785 0x16a0 CovenantEyesCommService - ok
13:59:09.0885 0x16a0 [ 85A285B1365120E06ADC040526B07717, 7809F8258D503BD91F72BEA227B04B9311FCBBC5F9593E29F5C860C69BB65D83 ] CovenantEyesProxy C:\Program Files\CE\CovenantEyesProxy.exe
13:59:10.0002 0x16a0 CovenantEyesProxy - ok
13:59:10.0017 0x16a0 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:59:10.0039 0x16a0 crcdisk - ok
13:59:10.0049 0x16a0 [ A585BEBF7D054BD9618EDA0922D5484A, 340DF730E88F8B6A4EF542F620EBA2A720546AFAB4DFFA00F066B7610A1026C5 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:59:10.0114 0x16a0 CryptSvc - ok
13:59:10.0128 0x16a0 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
13:59:10.0173 0x16a0 CSC - ok
13:59:10.0192 0x16a0 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
13:59:10.0252 0x16a0 CscService - ok
13:59:10.0268 0x16a0 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
13:59:10.0460 0x16a0 DcomLaunch - ok
13:59:10.0471 0x16a0 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
13:59:10.0557 0x16a0 defragsvc - ok
13:59:10.0564 0x16a0 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:59:10.0605 0x16a0 DfsC - ok
13:59:10.0615 0x16a0 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:59:10.0692 0x16a0 Dhcp - ok
13:59:10.0698 0x16a0 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
13:59:10.0739 0x16a0 discache - ok
13:59:10.0745 0x16a0 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
13:59:10.0769 0x16a0 Disk - ok
13:59:10.0775 0x16a0 [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
13:59:10.0805 0x16a0 dmvsc - ok
13:59:10.0813 0x16a0 [ 2FE30D71919C51131405797620E0A714, 16060DDC32EF95EB6E37B91D50A96AB53CB0DEBB3DFDCB31975D16361092ABA5 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:59:10.0896 0x16a0 Dnscache - ok
13:59:10.0906 0x16a0 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
13:59:10.0996 0x16a0 dot3svc - ok
13:59:11.0005 0x16a0 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
13:59:11.0083 0x16a0 DPS - ok
13:59:11.0088 0x16a0 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:59:11.0114 0x16a0 drmkaud - ok
13:59:11.0136 0x16a0 [ 23F5D28378A160352BA8F817BD8C71CB, 11BF7B7E6276C28EFF74B8AF89B493CBB89B394D2A091708EDA15DA5C342FF19 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:59:11.0189 0x16a0 DXGKrnl - ok
13:59:11.0197 0x16a0 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
13:59:11.0287 0x16a0 EapHost - ok
13:59:11.0365 0x16a0 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
13:59:11.0499 0x16a0 ebdrv - ok
13:59:11.0515 0x16a0 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] EFS C:\Windows\System32\lsass.exe
13:59:11.0639 0x16a0 EFS - ok
13:59:11.0657 0x16a0 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:59:11.0709 0x16a0 ehRecvr - ok
13:59:11.0716 0x16a0 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
13:59:11.0748 0x16a0 ehSched - ok
13:59:11.0764 0x16a0 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:59:11.0806 0x16a0 elxstor - ok
13:59:11.0812 0x16a0 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:59:11.0841 0x16a0 ErrDev - ok
13:59:11.0855 0x16a0 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
13:59:11.0946 0x16a0 EventSystem - ok
13:59:11.0955 0x16a0 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
13:59:12.0001 0x16a0 exfat - ok
13:59:12.0010 0x16a0 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:59:12.0057 0x16a0 fastfat - ok
13:59:12.0075 0x16a0 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
13:59:12.0167 0x16a0 Fax - ok
13:59:12.0173 0x16a0 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\drivers\fdc.sys
13:59:12.0202 0x16a0 fdc - ok
13:59:12.0206 0x16a0 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
13:59:12.0293 0x16a0 fdPHost - ok
13:59:12.0298 0x16a0 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
13:59:12.0386 0x16a0 FDResPub - ok
13:59:12.0392 0x16a0 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:59:12.0419 0x16a0 FileInfo - ok
13:59:12.0424 0x16a0 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:59:12.0465 0x16a0 Filetrace - ok
13:59:12.0484 0x16a0 [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:59:12.0524 0x16a0 FLEXnet Licensing Service - ok
13:59:12.0530 0x16a0 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:59:12.0559 0x16a0 flpydisk - ok
13:59:12.0567 0x16a0 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:59:12.0600 0x16a0 FltMgr - ok
13:59:12.0624 0x16a0 [ FA6C66E4364D7DA57AADE5DCC03BB999, 9C0D0A04D2558CF60B7F7185CC9B369CDDD3B1C625960910CECF07611F288378 ] FontCache C:\Windows\system32\FntCache.dll
13:59:12.0742 0x16a0 FontCache - ok
13:59:12.0750 0x16a0 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:59:12.0768 0x16a0 FontCache3.0.0.0 - ok
13:59:12.0773 0x16a0 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:59:12.0800 0x16a0 FsDepends - ok
13:59:12.0804 0x16a0 [ A574B4360E438977038AAE4BF60D79A2, 7255CCDDDAC4853FA72E6487408C4B7390CBA37549CE952929B2A9CF3327C616 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:59:12.0830 0x16a0 Fs_Rec - ok
13:59:12.0841 0x16a0 [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:59:12.0877 0x16a0 fvevol - ok
13:59:12.0883 0x16a0 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:59:12.0910 0x16a0 gagp30kx - ok
13:59:12.0928 0x16a0 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
13:59:13.0035 0x16a0 gpsvc - ok
13:59:13.0042 0x16a0 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:59:13.0074 0x16a0 hcw85cir - ok
13:59:13.0085 0x16a0 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:59:13.0130 0x16a0 HdAudAddService - ok
13:59:13.0137 0x16a0 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:59:13.0165 0x16a0 HDAudBus - ok
13:59:13.0170 0x16a0 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:59:13.0199 0x16a0 HidBatt - ok
13:59:13.0205 0x16a0 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:59:13.0240 0x16a0 HidBth - ok
13:59:13.0245 0x16a0 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
13:59:13.0277 0x16a0 HidIr - ok
13:59:13.0282 0x16a0 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
13:59:13.0382 0x16a0 hidserv - ok
13:59:13.0388 0x16a0 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:59:13.0418 0x16a0 HidUsb - ok
13:59:13.0424 0x16a0 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
13:59:13.0550 0x16a0 hkmsvc - ok
13:59:13.0559 0x16a0 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:59:13.0682 0x16a0 HomeGroupListener - ok
13:59:13.0693 0x16a0 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:59:13.0869 0x16a0 HomeGroupProvider - ok
13:59:13.0879 0x16a0 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:59:13.0911 0x16a0 HpSAMD - ok
13:59:13.0934 0x16a0 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:59:14.0010 0x16a0 HTTP - ok
13:59:14.0018 0x16a0 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:59:14.0045 0x16a0 hwpolicy - ok
13:59:14.0054 0x16a0 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:59:14.0092 0x16a0 i8042prt - ok
13:59:14.0106 0x16a0 [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:59:14.0147 0x16a0 iaStorV - ok
13:59:14.0174 0x16a0 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:59:14.0236 0x16a0 idsvc - ok
13:59:14.0358 0x16a0 [ 9467514EA189475A6E7FDC5D7BDE9D3F, E6F5B99BF6B614832770F9310B06334A8174C7660DDEC7589433640527A14683 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
13:59:14.0549 0x16a0 igfx - ok
13:59:14.0565 0x16a0 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:59:14.0594 0x16a0 iirsp - ok
13:59:14.0614 0x16a0 [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT C:\Windows\System32\ikeext.dll
13:59:14.0747 0x16a0 IKEEXT - ok
13:59:14.0753 0x16a0 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
13:59:14.0780 0x16a0 intelide - ok
13:59:14.0785 0x16a0 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:59:14.0814 0x16a0 intelppm - ok
13:59:14.0820 0x16a0 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:59:14.0931 0x16a0 IPBusEnum - ok
13:59:14.0937 0x16a0 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:59:14.0983 0x16a0 IpFilterDriver - ok
13:59:14.0998 0x16a0 [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:59:15.0130 0x16a0 iphlpsvc - ok
13:59:15.0137 0x16a0 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:59:15.0169 0x16a0 IPMIDRV - ok
13:59:15.0177 0x16a0 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:59:15.0225 0x16a0 IPNAT - ok
13:59:15.0230 0x16a0 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:59:15.0274 0x16a0 IRENUM - ok
13:59:15.0292 0x16a0 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:59:15.0327 0x16a0 isapnp - ok
13:59:15.0339 0x16a0 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:59:15.0384 0x16a0 iScsiPrt - ok
13:59:15.0395 0x16a0 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:59:15.0427 0x16a0 kbdclass - ok
13:59:15.0433 0x16a0 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:59:15.0473 0x16a0 kbdhid - ok
13:59:15.0481 0x16a0 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] KeyIso C:\Windows\system32\lsass.exe
13:59:15.0594 0x16a0 KeyIso - ok
13:59:15.0605 0x16a0 [ 412CEA1AA78CC02A447F5C9E62B32FF1, E06859E2CE2AFA3CE521851F8810778ED1748B812E601A58786605096AACEA81 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:59:15.0640 0x16a0 KSecDD - ok
13:59:15.0652 0x16a0 [ 26C046977E85B95036453D7B88BA1820, 375B284AFB407CAE417D2090B112A0ED1CCD516ABFDDBFCD5D6AADE859F14ACD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:59:15.0693 0x16a0 KSecPkg - ok
13:59:15.0707 0x16a0 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:59:15.0873 0x16a0 KtmRm - ok
13:59:15.0885 0x16a0 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:59:16.0098 0x16a0 LanmanServer - ok
13:59:16.0106 0x16a0 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:59:16.0340 0x16a0 LanmanWorkstation - ok
13:59:16.0348 0x16a0 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:59:16.0404 0x16a0 lltdio - ok
13:59:16.0413 0x16a0 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:59:16.0553 0x16a0 lltdsvc - ok
13:59:16.0559 0x16a0 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:59:16.0697 0x16a0 lmhosts - ok
13:59:16.0709 0x16a0 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:59:16.0742 0x16a0 LSI_FC - ok
13:59:16.0751 0x16a0 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:59:16.0789 0x16a0 LSI_SAS - ok
13:59:16.0797 0x16a0 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:59:16.0827 0x16a0 LSI_SAS2 - ok
13:59:16.0834 0x16a0 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:59:16.0864 0x16a0 LSI_SCSI - ok
13:59:16.0871 0x16a0 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
13:59:16.0919 0x16a0 luafv - ok
13:59:16.0926 0x16a0 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:59:17.0053 0x16a0 Mcx2Svc - ok
13:59:17.0061 0x16a0 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
13:59:17.0096 0x16a0 megasas - ok
13:59:17.0113 0x16a0 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:59:17.0156 0x16a0 MegaSR - ok
13:59:17.0164 0x16a0 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
13:59:17.0314 0x16a0 MMCSS - ok
13:59:17.0323 0x16a0 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
13:59:17.0380 0x16a0 Modem - ok
13:59:17.0387 0x16a0 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:59:17.0418 0x16a0 monitor - ok
13:59:17.0425 0x16a0 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:59:17.0455 0x16a0 mouclass - ok
13:59:17.0461 0x16a0 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:59:17.0493 0x16a0 mouhid - ok
13:59:17.0501 0x16a0 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:59:17.0532 0x16a0 mountmgr - ok
13:59:17.0538 0x16a0 [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:59:17.0552 0x16a0 MozillaMaintenance - ok
13:59:17.0561 0x16a0 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
13:59:17.0594 0x16a0 mpio - ok
13:59:17.0600 0x16a0 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:59:17.0645 0x16a0 mpsdrv - ok
13:59:17.0665 0x16a0 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:59:17.0847 0x16a0 MpsSvc - ok
13:59:17.0858 0x16a0 [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:59:17.0909 0x16a0 MRxDAV - ok
13:59:17.0919 0x16a0 [ B272B4C3E085EA860C12F2E4FAF2FFA2, DA99D8223D9FB7BFA52E66B73D1E1AA47B76B45A649400F7898E8D65D8672E52 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:59:17.0982 0x16a0 mrxsmb - ok
13:59:17.0994 0x16a0 [ 9AC33EF26C8A3AD0F117D00EB7301D03, 403445B07DC55F9DF98CA11AC87D4231187A2472A4E107786A5845B213355F0A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:59:18.0059 0x16a0 mrxsmb10 - ok
13:59:18.0071 0x16a0 [ E0ABDB5ED7E199E242A7D028E76C1D3A, 4014A1F0720F6D15A2FB0CF4F1F970595BC29929F92F461CDD68E4513F49563E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:59:18.0124 0x16a0 mrxsmb20 - ok
13:59:18.0131 0x16a0 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
13:59:18.0161 0x16a0 msahci - ok
13:59:18.0168 0x16a0 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:59:18.0202 0x16a0 msdsm - ok
13:59:18.0210 0x16a0 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
13:59:18.0358 0x16a0 MSDTC - ok
13:59:18.0373 0x16a0 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:59:18.0423 0x16a0 Msfs - ok
13:59:18.0428 0x16a0 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:59:18.0481 0x16a0 mshidkmdf - ok
13:59:18.0488 0x16a0 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:59:18.0518 0x16a0 msisadrv - ok
13:59:18.0525 0x16a0 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:59:18.0639 0x16a0 MSiSCSI - ok
13:59:18.0645 0x16a0 msiserver - ok
13:59:18.0651 0x16a0 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:59:18.0695 0x16a0 MSKSSRV - ok
13:59:18.0700 0x16a0 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:59:18.0745 0x16a0 MSPCLOCK - ok
13:59:18.0751 0x16a0 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:59:18.0796 0x16a0 MSPQM - ok
13:59:18.0806 0x16a0 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:59:18.0843 0x16a0 MsRPC - ok
13:59:18.0850 0x16a0 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:59:18.0876 0x16a0 mssmbios - ok
13:59:18.0880 0x16a0 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:59:18.0925 0x16a0 MSTEE - ok
13:59:18.0931 0x16a0 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:59:18.0964 0x16a0 MTConfig - ok
13:59:18.0970 0x16a0 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
13:59:19.0001 0x16a0 Mup - ok
13:59:19.0015 0x16a0 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
13:59:19.0200 0x16a0 napagent - ok
13:59:19.0212 0x16a0 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:59:19.0263 0x16a0 NativeWifiP - ok
13:59:19.0286 0x16a0 [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:59:19.0332 0x16a0 NDIS - ok
13:59:19.0339 0x16a0 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:59:19.0386 0x16a0 NdisCap - ok
13:59:19.0391 0x16a0 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:59:19.0436 0x16a0 NdisTapi - ok
13:59:19.0441 0x16a0 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:59:19.0488 0x16a0 Ndisuio - ok
13:59:19.0495 0x16a0 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:59:19.0543 0x16a0 NdisWan - ok
13:59:19.0548 0x16a0 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:59:19.0593 0x16a0 NDProxy - ok
13:59:19.0599 0x16a0 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:59:19.0646 0x16a0 NetBIOS - ok
13:59:19.0654 0x16a0 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:59:19.0708 0x16a0 NetBT - ok
13:59:19.0712 0x16a0 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] Netlogon C:\Windows\system32\lsass.exe
13:59:19.0821 0x16a0 Netlogon - ok
13:59:19.0833 0x16a0 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
13:59:19.0989 0x16a0 Netman - ok
13:59:19.0995 0x16a0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:20.0024 0x16a0 NetMsmqActivator - ok
13:59:20.0031 0x16a0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:20.0058 0x16a0 NetPipeActivator - ok
13:59:20.0070 0x16a0 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
13:59:20.0243 0x16a0 netprofm - ok
13:59:20.0249 0x16a0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:20.0276 0x16a0 NetTcpActivator - ok
13:59:20.0282 0x16a0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:20.0309 0x16a0 NetTcpPortSharing - ok
13:59:20.0315 0x16a0 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:59:20.0346 0x16a0 nfrd960 - ok
13:59:20.0356 0x16a0 [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:59:20.0511 0x16a0 NlaSvc - ok
13:59:20.0517 0x16a0 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:59:20.0563 0x16a0 Npfs - ok
13:59:20.0569 0x16a0 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
13:59:20.0731 0x16a0 nsi - ok
13:59:20.0735 0x16a0 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:59:20.0779 0x16a0 nsiproxy - ok
13:59:20.0814 0x16a0 [ 33C3093D09017CFE2E219F2472BFF6EB, DE46C7A53C3606F036DED1EE8A81B79CAF3171A7E97DA2F71712E2DA046A262E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:59:20.0886 0x16a0 Ntfs - ok
13:59:20.0894 0x16a0 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
13:59:20.0938 0x16a0 Null - ok
13:59:20.0945 0x16a0 [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:59:20.0982 0x16a0 nvraid - ok
13:59:20.0989 0x16a0 [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:59:21.0026 0x16a0 nvstor - ok
13:59:21.0032 0x16a0 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:59:21.0068 0x16a0 nv_agp - ok
13:59:21.0083 0x16a0 [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:59:21.0110 0x16a0 odserv - ok
13:59:21.0116 0x16a0 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:59:21.0155 0x16a0 ohci1394 - ok
13:59:21.0162 0x16a0 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:59:21.0174 0x16a0 ose - ok
13:59:21.0187 0x16a0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:59:21.0361 0x16a0 p2pimsvc - ok
13:59:21.0374 0x16a0 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
13:59:21.0542 0x16a0 p2psvc - ok
13:59:21.0548 0x16a0 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:59:21.0587 0x16a0 Parport - ok
13:59:21.0593 0x16a0 [ BF8F6AF06DA75B336F07E23AEF97D93B, 2F2C4314872732550A112BFF2F803484D4A3D697F0D69D352350CE208FD8A1A4 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:59:21.0627 0x16a0 partmgr - ok
13:59:21.0631 0x16a0 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:59:21.0665 0x16a0 Parvdm - ok
13:59:21.0673 0x16a0 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:59:21.0838 0x16a0 PcaSvc - ok
13:59:21.0847 0x16a0 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
13:59:21.0884 0x16a0 pci - ok
13:59:21.0889 0x16a0 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
13:59:21.0921 0x16a0 pciide - ok
13:59:21.0929 0x16a0 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:59:21.0968 0x16a0 pcmcia - ok
13:59:21.0974 0x16a0 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
13:59:22.0007 0x16a0 pcw - ok
13:59:22.0025 0x16a0 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:59:22.0100 0x16a0 PEAUTH - ok
13:59:22.0129 0x16a0 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:59:22.0324 0x16a0 PeerDistSvc - ok
13:59:22.0373 0x16a0 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
13:59:22.0602 0x16a0 pla - ok
13:59:22.0617 0x16a0 [ 92DC6E68D2C856C5C2F21AE9E22112B8, EFAA27886A05E57E629A9EFC3671D9D64144795EDF55438A676F5B43E59BE3FC ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:59:22.0833 0x16a0 PlugPlay - ok
13:59:22.0839 0x16a0 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:59:23.0001 0x16a0 PNRPAutoReg - ok
13:59:23.0012 0x16a0 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:59:23.0173 0x16a0 PNRPsvc - ok
13:59:23.0187 0x16a0 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:59:23.0308 0x16a0 PolicyAgent - ok
13:59:23.0317 0x16a0 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
13:59:23.0536 0x16a0 Power - ok
13:59:23.0542 0x16a0 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:59:23.0594 0x16a0 PptpMiniport - ok
13:59:23.0600 0x16a0 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
13:59:23.0639 0x16a0 Processor - ok
13:59:23.0647 0x16a0 [ 43CA4CCC22D52FB58E8988F0198851D0, DF67BD70D9D82677AE61244B4E54677A5008A7F5EB531DF2A7E7D33F1658EA78 ] ProfSvc C:\Windows\system32\profsvc.dll
13:59:23.0818 0x16a0 ProfSvc - ok
13:59:23.0824 0x16a0 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:59:23.0934 0x16a0 ProtectedStorage - ok
13:59:23.0941 0x16a0 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:59:23.0994 0x16a0 Psched - ok
13:59:24.0032 0x16a0 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:59:24.0107 0x16a0 ql2300 - ok
13:59:24.0118 0x16a0 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:59:24.0154 0x16a0 ql40xx - ok
13:59:24.0163 0x16a0 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
13:59:24.0343 0x16a0 QWAVE - ok
13:59:24.0349 0x16a0 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:59:24.0387 0x16a0 QWAVEdrv - ok
13:59:24.0391 0x16a0 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:59:24.0439 0x16a0 RasAcd - ok
13:59:24.0445 0x16a0 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:59:24.0480 0x16a0 RasAgileVpn - ok
13:59:24.0486 0x16a0 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
13:59:24.0671 0x16a0 RasAuto - ok
13:59:24.0677 0x16a0 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:59:24.0728 0x16a0 Rasl2tp - ok
13:59:24.0739 0x16a0 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
13:59:24.0934 0x16a0 RasMan - ok
13:59:24.0940 0x16a0 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:59:24.0991 0x16a0 RasPppoe - ok
13:59:24.0997 0x16a0 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:59:25.0047 0x16a0 RasSstp - ok
13:59:25.0057 0x16a0 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:59:25.0115 0x16a0 rdbss - ok
13:59:25.0120 0x16a0 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:59:25.0156 0x16a0 rdpbus - ok
13:59:25.0160 0x16a0 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:59:25.0206 0x16a0 RDPCDD - ok
13:59:25.0215 0x16a0 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:59:25.0256 0x16a0 RDPDR - ok
13:59:25.0261 0x16a0 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:59:25.0306 0x16a0 RDPENCDD - ok
13:59:25.0312 0x16a0 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:59:25.0359 0x16a0 RDPREFMP - ok
13:59:25.0367 0x16a0 [ 244C83332F44589AE98FC347F11B2693, 857B15FDB1163AD2A6770473E891E2BBCFBD3B9AA6FCC0D31023F9BE536F3B36 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:59:25.0411 0x16a0 RDPWD - ok
13:59:25.0419 0x16a0 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:59:25.0458 0x16a0 rdyboost - ok
13:59:25.0464 0x16a0 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:59:25.0604 0x16a0 RemoteAccess - ok
13:59:25.0611 0x16a0 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:59:25.0803 0x16a0 RemoteRegistry - ok
13:59:25.0808 0x16a0 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:59:25.0997 0x16a0 RpcEptMapper - ok
13:59:26.0003 0x16a0 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
13:59:26.0117 0x16a0 RpcLocator - ok
13:59:26.0130 0x16a0 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
13:59:26.0323 0x16a0 RpcSs - ok
13:59:26.0330 0x16a0 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:59:26.0384 0x16a0 rspndr - ok
13:59:26.0392 0x16a0 [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
13:59:26.0435 0x16a0 RTL8167 - ok
13:59:26.0441 0x16a0 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:59:26.0484 0x16a0 s3cap - ok
13:59:26.0490 0x16a0 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] SamSs C:\Windows\system32\lsass.exe
13:59:26.0600 0x16a0 SamSs - ok
13:59:26.0607 0x16a0 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:59:26.0646 0x16a0 sbp2port - ok
13:59:26.0654 0x16a0 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:59:26.0853 0x16a0 SCardSvr - ok
13:59:26.0858 0x16a0 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:59:26.0908 0x16a0 scfilter - ok
13:59:26.0932 0x16a0 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
13:59:27.0154 0x16a0 Schedule - ok
13:59:27.0163 0x16a0 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:59:27.0208 0x16a0 SCPolicySvc - ok
13:59:27.0216 0x16a0 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:59:27.0404 0x16a0 SDRSVC - ok
13:59:27.0409 0x16a0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:59:27.0460 0x16a0 secdrv - ok
13:59:27.0465 0x16a0 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
13:59:27.0657 0x16a0 seclogon - ok
13:59:27.0663 0x16a0 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
13:59:27.0851 0x16a0 SENS - ok
13:59:27.0856 0x16a0 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:59:28.0038 0x16a0 SensrSvc - ok
13:59:28.0043 0x16a0 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:59:28.0082 0x16a0 Serenum - ok
13:59:28.0087 0x16a0 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:59:28.0129 0x16a0 Serial - ok
13:59:28.0134 0x16a0 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:59:28.0172 0x16a0 sermouse - ok
13:59:28.0184 0x16a0 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
13:59:28.0383 0x16a0 SessionEnv - ok
13:59:28.0387 0x16a0 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:59:28.0426 0x16a0 sffdisk - ok
13:59:28.0430 0x16a0 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:59:28.0469 0x16a0 sffp_mmc - ok
13:59:28.0473 0x16a0 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:59:28.0514 0x16a0 sffp_sd - ok
13:59:28.0519 0x16a0 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:59:28.0562 0x16a0 sfloppy - ok
13:59:28.0573 0x16a0 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:59:28.0697 0x16a0 SharedAccess - ok
13:59:28.0711 0x16a0 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:59:28.0916 0x16a0 ShellHWDetection - ok
13:59:28.0923 0x16a0 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:59:28.0959 0x16a0 sisagp - ok
13:59:28.0965 0x16a0 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:59:29.0000 0x16a0 SiSRaid2 - ok
13:59:29.0006 0x16a0 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:59:29.0045 0x16a0 SiSRaid4 - ok
13:59:29.0051 0x16a0 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:59:29.0108 0x16a0 Smb - ok
13:59:29.0117 0x16a0 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:59:29.0302 0x16a0 SNMPTRAP - ok
13:59:29.0308 0x16a0 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
13:59:29.0344 0x16a0 spldr - ok
13:59:29.0356 0x16a0 [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler C:\Windows\System32\spoolsv.exe
13:59:29.0576 0x16a0 Spooler - ok
13:59:29.0662 0x16a0 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
13:59:29.0976 0x16a0 sppsvc - ok
13:59:29.0990 0x16a0 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:59:30.0203 0x16a0 sppuinotify - ok
13:59:30.0215 0x16a0 [ 112127C3B2E64D7680CC39CD0A39DD7E, ABE8B868CFE0EF4DAF886517047DBFD5A9C964983FAA499AC086CCD45BA46366 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:59:30.0277 0x16a0 srv - ok
13:59:30.0290 0x16a0 [ E5DD784A4EE5EBC72A86C677C988FCDB, 5D54C9AF291F8047DD66C31671F279A5D7EE8BCB5E55640F5F976E16211F59DD ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:59:30.0355 0x16a0 srv2 - ok
13:59:30.0364 0x16a0 [ CDBE627E16CC9E98F343D73F8E81D258, 25A68A6F943FCBA79A0D97ABC5B2EAEEB65C268F1CB2DD445ABF7E2758DF2802 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:59:30.0421 0x16a0 srvnet - ok
13:59:30.0431 0x16a0 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:59:30.0645 0x16a0 SSDPSRV - ok
13:59:30.0654 0x16a0 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
13:59:30.0691 0x16a0 ssmdrv - ok
13:59:30.0700 0x16a0 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:59:30.0903 0x16a0 SstpSvc - ok
13:59:30.0908 0x16a0 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:59:30.0944 0x16a0 stexstor - ok
13:59:30.0960 0x16a0 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
13:59:31.0228 0x16a0 StiSvc - ok
13:59:31.0241 0x16a0 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:59:31.0291 0x16a0 storflt - ok
13:59:31.0302 0x16a0 [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
13:59:31.0517 0x16a0 StorSvc - ok
13:59:31.0524 0x16a0 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:59:31.0560 0x16a0 storvsc - ok
13:59:31.0565 0x16a0 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:59:31.0601 0x16a0 swenum - ok
13:59:31.0613 0x16a0 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
13:59:31.0855 0x16a0 swprv - ok
13:59:31.0906 0x16a0 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
13:59:32.0179 0x16a0 SysMain - ok
13:59:32.0194 0x16a0 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
13:59:32.0406 0x16a0 TabletInputService - ok
13:59:32.0421 0x16a0 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
13:59:32.0650 0x16a0 TapiSrv - ok
13:59:32.0657 0x16a0 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
13:59:32.0877 0x16a0 TBS - ok
13:59:32.0921 0x16a0 [ 37E8FA3779668837CA9E2C36D2415949, FDDA99B7501CDBC3032AA12FD8E929F5E3B47DA112D0F8A05E2D833E5609EDEA ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:59:33.0014 0x16a0 Tcpip - ok
13:59:33.0066 0x16a0 [ 37E8FA3779668837CA9E2C36D2415949, FDDA99B7501CDBC3032AA12FD8E929F5E3B47DA112D0F8A05E2D833E5609EDEA ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:59:33.0136 0x16a0 TCPIP6 - ok
13:59:33.0156 0x16a0 [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:59:33.0209 0x16a0 tcpipreg - ok
13:59:33.0216 0x16a0 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:59:33.0256 0x16a0 TDPIPE - ok
13:59:33.0261 0x16a0 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:59:33.0301 0x16a0 TDTCP - ok
13:59:33.0307 0x16a0 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:59:33.0370 0x16a0 tdx - ok
13:59:33.0380 0x16a0 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:59:33.0424 0x16a0 TermDD - ok
13:59:33.0446 0x16a0 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
13:59:33.0695 0x16a0 TermService - ok
13:59:33.0703 0x16a0 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
13:59:33.0904 0x16a0 Themes - ok
13:59:33.0910 0x16a0 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
13:59:34.0039 0x16a0 THREADORDER - ok
13:59:34.0048 0x16a0 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
13:59:34.0263 0x16a0 TrkWks - ok
13:59:34.0272 0x16a0 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:59:34.0306 0x16a0 TrustedInstaller - ok
13:59:34.0314 0x16a0 [ 254BB140EEE3C59D6114C1A86B636877, EE09D62E90407A40278F2136F640DAB16A4E2BF57D4FB6E05F92CA9CC9CF57C0 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:59:34.0372 0x16a0 tssecsrv - ok
13:59:34.0379 0x16a0 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:59:34.0430 0x16a0 TsUsbFlt - ok
13:59:34.0441 0x16a0 [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:59:34.0488 0x16a0 TsUsbGD - ok
13:59:34.0497 0x16a0 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:59:34.0560 0x16a0 tunnel - ok
13:59:34.0573 0x16a0 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:59:34.0614 0x16a0 uagp35 - ok
13:59:34.0626 0x16a0 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:59:34.0690 0x16a0 udfs - ok
13:59:34.0706 0x16a0 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:59:34.0930 0x16a0 UI0Detect - ok
13:59:34.0940 0x16a0 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:59:34.0984 0x16a0 uliagpkx - ok
13:59:34.0992 0x16a0 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:59:35.0042 0x16a0 umbus - ok
13:59:35.0050 0x16a0 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:59:35.0098 0x16a0 UmPass - ok
13:59:35.0109 0x16a0 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
13:59:35.0323 0x16a0 UmRdpService - ok
13:59:35.0335 0x16a0 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
13:59:35.0580 0x16a0 upnphost - ok
13:59:35.0587 0x16a0 [ 7E72E7D7E0757D59481D530FD2B0BFAE, 288CAC9F4AC09DEB2B30C6E3A6ACF8D62A75576F62F0EC159D5E1B257419E9DC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:59:35.0637 0x16a0 usbccgp - ok
13:59:35.0647 0x16a0 [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:59:35.0702 0x16a0 usbcir - ok
13:59:35.0712 0x16a0 [ CFBCE999C057D78979A181C9C60F208E, D60698EAA8A085214D5945818B0863976CF116EBE523046C344AF4E9392FDF80 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:59:35.0762 0x16a0 usbehci - ok
13:59:35.0775 0x16a0 [ 9D22AAD9AC6A07C691A1113E5F860868, AC34D36DBB5649650FCD873A792CA1387AE841D4C46781C63C0D29834F9B58E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:59:35.0827 0x16a0 usbhub - ok
13:59:35.0833 0x16a0 [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:59:35.0875 0x16a0 usbohci - ok
13:59:35.0880 0x16a0 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:59:35.0922 0x16a0 usbprint - ok
13:59:35.0930 0x16a0 [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:59:35.0982 0x16a0 USBSTOR - ok
13:59:35.0991 0x16a0 [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:59:36.0037 0x16a0 usbuhci - ok
13:59:36.0045 0x16a0 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
13:59:36.0272 0x16a0 UxSms - ok
13:59:36.0277 0x16a0 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] VaultSvc C:\Windows\system32\lsass.exe
13:59:36.0387 0x16a0 VaultSvc - ok
13:59:36.0394 0x16a0 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:59:36.0432 0x16a0 vdrvroot - ok
13:59:36.0449 0x16a0 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
13:59:36.0689 0x16a0 vds - ok
13:59:36.0696 0x16a0 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:59:36.0739 0x16a0 vga - ok
13:59:36.0745 0x16a0 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:59:36.0798 0x16a0 VgaSave - ok
13:59:36.0808 0x16a0 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:59:36.0852 0x16a0 vhdmp - ok
13:59:36.0859 0x16a0 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:59:36.0896 0x16a0 viaagp - ok
13:59:36.0903 0x16a0 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:59:36.0949 0x16a0 ViaC7 - ok
13:59:36.0954 0x16a0 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
13:59:36.0992 0x16a0 viaide - ok
13:59:37.0002 0x16a0 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:59:37.0049 0x16a0 vmbus - ok
13:59:37.0055 0x16a0 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:59:37.0098 0x16a0 VMBusHID - ok
13:59:37.0104 0x16a0 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:59:37.0145 0x16a0 volmgr - ok
13:59:37.0157 0x16a0 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:59:37.0210 0x16a0 volmgrx - ok
13:59:37.0221 0x16a0 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:59:37.0271 0x16a0 volsnap - ok
13:59:37.0280 0x16a0 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:59:37.0324 0x16a0 vsmraid - ok
13:59:37.0352 0x16a0 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
13:59:37.0601 0x16a0 VSS - ok
13:59:37.0607 0x16a0 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:59:37.0653 0x16a0 vwifibus - ok
13:59:37.0664 0x16a0 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
13:59:37.0899 0x16a0 W32Time - ok
13:59:37.0906 0x16a0 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:59:37.0949 0x16a0 WacomPen - ok
13:59:37.0955 0x16a0 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:59:38.0024 0x16a0 WANARP - ok
13:59:38.0028 0x16a0 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:59:38.0078 0x16a0 Wanarpv6 - ok
13:59:38.0111 0x16a0 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
13:59:38.0367 0x16a0 wbengine - ok
13:59:38.0379 0x16a0 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:59:38.0603 0x16a0 WbioSrvc - ok
13:59:38.0616 0x16a0 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:59:38.0840 0x16a0 wcncsvc - ok
13:59:38.0847 0x16a0 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:59:39.0057 0x16a0 WcsPlugInService - ok
13:59:39.0062 0x16a0 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
13:59:39.0102 0x16a0 Wd - ok
13:59:39.0118 0x16a0 [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:59:39.0177 0x16a0 Wdf01000 - ok
13:59:39.0184 0x16a0 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:59:39.0407 0x16a0 WdiServiceHost - ok
13:59:39.0411 0x16a0 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:59:39.0618 0x16a0 WdiSystemHost - ok
13:59:39.0629 0x16a0 [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient C:\Windows\System32\webclnt.dll
13:59:39.0855 0x16a0 WebClient - ok
13:59:39.0864 0x16a0 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:59:40.0094 0x16a0 Wecsvc - ok
13:59:40.0100 0x16a0 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:59:40.0321 0x16a0 wercplsupport - ok
13:59:40.0329 0x16a0 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
13:59:40.0554 0x16a0 WerSvc - ok
13:59:40.0560 0x16a0 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:59:40.0614 0x16a0 WfpLwf - ok
13:59:40.0619 0x16a0 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:59:40.0659 0x16a0 WIMMount - ok
13:59:40.0678 0x16a0 [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:59:40.0730 0x16a0 WinDefend - ok
13:59:40.0738 0x16a0 WinHttpAutoProxySvc - ok
13:59:40.0751 0x16a0 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:59:40.0810 0x16a0 Winmgmt - ok
13:59:40.0844 0x16a0 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM C:\Windows\system32\WsmSvc.dll
13:59:41.0126 0x16a0 WinRM - ok
13:59:41.0157 0x16a0 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:59:41.0413 0x16a0 Wlansvc - ok
13:59:41.0420 0x16a0 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:59:41.0462 0x16a0 WmiAcpi - ok
13:59:41.0472 0x16a0 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:59:41.0524 0x16a0 wmiApSrv - ok
13:59:41.0558 0x16a0 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:59:41.0612 0x16a0 WMPNetworkSvc - ok
13:59:41.0620 0x16a0 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:59:41.0844 0x16a0 WPCSvc - ok
13:59:41.0850 0x16a0 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:59:42.0079 0x16a0 WPDBusEnum - ok
13:59:42.0084 0x16a0 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:59:42.0139 0x16a0 ws2ifsl - ok
13:59:42.0145 0x16a0 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
13:59:42.0375 0x16a0 wscsvc - ok
13:59:42.0379 0x16a0 WSearch - ok
13:59:42.0431 0x16a0 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
13:59:42.0700 0x16a0 wuauserv - ok
13:59:42.0711 0x16a0 [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:59:42.0767 0x16a0 WudfPf - ok
13:59:42.0775 0x16a0 [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:59:42.0833 0x16a0 WUDFRd - ok
13:59:42.0839 0x16a0 [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:59:43.0079 0x16a0 wudfsvc - ok
13:59:43.0088 0x16a0 [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:59:43.0326 0x16a0 WwanSvc - ok
13:59:43.0330 0x16a0 ================ Scan global ===============================
13:59:43.0335 0x16a0 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
13:59:43.0363 0x16a0 [ A9F564F254E9DDDE120A7135767EC24B, F255DCB4C7F4F941BA27700D66684AD0BA3DF114D6F298E2A909095B71B11D94 ] C:\Windows\system32\winsrv.dll
13:59:43.0578 0x16a0 [ A9F564F254E9DDDE120A7135767EC24B, F255DCB4C7F4F941BA27700D66684AD0BA3DF114D6F298E2A909095B71B11D94 ] C:\Windows\system32\winsrv.dll
13:59:43.0779 0x16a0 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
13:59:43.0963 0x16a0 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
13:59:44.0129 0x16a0 [ Global ] - ok
13:59:44.0129 0x16a0 ================ Scan MBR ==================================
13:59:44.0141 0x16a0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:59:44.0335 0x16a0 \Device\Harddisk0\DR0 - ok
13:59:44.0340 0x16a0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:59:44.0445 0x16a0 \Device\Harddisk1\DR1 - ok
13:59:44.0445 0x16a0 ================ Scan VBR ==================================
13:59:44.0470 0x16a0 [ 7F60F662D9FBBCF35BF6F7FF55A22659 ] \Device\Harddisk0\DR0\Partition1
13:59:44.0471 0x16a0 \Device\Harddisk0\DR0\Partition1 - ok
13:59:44.0483 0x16a0 [ 0D3D3A9B36E09F3B8EAC6E05455A9F20 ] \Device\Harddisk0\DR0\Partition2
13:59:44.0484 0x16a0 \Device\Harddisk0\DR0\Partition2 - ok
13:59:44.0503 0x16a0 [ EF7CE2F3C22C6221CBDF4A082833F795 ] \Device\Harddisk0\DR0\Partition3
13:59:44.0504 0x16a0 \Device\Harddisk0\DR0\Partition3 - ok
13:59:44.0508 0x16a0 [ 8709EB6D266B68A71A019AFC6BB5F0D3 ] \Device\Harddisk1\DR1\Partition1
13:59:44.0510 0x16a0 \Device\Harddisk1\DR1\Partition1 - ok
13:59:44.0513 0x16a0 [ 18F20D63B3D5A02FC35F467B2C24F6FF ] \Device\Harddisk1\DR1\Partition2
13:59:44.0515 0x16a0 \Device\Harddisk1\DR1\Partition2 - ok
13:59:44.0516 0x16a0 Waiting for KSN requests completion. In queue: 30
13:59:45.0516 0x16a0 Waiting for KSN requests completion. In queue: 30
13:59:46.0516 0x16a0 Waiting for KSN requests completion. In queue: 30
13:59:47.0541 0x16a0 AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.2.234 ), 0x41000 ( enabled : updated )
13:59:47.0550 0x16a0 Win FW state via NFP2: enabled
13:59:49.0865 0x16a0 ============================================================
13:59:49.0865 0x16a0 Scan finished
13:59:49.0865 0x16a0 ============================================================
13:59:49.0865 0x13c0 Detected object count: 1
13:59:49.0865 0x13c0 Actual detected object count: 1
14:00:08.0310 0x13c0 cewd32 ( LockedFile.Multi.Generic ) - skipped by user
14:00:08.0310 0x13c0 cewd32 ( LockedFile.Multi.Generic ) - User select action: Skip
14:00:14.0004 0x0ee0 Deinitialize success
Mittlerweile läuft Avira AntiVir wieder normal und es kommt keine Fehlermeldung mehr |
|
04.01.2014, 14:06
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen FestplatteZitat:
Scan mit Combofix
__________________ --> BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte |
|
04.01.2014, 14:24
| #7 |
| | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte Combofix: Code:
ATTFilter ComboFix 14-01-04.03 - Erich 04.01.2014 14:10:35.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3318.2171 [GMT 1:00]
ausgeführt von:: f:\desktop\Reinigung\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\temp\catchme.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-04 bis 2014-01-04 ))))))))))))))))))))))))))))))
.
.
2014-01-04 13:18 . 2014-01-04 13:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-04 11:48 . 2014-01-04 11:48 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-01-04 09:53 . 2014-01-04 09:53 -------- d-----w- c:\programdata\Malwarebytes
2014-01-04 09:53 . 2014-01-04 10:14 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-04 09:53 . 2014-01-04 10:06 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-04 09:51 . 2014-01-04 09:51 -------- d-----w- C:\FRST
2014-01-04 09:50 . 2014-01-04 10:20 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-04 09:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2014-01-03 13:19 . 2014-01-03 13:19 -------- d-----w- c:\programdata\Samsung
2014-01-03 13:18 . 2013-02-05 02:28 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\spe__pc.dll
2014-01-03 13:18 . 2014-01-03 13:18 -------- d-----w- c:\program files\Samsung
2014-01-03 13:18 . 2013-06-01 05:13 1571160 ------w- c:\windows\TotalUninstaller.exe
2014-01-03 13:18 . 2013-05-10 09:48 162136 ----a-w- c:\windows\system32\spe__ci.exe
2014-01-03 13:18 . 2011-04-11 05:26 24064 ----a-w- c:\windows\system32\spe__l.dll
2014-01-03 13:18 . 2010-10-20 08:49 65536 ----a-w- c:\windows\system32\spe__ci.dll
2014-01-03 13:16 . 2014-01-03 13:16 -------- d-----w- c:\programdata\Swiss Academic Software
2014-01-03 13:15 . 2014-01-03 13:15 -------- d-----w- c:\program files\Citavi 4
2014-01-03 13:11 . 2014-01-03 13:11 -------- d-----w- c:\programdata\Canon IJ Network Tool
2014-01-03 13:11 . 2009-09-17 08:12 303104 ----a-w- c:\windows\system32\CNC640L.dll
2014-01-03 13:11 . 2009-04-03 15:00 1310720 ----a-w- c:\windows\system32\CNC640C.dll
2014-01-03 13:11 . 2009-04-03 14:59 110592 ----a-w- c:\windows\system32\CNC640I.dll
2014-01-03 13:11 . 2009-04-03 14:57 106496 ----a-w- c:\windows\system32\CNC640U.dll
2014-01-03 13:11 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2014-01-03 13:10 . 2014-01-03 13:10 -------- d-----w- c:\windows\system32\STRING
2014-01-03 13:10 . 2012-06-14 16:18 35840 ----a-w- c:\windows\system32\CNMNPUI.DLL
2014-01-03 13:10 . 2012-06-14 16:18 366592 ----a-w- c:\windows\system32\CNMNPPM.DLL
2014-01-03 12:15 . 2014-01-03 12:15 -------- d-----w- c:\windows\system32\Lang
2014-01-03 12:15 . 2014-01-03 12:15 -------- d-----w- c:\program files\Intel
2014-01-03 12:15 . 2009-09-23 10:50 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2014-01-03 12:15 . 2009-09-23 10:49 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2014-01-03 12:14 . 2014-01-03 12:14 -------- d-----w- c:\programdata\CovenantEyes
2014-01-03 11:51 . 2014-01-03 11:51 -------- d-----w- C:\SkyDriveTemp
2014-01-03 11:50 . 2014-01-03 11:50 -------- d-----w- c:\program files\Microsoft SkyDrive
2014-01-03 11:50 . 2014-01-03 11:50 -------- d-----w- c:\programdata\Microsoft SkyDrive
2014-01-03 11:47 . 2014-01-03 11:47 -------- d--h--w- c:\programdata\CanonBJ
2014-01-03 11:47 . 2010-04-24 04:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA2.DLL
2014-01-03 11:47 . 2010-04-24 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA2.DLL
2014-01-03 11:47 . 2014-01-03 11:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2014-01-03 11:47 . 2010-04-24 04:00 272384 ----a-w- c:\windows\system32\CNMLMA2.DLL
2014-01-03 11:47 . 2009-03-18 08:09 178176 ----a-w- c:\windows\system32\CNMIUA2.DLL
2014-01-03 11:46 . 2014-01-03 13:11 -------- d-----w- c:\program files\Canon
2014-01-03 11:33 . 2014-01-03 11:33 -------- d-----w- c:\programdata\AskPartnerNetwork
2014-01-03 11:33 . 2014-01-03 11:33 -------- d-----w- c:\program files\AskPartnerNetwork
2014-01-03 11:33 . 2014-01-03 11:33 -------- d-----w- c:\programdata\APN
2014-01-03 11:31 . 2013-12-09 10:37 69240 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-01-03 11:31 . 2013-12-09 10:37 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-01-03 11:31 . 2013-12-09 10:37 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-01-03 11:31 . 2013-12-09 10:37 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-01-03 11:31 . 2014-01-03 11:31 -------- d-----w- c:\programdata\Avira
2014-01-03 11:31 . 2014-01-03 11:31 -------- d-----w- c:\program files\Avira
2014-01-03 11:19 . 2014-01-03 11:19 -------- d-----w- c:\programdata\ALM
2014-01-03 11:19 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2014-01-03 11:16 . 2014-01-03 11:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2014-01-03 11:13 . 2014-01-03 11:13 -------- d-----w- c:\windows\system32\Macromed
2014-01-03 11:13 . 2014-01-03 11:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2014-01-03 11:08 . 2014-01-03 14:11 -------- d-----w- c:\program files\Common Files\Adobe
2014-01-03 11:05 . 2014-01-03 11:05 -------- d-----w- c:\program files\capella-software
2014-01-03 10:51 . 2014-01-03 10:51 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-01-03 10:46 . 2013-12-16 00:54 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF684748-C367-4271-B7E3-F3E02099ABE7}\mpengine.dll
2014-01-03 10:46 . 2013-11-26 11:25 230048 ------w- c:\windows\system32\MpSigStub.exe
2014-01-03 10:46 . 2014-01-03 10:46 -------- d-----w- c:\program files\Microsoft Works
2014-01-03 10:46 . 2014-01-03 13:13 -------- d-----w- c:\program files\Microsoft.NET
2014-01-03 10:46 . 2014-01-03 10:46 -------- d-----w- c:\windows\PCHEALTH
2014-01-03 10:40 . 2013-10-04 12:19 26624 ----a-w- c:\windows\system32\drivers\cewd32.sys
2014-01-03 10:40 . 2013-10-04 12:19 322584 ----a-w- c:\windows\system32\CovenantEyesProxy.dll
2014-01-03 10:40 . 2014-01-04 11:52 -------- d-----w- c:\programdata\Microsoft Help
2014-01-03 10:40 . 2014-01-04 11:57 -------- d-sh--w- c:\windows\Installer
2014-01-03 10:40 . 2013-12-05 09:32 3204104 ----a-w- c:\windows\system32\authServer.exe
2014-01-03 10:40 . 2014-01-03 12:14 -------- d-----w- c:\program files\CE
2014-01-03 10:40 . 2014-01-03 10:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2014-01-03 10:39 . 2014-01-03 10:39 -------- d-----w- c:\windows\system32\x64
2014-01-03 10:39 . 2009-09-23 18:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2014-01-03 10:39 . 2014-01-03 10:39 -------- d-----r- C:\MSOCache
2014-01-03 10:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-01-03 10:38 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-01-03 10:38 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-01-03 10:34 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-01-03 10:34 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-01-03 10:34 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-01-03 10:34 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-01-03 10:34 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-01-03 10:34 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-01-03 10:34 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-01-03 10:34 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-01-03 10:34 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-01-03 10:24 . 2014-01-03 10:33 -------- d-----w- c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2013-12-20 21:02 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{927BD2E1-2287-49D2-AE71-95F492CE662E}]
2013-12-05 09:32 1650696 ----a-w- c:\program files\CE\extensions\ie\x86\ceie-0.7.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-03 11:50 222832 ----a-w- c:\users\Erich\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-03 11:50 222832 ----a-w- c:\users\Erich\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-03 11:50 222832 ----a-w- c:\users\Erich\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Erich\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Erich\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Erich\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Erich\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-01-03 257136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Covenant Eyes"="c:\program files\CE\CovenantEyes.exe" [2013-12-05 7065104]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-09 684600]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
.
c:\users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Erich\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-09 37352]
S1 cewd32;cewd32 service;c:\windows\system32\Drivers\cewd32.sys [2013-10-04 26624]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-12-09 440376]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2013-12-09 1011768]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-12-20 166352]
S2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2013-12-05 3204104]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-12-09 69240]
S2 CovenantEyesCommService;Covenant Eyes Communication Service;c:\program files\CE\CovenantEyesCommService.exe [2013-12-05 4510240]
S2 CovenantEyesProxy;CovenantEyesProxy;c:\program files\CE\CovenantEyesProxy.exe [2013-10-04 3654168]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 06583437
*Deregistered* - 06583437
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
LSP: c:\windows\system32\CovenantEyesProxy.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-cewd32.sys
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-04 14:19:39
ComboFix-quarantined-files.txt 2014-01-04 13:19
.
Vor Suchlauf: 6 Verzeichnis(se), 94.861.004.800 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 94.865.956.864 Bytes frei
.
- - End Of File - - 38F7CEF0397675442FA6485068FABEFA
A36C5E4F47E84449FF07ED3517B43A31
|
|
04.01.2014, 14:31
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte Combofix-Skript
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.01.2014, 14:52
| #9 |
| | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte Ich war vorhin kurz im anderen System. Habe da einen Bluescreen erhalten: Memory Error. Ich weiß nicht ob das von Belang ist. Habe eben deinen Auftrag im frischen System auf der SSD ausgeführt. Leider wurde ComboFix bei Stufe 49 mit einem Bluescreen beendet und der PC sofort neugestartet. Ich konnte nicht sehen was der Fehler war. Es wurde keine Logdatei erstellt. Soll ich es noch einmal starten? Statdessen habe ich nun eine Combofix Datei auf C:\ die als "Arbeitsplatz" angezeigt wird und auch direkt dorthin führt bzw. beim Rechtsklick auch die Verwaltungseigenschaften des "Arbeitsplatz" aufweist. Heißt aber nicht "Computer" sondern "ComboFix" Ich hänge mal die Minidumps von Windows an. Geändert von uagla (04.01.2014 um 15:02 Uhr) |
|
04.01.2014, 15:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.01.2014, 15:24
| #11 |
| | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte Diesmal hat es geklappt: Code:
ATTFilter ComboFix 14-01-04.03 - Erich 04.01.2014 15:14:37.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3318.2203 [GMT 1:00]
ausgeführt von:: f:\desktop\ComboFix.exe
Benutzte Befehlsschalter :: f:\desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\temp\catchme.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-04 bis 2014-01-04 ))))))))))))))))))))))))))))))
.
.
2014-01-04 14:21 . 2014-01-04 14:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-04 14:21 . 2014-01-04 14:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-01-04 14:04 . 2014-01-04 14:05 -------- d-----w- c:\program files\WhoCrashed
2014-01-04 14:04 . 2014-01-04 14:04 -------- d-----w- c:\program files\NirSoft
2014-01-04 13:59 . 2014-01-04 13:59 -------- d-----w- c:\program files\7-Zip
2014-01-04 11:48 . 2014-01-04 11:48 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-01-04 09:53 . 2014-01-04 09:53 -------- d-----w- c:\programdata\Malwarebytes
2014-01-04 09:53 . 2014-01-04 10:14 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-04 09:53 . 2014-01-04 10:06 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-04 09:51 . 2014-01-04 09:51 -------- d-----w- C:\FRST
2014-01-04 09:50 . 2014-01-04 10:20 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-04 09:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2014-01-03 13:19 . 2014-01-03 13:19 -------- d-----w- c:\programdata\Samsung
2014-01-03 13:18 . 2013-02-05 02:28 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\spe__pc.dll
2014-01-03 13:18 . 2014-01-03 13:18 -------- d-----w- c:\program files\Samsung
2014-01-03 13:18 . 2013-06-01 05:13 1571160 ------w- c:\windows\TotalUninstaller.exe
2014-01-03 13:18 . 2013-05-10 09:48 162136 ----a-w- c:\windows\system32\spe__ci.exe
2014-01-03 13:18 . 2011-04-11 05:26 24064 ----a-w- c:\windows\system32\spe__l.dll
2014-01-03 13:18 . 2010-10-20 08:49 65536 ----a-w- c:\windows\system32\spe__ci.dll
2014-01-03 13:16 . 2014-01-03 13:16 -------- d-----w- c:\programdata\Swiss Academic Software
2014-01-03 13:15 . 2014-01-03 13:15 -------- d-----w- c:\program files\Citavi 4
2014-01-03 13:11 . 2014-01-03 13:11 -------- d-----w- c:\programdata\Canon IJ Network Tool
2014-01-03 13:11 . 2009-09-17 08:12 303104 ----a-w- c:\windows\system32\CNC640L.dll
2014-01-03 13:11 . 2009-04-03 15:00 1310720 ----a-w- c:\windows\system32\CNC640C.dll
2014-01-03 13:11 . 2009-04-03 14:59 110592 ----a-w- c:\windows\system32\CNC640I.dll
2014-01-03 13:11 . 2009-04-03 14:57 106496 ----a-w- c:\windows\system32\CNC640U.dll
2014-01-03 13:11 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2014-01-03 13:10 . 2014-01-03 13:10 -------- d-----w- c:\windows\system32\STRING
2014-01-03 13:10 . 2012-06-14 16:18 35840 ----a-w- c:\windows\system32\CNMNPUI.DLL
2014-01-03 13:10 . 2012-06-14 16:18 366592 ----a-w- c:\windows\system32\CNMNPPM.DLL
2014-01-03 12:15 . 2014-01-03 12:15 -------- d-----w- c:\windows\system32\Lang
2014-01-03 12:15 . 2014-01-03 12:15 -------- d-----w- c:\program files\Intel
2014-01-03 12:15 . 2009-09-23 10:50 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2014-01-03 12:15 . 2009-09-23 10:49 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2014-01-03 12:14 . 2014-01-03 12:14 -------- d-----w- c:\programdata\CovenantEyes
2014-01-03 11:51 . 2014-01-03 11:51 -------- d-----w- C:\SkyDriveTemp
2014-01-03 11:50 . 2014-01-03 11:50 -------- d-----w- c:\program files\Microsoft SkyDrive
2014-01-03 11:50 . 2014-01-03 11:50 -------- d-----w- c:\programdata\Microsoft SkyDrive
2014-01-03 11:47 . 2014-01-03 11:47 -------- d--h--w- c:\programdata\CanonBJ
2014-01-03 11:47 . 2010-04-24 04:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA2.DLL
2014-01-03 11:47 . 2010-04-24 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA2.DLL
2014-01-03 11:47 . 2014-01-03 11:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2014-01-03 11:47 . 2010-04-24 04:00 272384 ----a-w- c:\windows\system32\CNMLMA2.DLL
2014-01-03 11:47 . 2009-03-18 08:09 178176 ----a-w- c:\windows\system32\CNMIUA2.DLL
2014-01-03 11:46 . 2014-01-03 13:11 -------- d-----w- c:\program files\Canon
2014-01-03 11:33 . 2014-01-03 11:33 -------- d-----w- c:\programdata\AskPartnerNetwork
2014-01-03 11:33 . 2014-01-03 11:33 -------- d-----w- c:\program files\AskPartnerNetwork
2014-01-03 11:33 . 2014-01-03 11:33 -------- d-----w- c:\programdata\APN
2014-01-03 11:31 . 2013-12-09 10:37 69240 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-01-03 11:31 . 2013-12-09 10:37 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-01-03 11:31 . 2013-12-09 10:37 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-01-03 11:31 . 2013-12-09 10:37 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-01-03 11:31 . 2014-01-03 11:31 -------- d-----w- c:\programdata\Avira
2014-01-03 11:31 . 2014-01-03 11:31 -------- d-----w- c:\program files\Avira
2014-01-03 11:19 . 2014-01-03 11:19 -------- d-----w- c:\programdata\ALM
2014-01-03 11:19 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2014-01-03 11:16 . 2014-01-03 11:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2014-01-03 11:13 . 2014-01-03 11:13 -------- d-----w- c:\windows\system32\Macromed
2014-01-03 11:13 . 2014-01-03 11:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2014-01-03 11:08 . 2014-01-03 14:11 -------- d-----w- c:\program files\Common Files\Adobe
2014-01-03 11:05 . 2014-01-03 11:05 -------- d-----w- c:\program files\capella-software
2014-01-03 10:51 . 2014-01-03 10:51 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-01-03 10:46 . 2013-12-16 00:54 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF684748-C367-4271-B7E3-F3E02099ABE7}\mpengine.dll
2014-01-03 10:46 . 2013-11-26 11:25 230048 ------w- c:\windows\system32\MpSigStub.exe
2014-01-03 10:46 . 2014-01-03 10:46 -------- d-----w- c:\program files\Microsoft Works
2014-01-03 10:46 . 2014-01-03 13:13 -------- d-----w- c:\program files\Microsoft.NET
2014-01-03 10:46 . 2014-01-03 10:46 -------- d-----w- c:\windows\PCHEALTH
2014-01-03 10:40 . 2013-10-04 12:19 26624 ----a-w- c:\windows\system32\drivers\cewd32.sys
2014-01-03 10:40 . 2013-10-04 12:19 322584 ----a-w- c:\windows\system32\CovenantEyesProxy.dll
2014-01-03 10:40 . 2014-01-04 11:52 -------- d-----w- c:\programdata\Microsoft Help
2014-01-03 10:40 . 2014-01-04 11:57 -------- d-sh--w- c:\windows\Installer
2014-01-03 10:40 . 2013-12-05 09:32 3204104 ----a-w- c:\windows\system32\authServer.exe
2014-01-03 10:40 . 2014-01-03 12:14 -------- d-----w- c:\program files\CE
2014-01-03 10:40 . 2014-01-03 10:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2014-01-03 10:39 . 2014-01-03 10:39 -------- d-----w- c:\windows\system32\x64
2014-01-03 10:39 . 2009-09-23 18:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2014-01-03 10:39 . 2014-01-03 10:39 -------- d-----r- C:\MSOCache
2014-01-03 10:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-01-03 10:38 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-01-03 10:38 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-01-03 10:34 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-01-03 10:34 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2014-01-03 10:34 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-01-03 10:34 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-01-03 10:34 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-01-03 10:34 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-01-03 10:34 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-01-03 10:34 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-01-03 10:34 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-01-03 10:24 . 2014-01-03 10:33 -------- d-----w- c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\cewd32.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 26624
Created time: 2014-01-03 10:40
Modified time: 2013-10-04 12:19
MD5: !HASH: COULD NOT OPEN FILE !!!!!
SHA1: !HASH: COULD NOT OPEN FILE !!!!!
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2013-12-20 21:02 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{927BD2E1-2287-49D2-AE71-95F492CE662E}]
2013-12-05 09:32 1650696 ----a-w- c:\program files\CE\extensions\ie\x86\ceie-0.7.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-03 11:50 222832 ----a-w- c:\users\Erich\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-03 11:50 222832 ----a-w- c:\users\Erich\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-03 11:50 222832 ----a-w- c:\users\Erich\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Erich\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Erich\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Erich\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Erich\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-01-03 257136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Covenant Eyes"="c:\program files\CE\CovenantEyes.exe" [2013-12-05 7065104]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-09 684600]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
.
c:\users\Erich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Erich\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-09 37352]
S1 cewd32;cewd32 service;c:\windows\system32\Drivers\cewd32.sys [2013-10-04 26624]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-12-09 440376]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2013-12-09 1011768]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-12-20 166352]
S2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [2013-12-05 3204104]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-12-09 69240]
S2 CovenantEyesCommService;Covenant Eyes Communication Service;c:\program files\CE\CovenantEyesCommService.exe [2013-12-05 4510240]
S2 CovenantEyesProxy;CovenantEyesProxy;c:\program files\CE\CovenantEyesProxy.exe [2013-10-04 3654168]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
LSP: c:\windows\system32\CovenantEyesProxy.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\dbkbwl9k.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-04 15:23:28
ComboFix-quarantined-files.txt 2014-01-04 14:23
ComboFix2.txt 2014-01-04 13:19
.
Vor Suchlauf: 11 Verzeichnis(se), 94.726.447.104 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 94.704.709.632 Bytes frei
.
- - End Of File - - 9D45DF74B2C39F0715BDF334AD0770AE
A36C5E4F47E84449FF07ED3517B43A31
|
|
05.01.2014, 01:16
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte Ich glaube du hast ein handfestes Problem. Aus welchen Quellen stammt die Software, die du unter dieser Windows-Installation installiert hast?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2014, 11:50
| #13 |
| | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte Alles originale Quellen: Windows von dem Microsoft Dreamspark Programm Von Office habe ich die Original CD Von Adobe CS4 auch Citavi, Dropbox, Skydrive und Skype sind von der Original Hersteller Seite. Avira auch. Würde es helfen die Partition mit der alten Windows 7 Installation zu formatieren? Ich habe den Virus nämlich schon länger, aber erst in den letzen Tagen kam die Fehlermeldung, dass der Virus in der anderen Partition ist. Hatte seit dem letzten Combofix-Scan wieder einen Bluescreen. Hänge ihn mal an Seit neuestem stürzt Firefox dauernd ab. Und im Explorer funktioneren einige Verknüpfungen nicht mehr. |
|
05.01.2014, 19:57
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen FestplatteZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2014, 21:15
| #15 |
| | BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte Aber ist dadurch das Windows 7 System auf der SSD Festplatte clean? Die würde ich nicht unbedingt noch einmal installieren wollen. Wie gesagt, ich habe momentan zwei Windows 7 Systeme. Eines was ich bisher genutzt habe auf der HDD Platte (dies würde ich neu installieren) und eines was ich jetzt auf der neuen SSD Platte installiert habe und auf dem alle bisherigen Untersuchungen gelaufen sind. KAnnst du was zum Bluescreen sagen? Ich habe nämlich gleichzeitig mit der neuen Festplatte neuen Arbeitsspeicher eingebaut. Könnte das damit zusammenhängen, weil es ja ein Memory-Cache Error war, oder ist es wahrscheinlich, dass das mit dem Trojaner zusammenhängt? |
|
| Themen zu BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte |
| adblock, adobe, antivir, antivirus, avira, browser, canon, defender, desktop, excel, explorer, fehlermeldung, festplatte, firefox, flash player, installation, mozilla, neustart, photoshop, registry, security, services.exe, software, svchost.exe, system, tv wizard, windows, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
