| |
| |||||||
Log-Analyse und Auswertung: Trojan.Agent in syshost.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.11.2014, 21:46
| #1 |
 |  Trojan.Agent in syshost.exe Hallo! Ich habe blöderweise auf eine nette Phishingmail (noch vorhanden, falls gewünscht) geklickt und mir einen Trojan.Agent eingefangen. Avira Echtzeitscanner und Updates waren seither deaktiviert. Eine nicht beendbare syshost.exe war im Taskmanager zu sehen. - Möglicherweise ist/war noch etwas anderes Schädliches unterwegs, denn Windows meckerte schon seit 2 oder 3 Tagen, daß die Firewall deaktiviert sei. Hatte dann jeweils die Windows Firewall aktiviert, damit war die Sache vorerst erledigt. - Habe Avira, Hijackthis, Adware und Malwarebytes drüberlaufen lassen. Avira hat nur ca. 260 Warnungen harausgegeben, daß bestimmte Dateien nicht zu öffnen sind, aber nichts gefunden. (Die Warnungen waren beim nächsten Lauf verschwunden.) Hijackthis zeigte auch die syshost.exe an (fixen war nicht möglich). Adware hat nichts gefunden, Mbam hat den Trojan.Agent gefunden, ist jetzt in Quarantäne. Mbam-Log und Hijackthis-Log konnte ich speichern. (Welche soll ich posten?) Avira habe ich deinstalliert und versucht neu zu installieren, funktioniert natürlich auch nicht. Bricht ohne Meldung ab. Erbitte Hilfe, ich habe vermutlich nicht alles erwischt. Vielen Dank. |
|
29.11.2014, 21:48
| #2 |
| /// the machine /// TB-Ausbilder    | Trojan.Agent in syshost.exe hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
29.11.2014, 23:16
| #3 |
| | Trojan.Agent in syshost.exe Danke für die ultraschnelle Antwort.
__________________Ich habe persönliche Namen aus den Logfiles ausgesternt. Was mir noch einfiel, ich hatte vorher spybot auch noch drüberlaufen lassen, ohne Fund. Was mir merkwürdig erscheint, daß avira als installiertes Programm gelistet wird, aber ich hab es heute deinstalliert?! EDIT: War zu voreilig und habe Programm vom Stick gestartet. Das nächste Mal mach ichs dann richtig vom Desktop. Entschuldigung. FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Arbeit (administrator) on INTRNET on 29-11-2014 22:19:04
Running from J:\
Loaded Profile: Arbeit (Available profiles: ve & internet & Internet ***** & Arbeit)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(Hewlett-Packard Company) D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) D:\Programme\Malwarebam\mbamscheduler.exe
(Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe
(Malwarebytes Corporation) D:\Programme\Malwarebam\mbam.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Winlogon\Notify\AtiExtEvent: D:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-789336058-879983540-839522115-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-789336058-879983540-839522115-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
URLSearchHook: HKU\S-1-5-21-789336058-879983540-839522115-1006 - Microsoft Url Sucheingriff - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Programme\Spy\SDHelper.dll (Safer Networking Limited)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FireFox:
========
FF ProfilePath: D:\Dokumente und Einstellungen\Arbeit\Anwendungsdaten\Mozilla\Firefox\Profiles\2t452zou.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\Programme\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> D:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
Locked "41d78ef79c384a09" service could not be unlocked. <===== ATTENTION
R2 LightScribeService; D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [73728 2005-12-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; D:\Programme\Malwarebam\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebam\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 ose; D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 ACDaemon; D:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 MozillaMaintenance; D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [X]
S4 Norton Internet Security; "D:\Programme\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "D:\Programme\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; D:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Ambfilt; D:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 AmdPPM; D:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 BlueletAudio; D:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; D:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
S3 BT; D:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; D:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; D:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; D:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 BTNetFilter; D:\Programme\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.)
S3 MBAMProtector; D:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R0 MBAMSwissArmy; D:\WINDOWS\System32\drivers\49F22E28.sys [114904 2014-11-29] (Malwarebytes Corporation)
S3 Monfilt; D:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 RTHDMIAzAudService; D:\WINDOWS\System32\drivers\RtKHDMI.sys [3733760 2009-05-21] (Realtek Semiconductor Corp.)
R3 VComm; D:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; D:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
U5 41d78ef79c384a09; D:\Windows\System32\Drivers\41d78ef79c384a09.sys [72960 2014-11-23] () <===== ATTENTION Necurs Rootkit?
S3 gdrv; \??\D:\WINDOWS\gdrv.sys [X]
S4 IntelIde; No ImagePath
S3 NAVENG; \??\D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
U5 ScsiPort; D:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SRTSP; \??\D:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\D:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-29 22:18 - 2014-11-29 22:19 - 00000000 ____D () D:\FRST
2014-11-29 20:29 - 2014-11-29 20:29 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\06AF4E76.sys
2014-11-29 19:51 - 2014-11-29 19:51 - 00001014 _____ () D:\WINDOWS\UpdateRollupPack.log
2014-11-29 19:50 - 2014-11-29 19:50 - 00000000 ____D () D:\WINDOWS\system32\CatRoot_bak
2014-11-29 18:31 - 2014-11-29 18:31 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\29F57440.sys
2014-11-29 14:14 - 2014-11-29 14:14 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\20342FBD.sys
2014-11-29 14:12 - 2014-11-29 14:12 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\49F22E28.sys
2014-11-29 14:12 - 2014-11-29 14:12 - 00000000 ____D () D:\Programme\Malwarebam
2014-11-29 14:12 - 2014-11-29 14:12 - 00000000 ____D () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mbam
2014-11-29 14:12 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-29 14:12 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys
2014-11-29 11:41 - 2014-11-29 11:41 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\113D3A7C.sys
2014-11-29 11:39 - 2014-11-29 11:39 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\2CAF392C.sys
2014-11-29 10:58 - 2014-11-29 10:58 - 00001693 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam2711.txt
2014-11-29 10:52 - 2014-11-29 11:04 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\241A155A.sys
2014-11-29 10:49 - 2014-11-29 18:29 - 00000000 ____D () D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
2014-11-27 20:19 - 2014-11-27 20:19 - 00110296 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\48230029.sys
2014-11-26 19:54 - 2014-11-26 19:54 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files
2014-11-26 19:54 - 2011-07-10 08:19 - 00000590 _____ () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2014-11-26 19:34 - 2014-11-26 19:35 - 00000000 ____D () D:\AdwCleaner
2014-11-26 19:15 - 2014-11-26 19:15 - 00002104 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\hijackthis.log
2014-11-24 18:09 - 2014-11-24 18:11 - 00001228 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\Arbeit.lnk
2014-11-23 17:16 - 2014-11-23 17:16 - 00040888 _____ () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2014-11-23 13:43 - 2014-11-23 13:43 - 00072960 _____ () D:\WINDOWS\system32\Drivers\41d78ef79c384a09.sys
2014-11-14 18:00 - 2014-11-14 18:00 - 00000393 _____ () D:\Dokumente und Einstellungen\Internet *****\Desktop\Verknüpfung mit Bewerbung.lnk
2014-11-13 21:06 - 2014-11-26 19:28 - 00000000 ____D () D:\Bewerbung
2014-11-13 20:53 - 2014-11-13 20:53 - 00000000 ____D () D:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Anwendungsdaten\PDF24
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-29 22:19 - 2014-09-23 20:55 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Temp
2014-11-29 20:27 - 2009-12-29 21:06 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-11-29 20:27 - 2009-12-29 19:40 - 00000157 _____ () D:\WINDOWS\wiadebug.log
2014-11-29 20:27 - 2009-12-29 19:40 - 00000050 _____ () D:\WINDOWS\wiaservc.log
2014-11-29 20:26 - 2014-09-23 20:55 - 00000190 ___SH () D:\Dokumente und Einstellungen\Arbeit\ntuser.ini
2014-11-29 20:26 - 2009-12-29 21:06 - 00032622 _____ () D:\WINDOWS\SchedLgU.Txt
2014-11-29 20:26 - 2009-12-29 21:01 - 00328370 _____ () D:\WINDOWS\WindowsUpdate.log
2014-11-29 20:26 - 2009-12-29 20:32 - 00000000 ____D () D:\WINDOWS\security
2014-11-29 20:25 - 2009-12-29 19:37 - 00652795 _____ () D:\WINDOWS\setupapi.log
2014-11-29 19:51 - 2012-01-29 17:25 - 00509760 _____ () D:\WINDOWS\svcpack.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00399028 _____ () D:\WINDOWS\iis6.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00173443 _____ () D:\WINDOWS\ocgen.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00171810 _____ () D:\WINDOWS\FaxSetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00106383 _____ () D:\WINDOWS\tsoc.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00071997 _____ () D:\WINDOWS\comsetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00051834 _____ () D:\WINDOWS\ntdtcsetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00018238 _____ () D:\WINDOWS\MedCtrOC.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00012342 _____ () D:\WINDOWS\ocmsn.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00010726 _____ () D:\WINDOWS\msgsocm.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00007006 _____ () D:\WINDOWS\tabletoc.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00003788 _____ () D:\WINDOWS\imsins.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00110046 _____ () D:\WINDOWS\msmqinst.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00031938 _____ () D:\WINDOWS\netfxocm.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00003788 _____ () D:\WINDOWS\imsins.BAK
2014-11-29 18:32 - 2012-03-29 17:10 - 00000000 ____D () D:\ebayneu
2014-11-29 18:28 - 2009-12-29 19:38 - 00000000 ___RD () D:\Programme
2014-11-29 14:06 - 2009-12-29 19:38 - 00000000 ___RD () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-11-29 10:31 - 2004-08-05 13:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2014-11-27 22:07 - 2014-02-24 09:54 - 00000000 ____D () D:\Arbeit
2014-11-27 21:34 - 2009-12-29 21:00 - 00000000 ____D () D:\WINDOWS\system32\Restore
2014-11-26 00:01 - 2011-07-04 20:59 - 00000000 ____D () D:\*****
2014-11-26 00:00 - 2014-06-12 20:11 - 00000000 ____D () D:\Vodafone
2014-11-25 18:31 - 2010-01-10 16:37 - 00000116 _____ () D:\WINDOWS\NeroDigital.ini
2014-11-23 23:11 - 2014-09-23 20:55 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit
2014-11-21 14:44 - 2010-03-05 16:24 - 00000190 ___SH () D:\Dokumente und Einstellungen\Internet *****\ntuser.ini
2014-11-21 14:44 - 2010-03-05 16:24 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****
2014-11-21 14:43 - 2010-03-05 16:24 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Lokale Einstellungen\Temp
2014-11-20 11:46 - 2014-05-31 19:42 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Anwendungsdaten\vlc
2014-11-17 13:52 - 2010-01-09 18:12 - 00000000 ___HD () D:\BJPrinter
2014-11-17 12:59 - 2010-01-08 23:50 - 00000190 ___SH () D:\Dokumente und Einstellungen\internet\ntuser.ini
2014-11-17 12:59 - 2010-01-08 23:50 - 00000000 ____D () D:\Dokumente und Einstellungen\internet
2014-11-17 11:21 - 2013-10-19 03:26 - 00000000 ____D () D:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Temp
2014-11-15 13:27 - 2009-12-29 22:57 - 00000000 ____D () D:\*******
2014-11-14 19:31 - 2012-09-13 21:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Desktop\******
2014-11-13 21:06 - 2013-09-01 12:53 - 00000000 ____D () D:\Bilder_Video
Some content of TEMP:
====================
D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01
Ran by Arbeit at 2014-11-29 22:19:30
Running from J:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.561-081201a1-074335C - )
Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Bluesoleil2.6.0.8 Release 070517 (HKLM\...\{438BB9B4-65FE-4626-91D9-A8F57B18001D}) (Version: 2.6.0.8 Release 070517 - IVT Corporation)
Bubble Odyssey 1.0 (HKLM\...\Bubble Odyssey_is1) (Version: - )
Die Siedler II - Die nächste Generation (HKLM\...\S2TNG) (Version: - )
Die Siedler III Gold Edition (HKLM\...\S3) (Version: - )
Frhed 1.7.1 (HKLM\...\Frhed) (Version: 1.7.1 - Raihan Kibria)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Hotfix für Windows XP (KB942288-v3) (HKLM\...\KB942288-v3) (Version: 3 - Microsoft Corporation)
Kaufland Foto (HKLM\...\Kaufland Foto) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
LightScribe 1.4.62.1 (Version: 1.4.62.1 - hxxp://www.lightscribe.com) Hidden
Löwenzahn 2 (HKLM\...\Loewe2) (Version: - )
Löwenzahn 4 (HKLM\...\Loewe4) (Version: - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
mb Software ArCon (HKLM\...\ArCon) (Version: - )
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: - )
MGI PhotoSuite 4 (nur entfernen) (HKLM\...\MGI_PRISM_V4_0) (Version: - MGI Software Corp.)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 de) (HKLM\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF24 Creator 6.4.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
QuickTime 3.0 (HKLM\...\QuickTime 3.0) (Version: - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5864 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
Secret Of Six Seas (HKLM\...\Secret Of Six Seas) (Version: - )
SilverFast Epson-SE 6.6.2r4 (HKLM\...\SilverFast Epson-SE) (Version: - LaserSoft Imaging AG)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Sweet Home 3D version 3.7 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VDE VERLAG VDE-Vorschriftenwerk 9.0 (HKLM\...\VDE VERLAG VDE_VORSCHRIFTENWERK 9_0) (Version: 9.0 - VDE VERLAG)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-11-2014 20:34:19 Systemprüfpunkt
29-11-2014 13:34:05 Systemprüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-05 13:00 - 2010-01-06 22:50 - 00372299 ____A D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: CTFMON.EXE => D:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: NeroFilterCheck => D:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: PDFPrint => D:\Programme\PDF24\pdf24.exe
MSCONFIG\startupreg: SHIWebOnDiskManager => "D:\Programme\SHIWebOnDiskManager\SHIWebOnDiskManager.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-789336058-879983540-839522115-500 - Administrator - Enabled)
Arbeit (S-1-5-21-789336058-879983540-839522115-1006 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Arbeit
Gast (S-1-5-21-789336058-879983540-839522115-501 - Limited - Enabled)
Hilfeassistent (S-1-5-21-789336058-879983540-839522115-1000 - Limited - Disabled)
internet (S-1-5-21-789336058-879983540-839522115-1004 - Limited - Enabled) => %SystemDrive%\Dokumente und Einstellungen\internet
Internet ***** (S-1-5-21-789336058-879983540-839522115-1005 - Limited - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Internet *****
SUPPORT_388945a0 (S-1-5-21-789336058-879983540-839522115-1002 - Limited - Disabled)
ve (S-1-5-21-789336058-879983540-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\ve
==================== Faulty Device Manager Devices =============
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth PAN Network Adapter
Description: Bluetooth PAN Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: IVT Corporation
Service: BT
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/19/2014 09:27:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
Error: (07/19/2014 09:27:27 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 80070005 von Zeile 44 von f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Wenden Sie sich an den Microsoft-Produktsupport.
Error: (06/28/2014 00:09:16 PM) (Source: Avira Antivirus) (EventID: 4118) (User: )
Description: D:\WINDOWS\system32\drwtsn32.exeACCESS_VIOLATION0x1e7f9ebAVEPROC_TestFile()
System errors:
=============
Error: (11/29/2014 08:29:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
Error: (11/29/2014 08:29:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (11/29/2014 08:27:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
SRTSPX
Error: (11/29/2014 08:27:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
Error: (11/29/2014 08:27:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (11/29/2014 07:40:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
SRTSPX
Error: (11/29/2014 07:40:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
Error: (11/29/2014 07:40:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (11/29/2014 06:36:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/29/2014 06:36:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
Microsoft Office Sessions:
=========================
Error: (07/19/2014 09:27:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80040206
Error: (07/19/2014 09:27:27 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070005
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 240 Processor
Percentage of memory in use: 19%
Total physical RAM: 1918.42 MB
Available physical RAM: 1552.79 MB
Total Pagefile: 3684.53 MB
Available Pagefile: 3472.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.97 MB
==================== Drives ================================
Drive c: (Mama) (Fixed) (Total:4.88 GB) (Free:1.73 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Daten) (Fixed) (Total:228 GB) (Free:130.67 GB) NTFS
Drive j: () (Removable) (Total:1.91 GB) (Free:1.89 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: BF1FCE0E)
Partition 1: (Active) - (Size=4.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=228 GB) - (Type=OF Extended)
========================================================
Disk: 5 (Size: 1.9 GB) (Disk ID: DC210922)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)
==================== End Of Log ============================
Geändert von tymara (30.11.2014 um 00:12 Uhr) |
|
30.11.2014, 09:01
| #4 |
| /// the machine /// TB-Ausbilder | Trojan.Agent in syshost.exe hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.11.2014, 11:22
| #5 |
| | Trojan.Agent in syshost.exe Hallo, hier das Log. Lssrvc.exe hab ich von Nero und kann weg. Daß er bei Teatimer anschlägt, könnte normal sein, oder? Danke. Code:
ATTFilter 10:58:52.0421 0x012c TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
10:58:54.0359 0x012c ============================================================
10:58:54.0359 0x012c Current date / time: 2014/11/30 10:58:54.0359
10:58:54.0359 0x012c SystemInfo:
10:58:54.0375 0x012c
10:58:54.0375 0x012c OS Version: 5.1.2600 ServicePack: 3.0
10:58:54.0375 0x012c Product type: Workstation
10:58:54.0375 0x012c ComputerName: INTRNET
10:58:54.0375 0x012c UserName: Arbeit
10:58:54.0375 0x012c Windows directory: D:\WINDOWS
10:58:54.0375 0x012c System windows directory: D:\WINDOWS
10:58:54.0375 0x012c Processor architecture: Intel x86
10:58:54.0375 0x012c Number of processors: 2
10:58:54.0375 0x012c Page size: 0x1000
10:58:54.0375 0x012c Boot type: Normal boot
10:58:54.0375 0x012c ============================================================
10:58:54.0375 0x012c BG loaded
10:58:54.0578 0x012c System UUID: {78DF7FD0-1D0E-3939-D90F-C6BA596866FA}
10:58:55.0078 0x012c Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
10:58:55.0078 0x012c Drive \Device\Harddisk1\DR3 - Size: 0x7A800000 ( 1.91 Gb ), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:58:55.0093 0x012c ============================================================
10:58:55.0093 0x012c \Device\Harddisk0\DR0:
10:58:55.0093 0x012c MBR partitions:
10:58:55.0093 0x012c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C25FE
10:58:55.0093 0x012c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C267C, BlocksNum 0x1C7FE044
10:58:55.0093 0x012c \Device\Harddisk1\DR3:
10:58:55.0093 0x012c MBR partitions:
10:58:55.0093 0x012c \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x5F0, BlocksNum 0x3D3A10
10:58:55.0093 0x012c ============================================================
10:58:55.0109 0x012c C: <-> \Device\Harddisk0\DR0\Partition1
10:58:55.0140 0x012c D: <-> \Device\Harddisk0\DR0\Partition2
10:58:55.0140 0x012c ============================================================
10:58:55.0140 0x012c Initialize success
10:58:55.0140 0x012c ============================================================
10:59:10.0953 0x047c ============================================================
10:59:10.0953 0x047c Scan started
10:59:10.0953 0x047c Mode: Manual; SigCheck; TDLFS;
10:59:10.0953 0x047c ============================================================
10:59:10.0953 0x047c KSN ping started
10:59:11.0046 0x047c KSN ping finished: false
10:59:11.0406 0x047c ================ Scan system memory ========================
10:59:11.0406 0x047c System memory - ok
10:59:11.0406 0x047c ================ Scan services =============================
10:59:11.0406 0x047c Suspicious service (NoAccess): 41d78ef79c384a09
10:59:11.0468 0x047c [ B2234CF29BF7D128FA69510E0F2D11E2, 11C378B58C37C42365897250DE874E51E612137AC83B181E206571FD173AF4DA ] 41d78ef79c384a09 D:\WINDOWS\System32\Drivers\41d78ef79c384a09.sys
10:59:11.0468 0x047c Suspicious file ( NoAccess ): D:\WINDOWS\System32\Drivers\41d78ef79c384a09.sys. md5: B2234CF29BF7D128FA69510E0F2D11E2, sha256: 11C378B58C37C42365897250DE874E51E612137AC83B181E206571FD173AF4DA
10:59:12.0250 0x047c 41d78ef79c384a09 - detected Rootkit.Win32.Necurs.gen ( 0 )
10:59:12.0531 0x047c 41d78ef79c384a09 ( Rootkit.Win32.Necurs.gen ) - infected
10:59:12.0531 0x047c Force sending object to P2P due to detect: 41d78ef79c384a09
10:59:12.0546 0x047c Object send P2P result: false
10:59:12.0546 0x047c Abiosdsk - ok
10:59:12.0578 0x047c abp480n5 - ok
10:59:12.0656 0x047c ACDaemon - ok
10:59:12.0718 0x047c [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI D:\WINDOWS\system32\DRIVERS\ACPI.sys
10:59:13.0671 0x047c ACPI - ok
10:59:13.0703 0x047c [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC D:\WINDOWS\system32\drivers\ACPIEC.sys
10:59:13.0796 0x047c ACPIEC - ok
10:59:13.0796 0x047c adpu160m - ok
10:59:13.0828 0x047c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec D:\WINDOWS\system32\drivers\aec.sys
10:59:13.0906 0x047c aec - ok
10:59:13.0921 0x047c [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc D:\WINDOWS\system32\drivers\Afc.sys
10:59:14.0000 0x047c Afc - ok
10:59:14.0062 0x047c [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD D:\WINDOWS\System32\drivers\afd.sys
10:59:14.0125 0x047c AFD - ok
10:59:14.0140 0x047c Aha154x - ok
10:59:14.0140 0x047c aic78u2 - ok
10:59:14.0140 0x047c aic78xx - ok
10:59:14.0187 0x047c [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter D:\WINDOWS\system32\alrsvc.dll
10:59:14.0265 0x047c Alerter - ok
10:59:14.0281 0x047c [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG D:\WINDOWS\System32\alg.exe
10:59:14.0375 0x047c ALG - ok
10:59:14.0375 0x047c AliIde - ok
10:59:14.0468 0x047c [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt D:\WINDOWS\system32\drivers\Ambfilt.sys
10:59:14.0625 0x047c Ambfilt - ok
10:59:14.0656 0x047c [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] AmdPPM D:\WINDOWS\system32\DRIVERS\AmdPPM.sys
10:59:14.0687 0x047c AmdPPM - ok
10:59:14.0687 0x047c amsint - ok
10:59:14.0734 0x047c [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt D:\WINDOWS\System32\appmgmts.dll
10:59:14.0828 0x047c AppMgmt - ok
10:59:14.0828 0x047c asc - ok
10:59:14.0828 0x047c asc3350p - ok
10:59:14.0843 0x047c asc3550 - ok
10:59:14.0890 0x047c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac D:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:59:14.0968 0x047c AsyncMac - ok
10:59:14.0984 0x047c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi D:\WINDOWS\system32\DRIVERS\atapi.sys
10:59:15.0062 0x047c atapi - ok
10:59:15.0078 0x047c Atdisk - ok
10:59:15.0140 0x047c [ ECA673779ECD27D674953D692FE070F6, 6FBCAF6C347E06032C63B72261785109D0929BE1B23CA5465995803951954616 ] Ati HotKey Poller D:\WINDOWS\system32\Ati2evxx.exe
10:59:15.0203 0x047c Ati HotKey Poller - ok
10:59:15.0312 0x047c [ 15B2FE76E2ECEB98C49ED52311A6F26F, E917AEBD221BF2DB217C111F256033FDA2B28FE55C7E87DAD4A16B84E3FD9398 ] ati2mtag D:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:59:15.0468 0x047c ati2mtag - ok
10:59:15.0531 0x047c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc D:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:59:15.0625 0x047c Atmarpc - ok
10:59:15.0656 0x047c [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv D:\WINDOWS\System32\audiosrv.dll
10:59:15.0734 0x047c AudioSrv - ok
10:59:15.0765 0x047c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub D:\WINDOWS\system32\DRIVERS\audstub.sys
10:59:15.0843 0x047c audstub - ok
10:59:15.0890 0x047c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep D:\WINDOWS\system32\drivers\Beep.sys
10:59:15.0968 0x047c Beep - ok
10:59:16.0031 0x047c [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS D:\WINDOWS\system32\qmgr.dll
10:59:16.0140 0x047c BITS - ok
10:59:16.0171 0x047c [ 852A1BD08E7DFEB9E30B5440881C0501, 92D3F82A29D4466706DA0A30921B4AE5D67F08C2C4EF362EDB1A2D254A5AF068 ] BlueletAudio D:\WINDOWS\system32\DRIVERS\blueletaudio.sys
10:59:16.0187 0x047c BlueletAudio - ok
10:59:16.0203 0x047c [ 8FC27B12A02B43947787F0EF1885DF9B, 1C0A44406FCD78BB6410140512B2165F974CD1837400A818529E4054A358E7BF ] BlueletSCOAudio D:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
10:59:16.0203 0x047c BlueletSCOAudio - ok
10:59:16.0234 0x047c [ B42057F06BBB98B31876C0B3F2B54E33, 779AF28378E8D37E784BEDBEE23DCFFC6C9C9068180F2A9058C91047E33ED078 ] Browser D:\WINDOWS\System32\browser.dll
10:59:16.0312 0x047c Browser - ok
10:59:16.0328 0x047c [ C5CCE2B26F73F8CF7F3C82159E79AA08, 09FDCB702ADB4A58F061D314BD7FD4A2BD487EA877F89A5F31B86BE0BBC24360 ] BT D:\WINDOWS\system32\DRIVERS\btnetdrv.sys
10:59:16.0328 0x047c BT - ok
10:59:16.0343 0x047c [ DA473D279420234170DA795F1CAD4479, A6958C700496695D9B24D570FDCCB47C114217426AACB3FABBBA1941C722008D ] Btcsrusb D:\WINDOWS\system32\Drivers\btcusb.sys
10:59:16.0343 0x047c Btcsrusb - ok
10:59:16.0375 0x047c [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum D:\WINDOWS\system32\DRIVERS\BthEnum.sys
10:59:16.0468 0x047c BthEnum - ok
10:59:16.0484 0x047c [ CE643D0918123D76A5CAAB008FCA9663, 045FA050D273C56AF13DC24A3E4AB14B236AC2CB4DD48D5B3180696096D3A931 ] BTHidEnum D:\WINDOWS\system32\Drivers\vbtenum.sys
10:59:16.0484 0x047c BTHidEnum - ok
10:59:16.0484 0x047c [ DFCA4FE4C8AEC786B4D0F432EB730F48, 3D9731A50127E86280B93466A3CAA90607027341E04EA3A8AE89B373DFC0A5B8 ] BTHidMgr D:\WINDOWS\system32\Drivers\BTHidMgr.sys
10:59:16.0500 0x047c BTHidMgr - ok
10:59:16.0500 0x047c [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM D:\WINDOWS\system32\DRIVERS\bthmodem.sys
10:59:16.0578 0x047c BTHMODEM - ok
10:59:16.0609 0x047c [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan D:\WINDOWS\system32\DRIVERS\bthpan.sys
10:59:16.0718 0x047c BthPan - ok
10:59:16.0750 0x047c [ 27D6108CFEBA7EF5AA976FC66EC77BBD, B0C3C61B3AF6358D9BE12DF56F741FE3CC5714950C74014EBED6804034D9D5DE ] BTHPORT D:\WINDOWS\system32\Drivers\BTHport.sys
10:59:16.0843 0x047c BTHPORT - ok
10:59:16.0875 0x047c [ 26C601EF7525E31379744ABFC6F35A1B, 842626D3A00DDA959A4AB730C0D551244DCDA15AC291FD70CC7324571A6088EC ] BthServ D:\WINDOWS\System32\bthserv.dll
10:59:16.0953 0x047c BthServ - ok
10:59:16.0984 0x047c [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB D:\WINDOWS\system32\Drivers\BTHUSB.sys
10:59:17.0046 0x047c BTHUSB - ok
10:59:17.0125 0x047c [ 4F26303BECBB7CC5CA8FF39593124CF2, 2953C2F0F81230B97ABD517F68367A3B787A2F02E780062386EFFF2F22E159BF ] BTNetFilter D:\Programme\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
10:59:17.0125 0x047c BTNetFilter - ok
10:59:17.0156 0x047c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k D:\WINDOWS\system32\drivers\cbidf2k.sys
10:59:17.0250 0x047c cbidf2k - ok
10:59:17.0265 0x047c cd20xrnt - ok
10:59:17.0265 0x047c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio D:\WINDOWS\system32\drivers\Cdaudio.sys
10:59:17.0359 0x047c Cdaudio - ok
10:59:17.0406 0x047c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs D:\WINDOWS\system32\drivers\Cdfs.sys
10:59:17.0468 0x047c Cdfs - ok
10:59:17.0484 0x047c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom D:\WINDOWS\system32\DRIVERS\cdrom.sys
10:59:17.0562 0x047c Cdrom - ok
10:59:17.0562 0x047c Changer - ok
10:59:17.0609 0x047c [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc D:\WINDOWS\system32\cisvc.exe
10:59:17.0687 0x047c CiSvc - ok
10:59:17.0687 0x047c [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv D:\WINDOWS\system32\clipsrv.exe
10:59:17.0781 0x047c ClipSrv - ok
10:59:17.0781 0x047c CmdIde - ok
10:59:17.0781 0x047c COMSysApp - ok
10:59:17.0796 0x047c Cpqarray - ok
10:59:17.0812 0x047c [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc D:\WINDOWS\System32\cryptsvc.dll
10:59:17.0890 0x047c CryptSvc - ok
10:59:17.0890 0x047c dac2w2k - ok
10:59:17.0890 0x047c dac960nt - ok
10:59:17.0937 0x047c [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] DcomLaunch D:\WINDOWS\system32\rpcss.dll
10:59:18.0031 0x047c DcomLaunch - ok
10:59:18.0093 0x047c [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp D:\WINDOWS\System32\dhcpcsvc.dll
10:59:18.0171 0x047c Dhcp - ok
10:59:18.0218 0x047c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk D:\WINDOWS\system32\DRIVERS\disk.sys
10:59:18.0296 0x047c Disk - ok
10:59:18.0296 0x047c dmadmin - ok
10:59:18.0359 0x047c [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot D:\WINDOWS\system32\drivers\dmboot.sys
10:59:18.0468 0x047c dmboot - ok
10:59:18.0484 0x047c [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio D:\WINDOWS\system32\drivers\dmio.sys
10:59:18.0562 0x047c dmio - ok
10:59:18.0578 0x047c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload D:\WINDOWS\system32\drivers\dmload.sys
10:59:18.0656 0x047c dmload - ok
10:59:18.0687 0x047c [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver D:\WINDOWS\System32\dmserver.dll
10:59:18.0765 0x047c dmserver - ok
10:59:18.0796 0x047c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic D:\WINDOWS\system32\drivers\DMusic.sys
10:59:18.0875 0x047c DMusic - ok
10:59:18.0921 0x047c [ 8C9ED3B2834AAE63081AB2DA831C6FE9, 87D2931A5CD3658A28072BEC3F28384B91CC3B19D072CE9C69F119B80671C163 ] Dnscache D:\WINDOWS\System32\dnsrslvr.dll
10:59:19.0000 0x047c Dnscache - ok
10:59:19.0046 0x047c [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc D:\WINDOWS\System32\dot3svc.dll
10:59:19.0140 0x047c Dot3svc - ok
10:59:19.0140 0x047c dpti2o - ok
10:59:19.0171 0x047c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud D:\WINDOWS\system32\drivers\drmkaud.sys
10:59:19.0250 0x047c drmkaud - ok
10:59:19.0281 0x047c [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost D:\WINDOWS\System32\eapsvc.dll
10:59:19.0359 0x047c EapHost - ok
10:59:19.0406 0x047c [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc D:\WINDOWS\System32\ersvc.dll
10:59:19.0484 0x047c ERSvc - ok
10:59:19.0515 0x047c [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] Eventlog D:\WINDOWS\system32\services.exe
10:59:19.0593 0x047c Eventlog - ok
10:59:19.0609 0x047c [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C, 8FB19E57429EA5C35C43DADC9C37088A9AD6D039067DA7920DD6A3C9287D0FED ] EventSystem D:\WINDOWS\system32\es.dll
10:59:19.0703 0x047c EventSystem - ok
10:59:19.0750 0x047c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat D:\WINDOWS\system32\drivers\Fastfat.sys
10:59:19.0828 0x047c Fastfat - ok
10:59:19.0859 0x047c [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] FastUserSwitchingCompatibility D:\WINDOWS\System32\shsvcs.dll
10:59:19.0937 0x047c FastUserSwitchingCompatibility - ok
10:59:19.0953 0x047c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc D:\WINDOWS\system32\drivers\Fdc.sys
10:59:20.0031 0x047c Fdc - ok
10:59:20.0031 0x047c [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips D:\WINDOWS\system32\drivers\Fips.sys
10:59:20.0109 0x047c Fips - ok
10:59:20.0109 0x047c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk D:\WINDOWS\system32\drivers\Flpydisk.sys
10:59:20.0187 0x047c Flpydisk - ok
10:59:20.0218 0x047c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr D:\WINDOWS\system32\drivers\fltmgr.sys
10:59:20.0296 0x047c FltMgr - ok
10:59:20.0296 0x047c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec D:\WINDOWS\system32\drivers\Fs_Rec.sys
10:59:20.0390 0x047c Fs_Rec - ok
10:59:20.0390 0x047c [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk D:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:59:20.0484 0x047c Ftdisk - ok
10:59:20.0484 0x047c gdrv - ok
10:59:20.0531 0x047c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc D:\WINDOWS\system32\DRIVERS\msgpc.sys
10:59:20.0593 0x047c Gpc - ok
10:59:20.0640 0x047c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:59:20.0718 0x047c HDAudBus - ok
10:59:20.0796 0x047c [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:59:20.0875 0x047c helpsvc - ok
10:59:20.0890 0x047c [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ D:\WINDOWS\System32\hidserv.dll
10:59:20.0953 0x047c HidServ - ok
10:59:20.0984 0x047c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb D:\WINDOWS\system32\DRIVERS\hidusb.sys
10:59:21.0062 0x047c hidusb - ok
10:59:21.0093 0x047c [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc D:\WINDOWS\System32\kmsvc.dll
10:59:21.0171 0x047c hkmsvc - ok
10:59:21.0171 0x047c hpn - ok
10:59:21.0218 0x047c [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP D:\WINDOWS\system32\Drivers\HTTP.sys
10:59:21.0296 0x047c HTTP - ok
10:59:21.0343 0x047c [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter D:\WINDOWS\System32\w3ssl.dll
10:59:21.0406 0x047c HTTPFilter - ok
10:59:21.0406 0x047c i2omgmt - ok
10:59:21.0406 0x047c i2omp - ok
10:59:21.0453 0x047c [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt D:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:59:21.0531 0x047c i8042prt - ok
10:59:21.0546 0x047c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi D:\WINDOWS\system32\DRIVERS\imapi.sys
10:59:21.0609 0x047c Imapi - ok
10:59:21.0640 0x047c [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService D:\WINDOWS\system32\imapi.exe
10:59:22.0203 0x047c ImapiService - ok
10:59:22.0203 0x047c ini910u - ok
10:59:22.0406 0x047c [ 0C5A04F0FFAEBC25AC815EE14441A8CB, 1A140EFBAC42370180830543F765780508176CAD342541843F54F2B2BCFBD102 ] IntcAzAudAddService D:\WINDOWS\system32\drivers\RtkHDAud.sys
10:59:22.0640 0x047c IntcAzAudAddService - ok
10:59:22.0640 0x047c IntelIde - ok
10:59:22.0703 0x047c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw D:\WINDOWS\system32\drivers\ip6fw.sys
10:59:22.0796 0x047c Ip6Fw - ok
10:59:22.0843 0x047c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:59:22.0937 0x047c IpFilterDriver - ok
10:59:22.0984 0x047c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp D:\WINDOWS\system32\DRIVERS\ipinip.sys
10:59:23.0046 0x047c IpInIp - ok
10:59:23.0062 0x047c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat D:\WINDOWS\system32\DRIVERS\ipnat.sys
10:59:23.0156 0x047c IpNat - ok
10:59:23.0171 0x047c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec D:\WINDOWS\system32\DRIVERS\ipsec.sys
10:59:23.0250 0x047c IPSec - ok
10:59:23.0250 0x047c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM D:\WINDOWS\system32\DRIVERS\irenum.sys
10:59:23.0328 0x047c IRENUM - ok
10:59:23.0343 0x047c [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp D:\WINDOWS\system32\DRIVERS\isapnp.sys
10:59:23.0406 0x047c isapnp - ok
10:59:23.0421 0x047c [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass D:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:59:23.0500 0x047c Kbdclass - ok
10:59:23.0515 0x047c [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid D:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:59:23.0593 0x047c kbdhid - ok
10:59:23.0625 0x047c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer D:\WINDOWS\system32\drivers\kmixer.sys
10:59:23.0703 0x047c kmixer - ok
10:59:23.0718 0x047c [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD D:\WINDOWS\system32\drivers\KSecDD.sys
10:59:23.0812 0x047c KSecDD - ok
10:59:23.0843 0x047c [ D6EB4916B203CBE525F8EFF5FD5AB16C, 93C0F25E7D018B85FE8725EF39F25AED80698D39356FA8FC9CA534F68C430EE8 ] lanmanserver D:\WINDOWS\System32\srvsvc.dll
10:59:23.0921 0x047c lanmanserver - ok
10:59:23.0968 0x047c [ C0DB1E9367681ECD7ECCA9615C1D0F9B, 0CB18C35032E39163645C1761A9488639D2EF0643D856FDAA013BFF8A69DC744 ] lanmanworkstation D:\WINDOWS\System32\wkssvc.dll
10:59:24.0062 0x047c lanmanworkstation - ok
10:59:24.0062 0x047c lbrtfdc - ok
10:59:24.0125 0x047c [ 9696786759C4B43FA5C894747E893EA2, 4E68CD3A109EF892F09E2A2E7805A53969B512E7F427A09880E2C2082513929F ] LightScribeService D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
10:59:24.0125 0x047c LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
10:59:24.0125 0x047c LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:59:24.0125 0x047c Force sending object to P2P due to detect: LightScribeService
10:59:24.0125 0x047c Object send P2P result: false
10:59:24.0171 0x047c [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts D:\WINDOWS\System32\lmhsvc.dll
10:59:24.0250 0x047c LmHosts - ok
10:59:24.0296 0x047c [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] MBAMProtector D:\WINDOWS\system32\drivers\mbam.sys
10:59:24.0296 0x047c MBAMProtector - ok
10:59:24.0390 0x047c [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler D:\Programme\Malwarebam\mbamscheduler.exe
10:59:24.0453 0x047c MBAMScheduler - ok
10:59:24.0546 0x047c [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService D:\Programme\Malwarebam\mbamservice.exe
10:59:24.0609 0x047c MBAMService - ok
10:59:24.0671 0x047c [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy D:\WINDOWS\system32\drivers\49F22E28.sys
10:59:24.0687 0x047c MBAMSwissArmy - ok
10:59:24.0718 0x047c [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger D:\WINDOWS\System32\msgsvc.dll
10:59:24.0796 0x047c Messenger - ok
10:59:24.0828 0x047c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd D:\WINDOWS\system32\drivers\mnmdd.sys
10:59:24.0921 0x047c mnmdd - ok
10:59:24.0968 0x047c [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc D:\WINDOWS\system32\mnmsrvc.exe
10:59:25.0031 0x047c mnmsrvc - ok
10:59:25.0078 0x047c [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem D:\WINDOWS\system32\drivers\Modem.sys
10:59:25.0156 0x047c Modem - ok
10:59:25.0234 0x047c [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt D:\WINDOWS\system32\drivers\Monfilt.sys
10:59:25.0328 0x047c Monfilt - ok
10:59:25.0390 0x047c [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass D:\WINDOWS\system32\DRIVERS\mouclass.sys
10:59:25.0468 0x047c Mouclass - ok
10:59:25.0500 0x047c [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid D:\WINDOWS\system32\DRIVERS\mouhid.sys
10:59:25.0593 0x047c mouhid - ok
10:59:25.0609 0x047c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr D:\WINDOWS\system32\drivers\MountMgr.sys
10:59:25.0687 0x047c MountMgr - ok
10:59:25.0687 0x047c MozillaMaintenance - ok
10:59:25.0687 0x047c mraid35x - ok
10:59:25.0703 0x047c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV D:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:59:25.0765 0x047c MRxDAV - ok
10:59:25.0796 0x047c [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:59:25.0890 0x047c MRxSmb - ok
10:59:25.0921 0x047c [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC D:\WINDOWS\system32\msdtc.exe
10:59:26.0000 0x047c MSDTC - ok
10:59:26.0000 0x047c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs D:\WINDOWS\system32\drivers\Msfs.sys
10:59:26.0078 0x047c Msfs - ok
10:59:26.0078 0x047c MSIServer - ok
10:59:26.0125 0x047c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV D:\WINDOWS\system32\drivers\MSKSSRV.sys
10:59:26.0203 0x047c MSKSSRV - ok
10:59:26.0203 0x047c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK D:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:59:26.0265 0x047c MSPCLOCK - ok
10:59:26.0281 0x047c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM D:\WINDOWS\system32\drivers\MSPQM.sys
10:59:26.0359 0x047c MSPQM - ok
10:59:26.0375 0x047c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios D:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:59:26.0437 0x047c mssmbios - ok
10:59:26.0453 0x047c [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup D:\WINDOWS\system32\drivers\Mup.sys
10:59:26.0515 0x047c Mup - ok
10:59:26.0562 0x047c [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent D:\WINDOWS\System32\qagentrt.dll
10:59:26.0656 0x047c napagent - ok
10:59:26.0703 0x047c NAVENG - ok
10:59:26.0703 0x047c NAVEX15 - ok
10:59:26.0734 0x047c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS D:\WINDOWS\system32\drivers\NDIS.sys
10:59:26.0812 0x047c NDIS - ok
10:59:26.0828 0x047c [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi D:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:59:26.0906 0x047c NdisTapi - ok
10:59:26.0921 0x047c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio D:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:59:26.0984 0x047c Ndisuio - ok
10:59:27.0000 0x047c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan D:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:59:27.0062 0x047c NdisWan - ok
10:59:27.0078 0x047c [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy D:\WINDOWS\system32\drivers\NDProxy.sys
10:59:27.0156 0x047c NDProxy - ok
10:59:27.0171 0x047c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS D:\WINDOWS\system32\DRIVERS\netbios.sys
10:59:27.0250 0x047c NetBIOS - ok
10:59:27.0265 0x047c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT D:\WINDOWS\system32\DRIVERS\netbt.sys
10:59:27.0359 0x047c NetBT - ok
10:59:27.0390 0x047c [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE D:\WINDOWS\system32\netdde.exe
10:59:27.0468 0x047c NetDDE - ok
10:59:27.0484 0x047c [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm D:\WINDOWS\system32\netdde.exe
10:59:27.0546 0x047c NetDDEdsdm - ok
10:59:27.0609 0x047c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon D:\WINDOWS\system32\lsass.exe
10:59:27.0687 0x047c Netlogon - ok
10:59:27.0718 0x047c [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman D:\WINDOWS\System32\netman.dll
10:59:27.0812 0x047c Netman - ok
10:59:27.0828 0x047c [ F12B9D9A069331877D006CC81B4735F9, 28EEE4A21412174BE0CAF7B041DAAB8299AA59EA5F6E41B8AFDD1A4DA770C793 ] Nla D:\WINDOWS\System32\mswsock.dll
10:59:27.0921 0x047c Nla - ok
10:59:27.0921 0x047c Norton Internet Security - ok
10:59:27.0953 0x047c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs D:\WINDOWS\system32\drivers\Npfs.sys
10:59:28.0031 0x047c Npfs - ok
10:59:28.0046 0x047c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs D:\WINDOWS\system32\drivers\Ntfs.sys
10:59:28.0156 0x047c Ntfs - ok
10:59:28.0171 0x047c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp D:\WINDOWS\system32\lsass.exe
10:59:28.0234 0x047c NtLmSsp - ok
10:59:28.0296 0x047c [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc D:\WINDOWS\system32\ntmssvc.dll
10:59:28.0390 0x047c NtmsSvc - ok
10:59:28.0406 0x047c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null D:\WINDOWS\system32\drivers\Null.sys
10:59:28.0484 0x047c Null - ok
10:59:28.0531 0x047c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:59:28.0609 0x047c NwlnkFlt - ok
10:59:28.0609 0x047c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:59:28.0703 0x047c NwlnkFwd - ok
10:59:28.0781 0x047c [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
10:59:28.0781 0x047c ose - ok
10:59:28.0828 0x047c [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport D:\WINDOWS\system32\DRIVERS\parport.sys
10:59:28.0906 0x047c Parport - ok
10:59:28.0921 0x047c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr D:\WINDOWS\system32\drivers\PartMgr.sys
10:59:29.0000 0x047c PartMgr - ok
10:59:29.0046 0x047c [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm D:\WINDOWS\system32\drivers\ParVdm.sys
10:59:29.0125 0x047c ParVdm - ok
10:59:29.0140 0x047c [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI D:\WINDOWS\system32\DRIVERS\pci.sys
10:59:29.0218 0x047c PCI - ok
10:59:29.0218 0x047c PCIDump - ok
10:59:29.0218 0x047c [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde D:\WINDOWS\system32\DRIVERS\pciide.sys
10:59:29.0312 0x047c PCIIde - ok
10:59:29.0328 0x047c [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia D:\WINDOWS\system32\drivers\Pcmcia.sys
10:59:29.0421 0x047c Pcmcia - ok
10:59:29.0421 0x047c PDCOMP - ok
10:59:29.0421 0x047c PDFRAME - ok
10:59:29.0437 0x047c PDRELI - ok
10:59:29.0437 0x047c PDRFRAME - ok
10:59:29.0437 0x047c perc2 - ok
10:59:29.0437 0x047c perc2hib - ok
10:59:29.0468 0x047c [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] PlugPlay D:\WINDOWS\system32\services.exe
10:59:29.0546 0x047c PlugPlay - ok
10:59:29.0546 0x047c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent D:\WINDOWS\system32\lsass.exe
10:59:29.0609 0x047c PolicyAgent - ok
10:59:29.0640 0x047c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport D:\WINDOWS\system32\DRIVERS\raspptp.sys
10:59:29.0718 0x047c PptpMiniport - ok
10:59:29.0734 0x047c [ 2CB55427C58679F49AD600FCCBA76360, 2B5242E9637FCB6A7C16F720C9D8D440AA88B61FB5F108B295A208886C01C4D1 ] Processor D:\WINDOWS\system32\DRIVERS\processr.sys
10:59:29.0812 0x047c Processor - ok
10:59:29.0812 0x047c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage D:\WINDOWS\system32\lsass.exe
10:59:29.0890 0x047c ProtectedStorage - ok
10:59:29.0890 0x047c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched D:\WINDOWS\system32\DRIVERS\psched.sys
10:59:29.0953 0x047c PSched - ok
10:59:29.0984 0x047c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink D:\WINDOWS\system32\DRIVERS\ptilink.sys
10:59:30.0078 0x047c Ptilink - ok
10:59:30.0078 0x047c ql1080 - ok
10:59:30.0078 0x047c Ql10wnt - ok
10:59:30.0078 0x047c ql12160 - ok
10:59:30.0078 0x047c ql1240 - ok
10:59:30.0093 0x047c ql1280 - ok
10:59:30.0109 0x047c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd D:\WINDOWS\system32\DRIVERS\rasacd.sys
10:59:30.0187 0x047c RasAcd - ok
10:59:30.0218 0x047c [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto D:\WINDOWS\System32\rasauto.dll
10:59:30.0312 0x047c RasAuto - ok
10:59:30.0343 0x047c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:59:30.0421 0x047c Rasl2tp - ok
10:59:30.0468 0x047c [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan D:\WINDOWS\System32\rasmans.dll
10:59:30.0546 0x047c RasMan - ok
10:59:30.0546 0x047c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe D:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:59:30.0640 0x047c RasPppoe - ok
10:59:30.0656 0x047c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti D:\WINDOWS\system32\DRIVERS\raspti.sys
10:59:30.0734 0x047c Raspti - ok
10:59:30.0765 0x047c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss D:\WINDOWS\system32\DRIVERS\rdbss.sys
10:59:30.0843 0x047c Rdbss - ok
10:59:30.0859 0x047c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:59:30.0937 0x047c RDPCDD - ok
10:59:30.0953 0x047c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr D:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:59:31.0031 0x047c rdpdr - ok
10:59:31.0093 0x047c [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD D:\WINDOWS\system32\drivers\RDPWD.sys
10:59:31.0156 0x047c RDPWD - ok
10:59:31.0203 0x047c [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr D:\WINDOWS\system32\sessmgr.exe
10:59:31.0281 0x047c RDSessMgr - ok
10:59:31.0296 0x047c [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook D:\WINDOWS\system32\DRIVERS\redbook.sys
10:59:31.0375 0x047c redbook - ok
10:59:31.0406 0x047c [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess D:\WINDOWS\System32\mprdim.dll
10:59:31.0484 0x047c RemoteAccess - ok
10:59:31.0531 0x047c [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry D:\WINDOWS\system32\regsvc.dll
10:59:31.0609 0x047c RemoteRegistry - ok
10:59:31.0640 0x047c [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM D:\WINDOWS\system32\DRIVERS\rfcomm.sys
10:59:31.0703 0x047c RFCOMM - ok
10:59:31.0750 0x047c [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM D:\WINDOWS\system32\Drivers\RootMdm.sys
10:59:31.0812 0x047c ROOTMODEM - ok
10:59:31.0859 0x047c [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator D:\WINDOWS\system32\locator.exe
10:59:31.0937 0x047c RpcLocator - ok
10:59:31.0968 0x047c [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] RpcSs D:\WINDOWS\system32\rpcss.dll
10:59:32.0062 0x047c RpcSs - ok
10:59:32.0078 0x047c [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP D:\WINDOWS\system32\rsvp.exe
10:59:32.0156 0x047c RSVP - ok
10:59:32.0312 0x047c [ 1674A34F0084BFFDEC2DCDB1625A87F0, 139F0F18779009EBDD72AEFCC8395B0F818A197E7B1D624896D88D7399026281 ] RTHDMIAzAudService D:\WINDOWS\system32\drivers\RtKHDMI.sys
10:59:32.0468 0x047c RTHDMIAzAudService - ok
10:59:32.0484 0x047c [ 00FD6811350E175585ABCF7D4A61DD90, 00B54CB6547E47E6A2B8AE4BB220E68BBFECF2188CB7DFE651B50F7FE6AC7E9D ] RTLE8023xp D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:59:32.0515 0x047c RTLE8023xp - ok
10:59:32.0546 0x047c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs D:\WINDOWS\system32\lsass.exe
10:59:32.0609 0x047c SamSs - ok
10:59:32.0640 0x047c [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr D:\WINDOWS\System32\SCardSvr.exe
10:59:32.0718 0x047c SCardSvr - ok
10:59:32.0765 0x047c [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule D:\WINDOWS\system32\schedsvc.dll
10:59:32.0859 0x047c Schedule - ok
10:59:32.0890 0x047c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv D:\WINDOWS\system32\DRIVERS\secdrv.sys
10:59:32.0953 0x047c Secdrv - ok
10:59:32.0984 0x047c [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon D:\WINDOWS\System32\seclogon.dll
10:59:33.0062 0x047c seclogon - ok
10:59:33.0078 0x047c [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS D:\WINDOWS\system32\sens.dll
10:59:33.0140 0x047c SENS - ok
10:59:33.0187 0x047c [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum D:\WINDOWS\system32\DRIVERS\serenum.sys
10:59:33.0250 0x047c serenum - ok
10:59:33.0265 0x047c [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial D:\WINDOWS\system32\DRIVERS\serial.sys
10:59:33.0359 0x047c Serial - ok
10:59:33.0375 0x047c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy D:\WINDOWS\system32\drivers\Sfloppy.sys
10:59:33.0437 0x047c Sfloppy - ok
10:59:33.0484 0x047c [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess D:\WINDOWS\System32\ipnathlp.dll
10:59:33.0578 0x047c SharedAccess - ok
10:59:33.0593 0x047c [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] ShellHWDetection D:\WINDOWS\System32\shsvcs.dll
10:59:33.0671 0x047c ShellHWDetection - ok
10:59:33.0687 0x047c Simbad - ok
10:59:33.0687 0x047c Sparrow - ok
10:59:33.0734 0x047c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter D:\WINDOWS\system32\drivers\splitter.sys
10:59:33.0812 0x047c splitter - ok
10:59:33.0843 0x047c [ 39356A9CDB6753A6D13A4072A9F5A4BB, 7E41478460B0FFE7606F245B74AD60244816F4523FD4355C26BADF724BCE6575 ] Spooler D:\WINDOWS\system32\spoolsv.exe
10:59:33.0921 0x047c Spooler - ok
10:59:33.0937 0x047c [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr D:\WINDOWS\system32\DRIVERS\sr.sys
10:59:34.0000 0x047c sr - ok
10:59:34.0015 0x047c [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice D:\WINDOWS\system32\srsvc.dll
10:59:34.0093 0x047c srservice - ok
10:59:34.0109 0x047c SRTSP - ok
10:59:34.0109 0x047c SRTSPX - ok
10:59:34.0156 0x047c [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] Srv D:\WINDOWS\system32\DRIVERS\srv.sys
10:59:34.0250 0x047c Srv - ok
10:59:34.0281 0x047c [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV D:\WINDOWS\System32\ssdpsrv.dll
10:59:34.0359 0x047c SSDPSRV - ok
10:59:34.0390 0x047c [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc D:\WINDOWS\system32\wiaservc.dll
10:59:34.0484 0x047c stisvc - ok
10:59:34.0515 0x047c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum D:\WINDOWS\system32\DRIVERS\swenum.sys
10:59:34.0593 0x047c swenum - ok
10:59:34.0609 0x047c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi D:\WINDOWS\system32\drivers\swmidi.sys
10:59:34.0687 0x047c swmidi - ok
10:59:34.0687 0x047c SwPrv - ok
10:59:34.0703 0x047c symc810 - ok
10:59:34.0703 0x047c symc8xx - ok
10:59:34.0703 0x047c sym_hi - ok
10:59:34.0703 0x047c sym_u3 - ok
10:59:34.0718 0x047c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio D:\WINDOWS\system32\drivers\sysaudio.sys
10:59:34.0796 0x047c sysaudio - ok
10:59:34.0843 0x047c [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog D:\WINDOWS\system32\smlogsvc.exe
10:59:34.0921 0x047c SysmonLog - ok
10:59:34.0953 0x047c [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv D:\WINDOWS\System32\tapisrv.dll
10:59:35.0015 0x047c TapiSrv - ok
10:59:35.0078 0x047c [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] Tcpip D:\WINDOWS\system32\DRIVERS\tcpip.sys
10:59:35.0156 0x047c Tcpip - ok
10:59:35.0187 0x047c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE D:\WINDOWS\system32\drivers\TDPIPE.sys
10:59:35.0265 0x047c TDPIPE - ok
10:59:35.0281 0x047c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP D:\WINDOWS\system32\drivers\TDTCP.sys
10:59:35.0375 0x047c TDTCP - ok
10:59:35.0390 0x047c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD D:\WINDOWS\system32\DRIVERS\termdd.sys
10:59:35.0453 0x047c TermDD - ok
10:59:35.0500 0x047c [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService D:\WINDOWS\System32\termsrv.dll
10:59:35.0593 0x047c TermService - ok
10:59:35.0609 0x047c [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] Themes D:\WINDOWS\System32\shsvcs.dll
10:59:35.0687 0x047c Themes - ok
10:59:35.0703 0x047c [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr D:\WINDOWS\system32\tlntsvr.exe
10:59:35.0781 0x047c TlntSvr - ok
10:59:35.0781 0x047c TosIde - ok
10:59:35.0812 0x047c [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks D:\WINDOWS\system32\trkwks.dll
10:59:35.0906 0x047c TrkWks - ok
10:59:35.0937 0x047c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs D:\WINDOWS\system32\drivers\Udfs.sys
10:59:36.0031 0x047c Udfs - ok
10:59:36.0031 0x047c ultra - ok
10:59:36.0078 0x047c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update D:\WINDOWS\system32\DRIVERS\update.sys
10:59:36.0171 0x047c Update - ok
10:59:36.0187 0x047c [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost D:\WINDOWS\System32\upnphost.dll
10:59:36.0281 0x047c upnphost - ok
10:59:36.0296 0x047c [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS D:\WINDOWS\System32\ups.exe
10:59:36.0375 0x047c UPS - ok
10:59:36.0421 0x047c [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp D:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:59:36.0500 0x047c usbccgp - ok
10:59:36.0546 0x047c [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci D:\WINDOWS\system32\DRIVERS\usbehci.sys
10:59:36.0625 0x047c usbehci - ok
10:59:36.0640 0x047c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub D:\WINDOWS\system32\DRIVERS\usbhub.sys
10:59:36.0718 0x047c usbhub - ok
10:59:36.0734 0x047c [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci D:\WINDOWS\system32\DRIVERS\usbohci.sys
10:59:36.0812 0x047c usbohci - ok
10:59:36.0859 0x047c [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan D:\WINDOWS\system32\DRIVERS\usbscan.sys
10:59:36.0921 0x047c usbscan - ok
10:59:36.0968 0x047c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:59:37.0031 0x047c usbstor - ok
10:59:37.0078 0x047c [ 51750B0539986186C6931FC40D171521, 8288954D1393D8D3EEECDF79A73FB82E19B03B67022AFE9C20E99134E6E4C8BF ] VComm D:\WINDOWS\system32\DRIVERS\VComm.sys
10:59:37.0078 0x047c VComm - ok
10:59:37.0093 0x047c [ 6D9C891C0A761AFED1F3609C2E56F2B9, 53A528AB64CE5567C05194D006F066E8ABA572DCF305A42A5915EFE66A127BDA ] VcommMgr D:\WINDOWS\system32\Drivers\VcommMgr.sys
10:59:37.0109 0x047c VcommMgr - ok
10:59:37.0109 0x047c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave D:\WINDOWS\System32\drivers\vga.sys
10:59:37.0187 0x047c VgaSave - ok
10:59:37.0187 0x047c ViaIde - ok
10:59:37.0234 0x047c [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap D:\WINDOWS\system32\drivers\VolSnap.sys
10:59:37.0312 0x047c VolSnap - ok
10:59:37.0359 0x047c [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS D:\WINDOWS\System32\vssvc.exe
10:59:37.0453 0x047c VSS - ok
10:59:37.0468 0x047c [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time D:\WINDOWS\system32\w32time.dll
10:59:37.0546 0x047c W32Time - ok
10:59:37.0593 0x047c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp D:\WINDOWS\system32\DRIVERS\wanarp.sys
10:59:37.0656 0x047c Wanarp - ok
10:59:37.0656 0x047c WDICA - ok
10:59:37.0687 0x047c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud D:\WINDOWS\system32\drivers\wdmaud.sys
10:59:37.0765 0x047c wdmaud - ok
10:59:37.0812 0x047c [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient D:\WINDOWS\System32\webclnt.dll
10:59:37.0890 0x047c WebClient - ok
10:59:37.0984 0x047c [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt D:\WINDOWS\system32\wbem\WMIsvc.dll
10:59:38.0062 0x047c winmgmt - ok
10:59:38.0093 0x047c [ 6E18978B749F0696A774DE3F2CB142DD, 4BBE31A78F6CF474A4CFDBB7C365DE058247F8BFA21F7E563111E84D8937BC26 ] WmdmPmSN D:\WINDOWS\system32\mspmsnsv.dll
10:59:38.0187 0x047c WmdmPmSN - ok
10:59:38.0234 0x047c [ 53E1CCF332A2F40B5E08476921CD8B44, BBD472701811695EB8BD06CB3DFAF07D2632E1D271B387395455FE9B274CB470 ] Wmi D:\WINDOWS\System32\advapi32.dll
10:59:38.0375 0x047c Wmi - ok
10:59:38.0421 0x047c [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv D:\WINDOWS\system32\wbem\wmiapsrv.exe
10:59:38.0500 0x047c WmiApSrv - ok
10:59:38.0546 0x047c [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL D:\WINDOWS\System32\drivers\ws2ifsl.sys
10:59:38.0609 0x047c WS2IFSL - ok
10:59:38.0640 0x047c [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc D:\WINDOWS\system32\wscsvc.dll
10:59:38.0734 0x047c wscsvc - ok
10:59:38.0750 0x047c [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv D:\WINDOWS\system32\wuauserv.dll
10:59:38.0843 0x047c wuauserv - ok
10:59:38.0906 0x047c [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC D:\WINDOWS\System32\wzcsvc.dll
10:59:39.0000 0x047c WZCSVC - ok
10:59:39.0031 0x047c [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov D:\WINDOWS\System32\xmlprov.dll
10:59:39.0140 0x047c xmlprov - ok
10:59:39.0156 0x047c ================ Scan global ===============================
10:59:39.0187 0x047c [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] D:\WINDOWS\system32\basesrv.dll
10:59:39.0218 0x047c [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] D:\WINDOWS\system32\winsrv.dll
10:59:39.0234 0x047c [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] D:\WINDOWS\system32\winsrv.dll
10:59:39.0265 0x047c [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] D:\WINDOWS\system32\services.exe
10:59:39.0265 0x047c [ Global ] - ok
10:59:39.0265 0x047c ================ Scan MBR ==================================
10:59:39.0281 0x047c [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:59:39.0468 0x047c \Device\Harddisk0\DR0 - ok
10:59:39.0468 0x047c [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR3
10:59:39.0640 0x047c \Device\Harddisk1\DR3 - ok
10:59:39.0640 0x047c ================ Scan VBR ==================================
10:59:39.0640 0x047c [ EEA1061F0EF31F4EDA64FCBE1BD45D45 ] \Device\Harddisk0\DR0\Partition1
10:59:39.0640 0x047c \Device\Harddisk0\DR0\Partition1 - ok
10:59:39.0640 0x047c [ B4F7B80D6A8D52769E63625C7E1C6299 ] \Device\Harddisk0\DR0\Partition2
10:59:39.0640 0x047c \Device\Harddisk0\DR0\Partition2 - ok
10:59:39.0656 0x047c [ 6DFADFDD660A63A9B2ED9DB87BF4ABC7 ] \Device\Harddisk1\DR3\Partition1
10:59:39.0656 0x047c \Device\Harddisk1\DR3\Partition1 - ok
10:59:39.0656 0x047c ================ Scan active images ========================
10:59:39.0656 0x047c [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] D:\WINDOWS\system32\drivers\AmdPPM.sys
10:59:39.0656 0x047c D:\WINDOWS\system32\drivers\AmdPPM.sys - ok
10:59:39.0656 0x047c [ 15B2FE76E2ECEB98C49ED52311A6F26F, E917AEBD221BF2DB217C111F256033FDA2B28FE55C7E87DAD4A16B84E3FD9398 ] D:\WINDOWS\system32\drivers\ati2mtag.sys
10:59:39.0656 0x047c D:\WINDOWS\system32\drivers\ati2mtag.sys - ok
10:59:39.0656 0x047c [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] D:\WINDOWS\system32\drivers\videoprt.sys
10:59:39.0656 0x047c D:\WINDOWS\system32\drivers\videoprt.sys - ok
10:59:39.0656 0x047c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] D:\WINDOWS\system32\drivers\hdaudbus.sys
10:59:39.0656 0x047c D:\WINDOWS\system32\drivers\hdaudbus.sys - ok
10:59:39.0671 0x047c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] D:\WINDOWS\system32\drivers\imapi.sys
10:59:39.0671 0x047c D:\WINDOWS\system32\drivers\imapi.sys - ok
10:59:39.0671 0x047c [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] D:\WINDOWS\system32\drivers\afc.sys
10:59:39.0671 0x047c D:\WINDOWS\system32\drivers\afc.sys - ok
10:59:39.0671 0x047c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] D:\WINDOWS\system32\drivers\cdrom.sys
10:59:39.0671 0x047c D:\WINDOWS\system32\drivers\cdrom.sys - ok
10:59:39.0671 0x047c [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] D:\WINDOWS\system32\drivers\ks.sys
10:59:39.0671 0x047c D:\WINDOWS\system32\drivers\ks.sys - ok
10:59:39.0671 0x047c [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] D:\WINDOWS\system32\drivers\redbook.sys
10:59:39.0671 0x047c D:\WINDOWS\system32\drivers\redbook.sys - ok
10:59:39.0687 0x047c [ 791912E524CC2CC6F50B5F2B52D1EB71, 2B269372E5B39B03089F781CC69AE519D1C840A80ADBE15EA3787FBCDE97F1A8 ] D:\WINDOWS\system32\drivers\usbport.sys
10:59:39.0687 0x047c D:\WINDOWS\system32\drivers\usbport.sys - ok
10:59:39.0687 0x047c [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] D:\WINDOWS\system32\drivers\usbehci.sys
10:59:39.0687 0x047c D:\WINDOWS\system32\drivers\usbehci.sys - ok
10:59:39.0687 0x047c [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] D:\WINDOWS\system32\drivers\usbohci.sys
10:59:39.0687 0x047c D:\WINDOWS\system32\drivers\usbohci.sys - ok
10:59:39.0687 0x047c [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] D:\WINDOWS\system32\drivers\parport.sys
10:59:39.0687 0x047c D:\WINDOWS\system32\drivers\parport.sys - ok
10:59:39.0687 0x047c [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] D:\WINDOWS\system32\drivers\serenum.sys
10:59:39.0687 0x047c D:\WINDOWS\system32\drivers\serenum.sys - ok
10:59:39.0703 0x047c [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] D:\WINDOWS\system32\drivers\serial.sys
10:59:39.0703 0x047c D:\WINDOWS\system32\drivers\serial.sys - ok
10:59:39.0703 0x047c [ 6D9C891C0A761AFED1F3609C2E56F2B9, 53A528AB64CE5567C05194D006F066E8ABA572DCF305A42A5915EFE66A127BDA ] D:\WINDOWS\system32\drivers\VcommMgr.sys
10:59:39.0703 0x047c D:\WINDOWS\system32\drivers\VcommMgr.sys - ok
10:59:39.0703 0x047c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] D:\WINDOWS\system32\drivers\audstub.sys
10:59:39.0703 0x047c D:\WINDOWS\system32\drivers\audstub.sys - ok
10:59:39.0703 0x047c [ 852A1BD08E7DFEB9E30B5440881C0501, 92D3F82A29D4466706DA0A30921B4AE5D67F08C2C4EF362EDB1A2D254A5AF068 ] D:\WINDOWS\system32\drivers\blueletaudio.sys
10:59:39.0703 0x047c D:\WINDOWS\system32\drivers\blueletaudio.sys - ok
10:59:39.0703 0x047c [ 8FC27B12A02B43947787F0EF1885DF9B, 1C0A44406FCD78BB6410140512B2165F974CD1837400A818529E4054A358E7BF ] D:\WINDOWS\system32\drivers\BlueletSCOAudio.sys
10:59:39.0703 0x047c D:\WINDOWS\system32\drivers\BlueletSCOAudio.sys - ok
10:59:39.0718 0x047c [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] D:\WINDOWS\system32\drivers\drmk.sys
10:59:39.0718 0x047c D:\WINDOWS\system32\drivers\drmk.sys - ok
10:59:39.0718 0x047c [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] D:\WINDOWS\system32\drivers\portcls.sys
10:59:39.0718 0x047c D:\WINDOWS\system32\drivers\portcls.sys - ok
10:59:39.0718 0x047c [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] D:\WINDOWS\system32\drivers\rootmdm.sys
10:59:39.0718 0x047c D:\WINDOWS\system32\drivers\rootmdm.sys - ok
10:59:39.0718 0x047c [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] D:\WINDOWS\system32\drivers\modem.sys
10:59:39.0718 0x047c D:\WINDOWS\system32\drivers\modem.sys - ok
10:59:39.0734 0x047c [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] D:\WINDOWS\system32\drivers\ndistapi.sys
10:59:39.0734 0x047c D:\WINDOWS\system32\drivers\ndistapi.sys - ok
10:59:39.0734 0x047c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] D:\WINDOWS\system32\drivers\ndiswan.sys
10:59:39.0734 0x047c D:\WINDOWS\system32\drivers\ndiswan.sys - ok
10:59:39.0734 0x047c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] D:\WINDOWS\system32\drivers\rasl2tp.sys
10:59:39.0734 0x047c D:\WINDOWS\system32\drivers\rasl2tp.sys - ok
10:59:39.0734 0x047c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] D:\WINDOWS\system32\drivers\raspppoe.sys
10:59:39.0734 0x047c D:\WINDOWS\system32\drivers\raspppoe.sys - ok
10:59:39.0734 0x047c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] D:\WINDOWS\system32\drivers\msgpc.sys
10:59:39.0734 0x047c D:\WINDOWS\system32\drivers\msgpc.sys - ok
10:59:39.0750 0x047c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] D:\WINDOWS\system32\drivers\psched.sys
10:59:39.0750 0x047c D:\WINDOWS\system32\drivers\psched.sys - ok
10:59:39.0750 0x047c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] D:\WINDOWS\system32\drivers\raspptp.sys
10:59:39.0750 0x047c D:\WINDOWS\system32\drivers\raspptp.sys - ok
10:59:39.0750 0x047c [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] D:\WINDOWS\system32\drivers\tdi.sys
10:59:39.0750 0x047c D:\WINDOWS\system32\drivers\tdi.sys - ok
10:59:39.0750 0x047c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] D:\WINDOWS\system32\drivers\ptilink.sys
10:59:39.0750 0x047c D:\WINDOWS\system32\drivers\ptilink.sys - ok
10:59:39.0750 0x047c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] D:\WINDOWS\system32\drivers\raspti.sys
10:59:39.0750 0x047c D:\WINDOWS\system32\drivers\raspti.sys - ok
10:59:39.0765 0x047c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] D:\WINDOWS\system32\drivers\rdpdr.sys
10:59:39.0765 0x047c D:\WINDOWS\system32\drivers\rdpdr.sys - ok
10:59:39.0765 0x047c [ 51750B0539986186C6931FC40D171521, 8288954D1393D8D3EEECDF79A73FB82E19B03B67022AFE9C20E99134E6E4C8BF ] D:\WINDOWS\system32\drivers\VComm.sys
10:59:39.0765 0x047c D:\WINDOWS\system32\drivers\VComm.sys - ok
10:59:39.0765 0x047c [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] D:\WINDOWS\system32\drivers\kbdclass.sys
10:59:39.0765 0x047c D:\WINDOWS\system32\drivers\kbdclass.sys - ok
10:59:39.0765 0x047c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] D:\WINDOWS\system32\drivers\termdd.sys
10:59:39.0765 0x047c D:\WINDOWS\system32\drivers\termdd.sys - ok
10:59:39.0781 0x047c [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] D:\WINDOWS\system32\drivers\mouclass.sys
10:59:39.0781 0x047c D:\WINDOWS\system32\drivers\mouclass.sys - ok
10:59:39.0781 0x047c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] D:\WINDOWS\system32\drivers\swenum.sys
10:59:39.0781 0x047c D:\WINDOWS\system32\drivers\swenum.sys - ok
10:59:39.0781 0x047c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] D:\WINDOWS\system32\drivers\mssmbios.sys
10:59:39.0781 0x047c D:\WINDOWS\system32\drivers\mssmbios.sys - ok
10:59:39.0781 0x047c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] D:\WINDOWS\system32\drivers\update.sys
10:59:39.0781 0x047c D:\WINDOWS\system32\drivers\update.sys - ok
10:59:39.0781 0x047c [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] D:\WINDOWS\system32\drivers\ndproxy.sys
10:59:39.0781 0x047c D:\WINDOWS\system32\drivers\ndproxy.sys - ok
10:59:39.0796 0x047c [ 1674A34F0084BFFDEC2DCDB1625A87F0, 139F0F18779009EBDD72AEFCC8395B0F818A197E7B1D624896D88D7399026281 ] D:\WINDOWS\system32\drivers\RtKHDMI.sys
10:59:39.0796 0x047c D:\WINDOWS\system32\drivers\RtKHDMI.sys - ok
10:59:39.0796 0x047c [ 596EB39B50D6EBD9B734DC4AE0544693, EFCA2CFFFB8467BAC63F5174F125FEEFFA1F29491285C5BF99B3A2B2A6A25934 ] D:\WINDOWS\system32\drivers\usbd.sys
10:59:39.0796 0x047c D:\WINDOWS\system32\drivers\usbd.sys - ok
10:59:39.0796 0x047c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] D:\WINDOWS\system32\drivers\usbhub.sys
10:59:39.0796 0x047c D:\WINDOWS\system32\drivers\usbhub.sys - ok
10:59:39.0796 0x047c [ 0C5A04F0FFAEBC25AC815EE14441A8CB, 1A140EFBAC42370180830543F765780508176CAD342541843F54F2B2BCFBD102 ] D:\WINDOWS\system32\drivers\RtkHDAud.sys
10:59:39.0796 0x047c D:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
10:59:39.0812 0x047c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] D:\WINDOWS\system32\drivers\fdc.sys
10:59:39.0812 0x047c D:\WINDOWS\system32\drivers\fdc.sys - ok
10:59:39.0812 0x047c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] D:\WINDOWS\system32\drivers\beep.sys
10:59:39.0812 0x047c D:\WINDOWS\system32\drivers\beep.sys - ok
10:59:39.0812 0x047c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] D:\WINDOWS\system32\drivers\cdaudio.sys
10:59:39.0812 0x047c D:\WINDOWS\system32\drivers\cdaudio.sys - ok
10:59:39.0812 0x047c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] D:\WINDOWS\system32\drivers\flpydisk.sys
10:59:39.0812 0x047c D:\WINDOWS\system32\drivers\flpydisk.sys - ok
10:59:39.0812 0x047c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] D:\WINDOWS\system32\drivers\fs_rec.sys
10:59:39.0812 0x047c D:\WINDOWS\system32\drivers\fs_rec.sys - ok
10:59:39.0828 0x047c [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] D:\WINDOWS\system32\drivers\i8042prt.sys
10:59:39.0828 0x047c D:\WINDOWS\system32\drivers\i8042prt.sys - ok
10:59:39.0828 0x047c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] D:\WINDOWS\system32\drivers\null.sys
10:59:39.0828 0x047c D:\WINDOWS\system32\drivers\null.sys - ok
10:59:39.0828 0x047c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] D:\WINDOWS\system32\drivers\sfloppy.sys
10:59:39.0828 0x047c D:\WINDOWS\system32\drivers\sfloppy.sys - ok
10:59:39.0828 0x047c [ 96ECCF28FDBF1B2CC12725818A63628D, 0F25069EE8A44B6F4B18F82F384D404CC1776A2AFC5032D9ED19CE36FF2A61DC ] D:\WINDOWS\system32\drivers\hidparse.sys
10:59:39.0828 0x047c D:\WINDOWS\system32\drivers\hidparse.sys - ok
10:59:39.0843 0x047c [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] D:\WINDOWS\system32\drivers\kbdhid.sys
10:59:39.0843 0x047c D:\WINDOWS\system32\drivers\kbdhid.sys - ok
10:59:39.0843 0x047c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] D:\WINDOWS\system32\drivers\mnmdd.sys
10:59:39.0843 0x047c D:\WINDOWS\system32\drivers\mnmdd.sys - ok
10:59:39.0843 0x047c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] D:\WINDOWS\system32\drivers\vga.sys
10:59:39.0843 0x047c D:\WINDOWS\system32\drivers\vga.sys - ok
10:59:39.0843 0x047c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] D:\WINDOWS\system32\drivers\msfs.sys
10:59:39.0843 0x047c D:\WINDOWS\system32\drivers\msfs.sys - ok
10:59:39.0843 0x047c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] D:\WINDOWS\system32\drivers\rdpcdd.sys
10:59:39.0843 0x047c D:\WINDOWS\system32\drivers\rdpcdd.sys - ok
10:59:39.0859 0x047c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] D:\WINDOWS\system32\drivers\ipsec.sys
10:59:39.0859 0x047c D:\WINDOWS\system32\drivers\ipsec.sys - ok
10:59:39.0859 0x047c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] D:\WINDOWS\system32\drivers\npfs.sys
10:59:39.0859 0x047c D:\WINDOWS\system32\drivers\npfs.sys - ok
10:59:39.0859 0x047c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] D:\WINDOWS\system32\drivers\rasacd.sys
10:59:39.0859 0x047c D:\WINDOWS\system32\drivers\rasacd.sys - ok
10:59:39.0859 0x047c [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] D:\WINDOWS\system32\drivers\tcpip.sys
10:59:39.0859 0x047c D:\WINDOWS\system32\drivers\tcpip.sys - ok
10:59:39.0859 0x047c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] D:\WINDOWS\system32\drivers\netbt.sys
10:59:39.0859 0x047c D:\WINDOWS\system32\drivers\netbt.sys - ok
10:59:39.0875 0x047c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] D:\WINDOWS\system32\drivers\ipnat.sys
10:59:39.0875 0x047c D:\WINDOWS\system32\drivers\ipnat.sys - ok
10:59:39.0875 0x047c [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] D:\WINDOWS\system32\drivers\afd.sys
10:59:39.0875 0x047c D:\WINDOWS\system32\drivers\afd.sys - ok
10:59:39.0875 0x047c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] D:\WINDOWS\system32\drivers\netbios.sys
10:59:39.0875 0x047c D:\WINDOWS\system32\drivers\netbios.sys - ok
10:59:39.0875 0x047c [ 2CB55427C58679F49AD600FCCBA76360, 2B5242E9637FCB6A7C16F720C9D8D440AA88B61FB5F108B295A208886C01C4D1 ] D:\WINDOWS\system32\drivers\processr.sys
10:59:39.0875 0x047c D:\WINDOWS\system32\drivers\processr.sys - ok
10:59:39.0875 0x047c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] D:\WINDOWS\system32\drivers\wanarp.sys
10:59:39.0875 0x047c D:\WINDOWS\system32\drivers\wanarp.sys - ok
10:59:39.0890 0x047c [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] D:\WINDOWS\system32\drivers\ws2ifsl.sys
10:59:39.0890 0x047c D:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
10:59:39.0890 0x047c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] D:\WINDOWS\system32\drivers\rdbss.sys
10:59:39.0890 0x047c D:\WINDOWS\system32\drivers\rdbss.sys - ok
10:59:39.0890 0x047c [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] D:\WINDOWS\system32\drivers\mrxsmb.sys
10:59:39.0890 0x047c D:\WINDOWS\system32\drivers\mrxsmb.sys - ok
10:59:39.0890 0x047c [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] D:\WINDOWS\system32\drivers\fips.sys
10:59:39.0890 0x047c D:\WINDOWS\system32\drivers\fips.sys - ok
10:59:39.0906 0x047c [ 95092EFBE367A108ECDD5D6E439754C3, 82B3041AFC520243B0D1E6DB5FF908771BB0DE86B8FCB1514B2C1E25ADCA95B1 ] D:\WINDOWS\system32\ntdll.dll
10:59:39.0906 0x047c D:\WINDOWS\system32\ntdll.dll - ok
10:59:39.0906 0x047c [ B3EFDE4B2CC3AC949BCDE7A89712AFCF, EE1A3E5F7324E0169F42683E698B74AA72459BE817E5512BD7319F488E39D3B8 ] D:\WINDOWS\system32\smss.exe
10:59:39.0906 0x047c D:\WINDOWS\system32\smss.exe - ok
10:59:39.0906 0x047c [ 813DB4805C6EF1D8A86EAF530597EAB7, 445E6ECBA0DB169B52B68CC05ACD3E5F2D69CE6F06FD31667247FC17D24C1EDF ] D:\WINDOWS\system32\autochk.exe
10:59:39.0906 0x047c D:\WINDOWS\system32\autochk.exe - ok
10:59:39.0906 0x047c [ 5251425B86EA4A3532B8BB8D14044E61, 3A5F57DA2C2B4C1BA5B5B356379D0B12C358EA76642856DD607422B656EF4985 ] D:\WINDOWS\system32\sfcfiles.dll
10:59:39.0906 0x047c D:\WINDOWS\system32\sfcfiles.dll - ok
10:59:39.0906 0x047c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] D:\WINDOWS\system32\drivers\cdfs.sys
10:59:39.0906 0x047c D:\WINDOWS\system32\drivers\cdfs.sys - ok
10:59:39.0921 0x047c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] D:\WINDOWS\system32\drivers\usbstor.sys
10:59:39.0921 0x047c D:\WINDOWS\system32\drivers\usbstor.sys - ok
10:59:39.0921 0x047c [ 1AF592532532A402ED7C060F6954004F, 84A55432A7FBBD1B84FF8DD1BD84266747E4A88297BDAA84AAD12F13B848BFF2 ] D:\WINDOWS\system32\drivers\hidclass.sys
10:59:39.0921 0x047c D:\WINDOWS\system32\drivers\hidclass.sys - ok
10:59:39.0921 0x047c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] D:\WINDOWS\system32\drivers\hidusb.sys
10:59:39.0921 0x047c D:\WINDOWS\system32\drivers\hidusb.sys - ok
10:59:39.0921 0x047c [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] D:\WINDOWS\system32\drivers\usbccgp.sys
10:59:39.0921 0x047c D:\WINDOWS\system32\drivers\usbccgp.sys - ok
10:59:39.0921 0x047c [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] D:\WINDOWS\system32\drivers\mouhid.sys
10:59:39.0921 0x047c D:\WINDOWS\system32\drivers\mouhid.sys - ok
10:59:39.0937 0x047c [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] D:\WINDOWS\system32\drivers\dxapi.sys
10:59:39.0937 0x047c D:\WINDOWS\system32\drivers\dxapi.sys - ok
10:59:39.0937 0x047c [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] D:\WINDOWS\system32\watchdog.sys
10:59:39.0937 0x047c D:\WINDOWS\system32\watchdog.sys - ok
10:59:39.0937 0x047c [ 261BC0644BEFEF7D3DB5E45D244866FA, 8A55EB0C9D849B41A7902BEF94BAD759654AE70ABD5D1A7CFF68AA9A831823B1 ] D:\WINDOWS\system32\win32k.sys
10:59:39.0937 0x047c D:\WINDOWS\system32\win32k.sys - ok
10:59:39.0937 0x047c [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] D:\WINDOWS\system32\basesrv.dll
10:59:39.0937 0x047c D:\WINDOWS\system32\basesrv.dll - ok
10:59:39.0953 0x047c [ D192E1ECA15213F90601FF4DF5683C15, 6AED1CFE6190A12171A97E1BC333E99ECEC891F0E86DE74C32A640025359AA8B ] D:\WINDOWS\system32\csrsrv.dll
10:59:39.0953 0x047c D:\WINDOWS\system32\csrsrv.dll - ok
10:59:39.0953 0x047c [ 9B22AAE3566AEFEE33CE498DBE0D2FD2, C2AD4DA8DB58BE4DB12FE93451F24D3070C591BB4E8D56FA1505A7CD3BAD6E4D ] D:\WINDOWS\system32\csrss.exe
10:59:39.0953 0x047c D:\WINDOWS\system32\csrss.exe - ok
10:59:39.0953 0x047c [ ADDA37626598A6F5ED786195EAC26A4F, 5484A37A3E5265DCE0D2AB4C6A3F0D6E7A3F8BD482BCF9E473DA414483AC7861 ] D:\WINDOWS\system32\gdi32.dll
10:59:39.0953 0x047c D:\WINDOWS\system32\gdi32.dll - ok
10:59:39.0953 0x047c [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] D:\WINDOWS\system32\winsrv.dll
10:59:39.0953 0x047c D:\WINDOWS\system32\winsrv.dll - ok
10:59:39.0953 0x047c [ 4C897C69754D88F496339B1A666907C1, 39C9F8330E87D81EC3955E8D41218CC0EB1799915A13F3ADCED5A0E4DA596949 ] D:\WINDOWS\system32\kernel32.dll
10:59:39.0953 0x047c D:\WINDOWS\system32\kernel32.dll - ok
10:59:39.0968 0x047c [ B0050CC5340E3A0760DD8B417FF7AEBD, 340C042C78E55824F2D84D83E03E6C5CA0F44B329245AC2F4C034F2CB4306F53 ] D:\WINDOWS\system32\user32.dll
10:59:39.0968 0x047c D:\WINDOWS\system32\user32.dll - ok
10:59:39.0968 0x047c [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] D:\WINDOWS\system32\drivers\dxg.sys
10:59:39.0968 0x047c D:\WINDOWS\system32\drivers\dxg.sys - ok
10:59:39.0968 0x047c [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] D:\WINDOWS\system32\drivers\dxgthk.sys
10:59:39.0968 0x047c D:\WINDOWS\system32\drivers\dxgthk.sys - ok
10:59:39.0968 0x047c [ A06014D0934F17FA5A567FAEB42118D9, 5F25A45975301B8E8012C8A665814A1D95BD4516E2AEBC8E6588B7264C702B35 ] D:\WINDOWS\system32\ati2dvag.dll
10:59:39.0968 0x047c D:\WINDOWS\system32\ati2dvag.dll - ok
10:59:39.0968 0x047c [ BEF558BEDEC2B5F2728D0AAE8EDBDC20, 9F14F75A3A0FA608E5CD0CBB98D86627E8287CC55E1F74BA9D0C0C5F9D7BC752 ] D:\WINDOWS\system32\ati2cqag.dll
10:59:39.0968 0x047c D:\WINDOWS\system32\ati2cqag.dll - ok
10:59:39.0984 0x047c [ 44F99CA575CEEBA6819578C4F170FCAC, 49B1223095F9DF3374C8A80C57D59D2C57F9877AD721259C058DE9233C00A7D0 ] D:\WINDOWS\system32\atikvmag.dll
10:59:39.0984 0x047c D:\WINDOWS\system32\atikvmag.dll - ok
10:59:39.0984 0x047c [ 95C6B8206B8A55D89CD517675583AA4B, 1ACD1B84C93DE18921AC6B5765FAA9B3577420FCA9047A7BEC6017D4208C3415 ] D:\WINDOWS\system32\vga.dll
10:59:39.0984 0x047c D:\WINDOWS\system32\vga.dll - ok
10:59:39.0984 0x047c [ E129E32C09F5B2F3A1C61C264691500E, 1B83CDB3243A5BEA468C7A680511EFF6F0D53CDC71151C202C456C002A4EAA58 ] D:\WINDOWS\system32\atiok3x2.dll
10:59:39.0984 0x047c D:\WINDOWS\system32\atiok3x2.dll - ok
10:59:39.0984 0x047c [ 167395C27BE91BCD950CED197FE7A5E4, D9CB7DE0AC5E4430F270AA3EABCD4BC76EFD521723534F1A19CD252A84C492B9 ] D:\WINDOWS\system32\ati3duag.dll
10:59:39.0984 0x047c D:\WINDOWS\system32\ati3duag.dll - ok
10:59:40.0000 0x047c [ BC3BBAEC284D360CD37E1E035929C6D8, A3E653103EAC08980A64116561D8A36D53953E69AF5359FFA30499F7C7D0C6E3 ] D:\WINDOWS\system32\ativvaxx.dll
10:59:40.0000 0x047c D:\WINDOWS\system32\ativvaxx.dll - ok
10:59:40.0000 0x047c [ F09A527B422E25C478E38CAA0E44417A, 8E4D860C5C753B657A1BCB42579556E582CBDAABF07EAE59F81519AC6997ACCB ] D:\WINDOWS\system32\winlogon.exe
10:59:40.0000 0x047c D:\WINDOWS\system32\winlogon.exe - ok
10:59:40.0000 0x047c [ 53E1CCF332A2F40B5E08476921CD8B44, BBD472701811695EB8BD06CB3DFAF07D2632E1D271B387395455FE9B274CB470 ] D:\WINDOWS\system32\advapi32.dll
10:59:40.0000 0x047c D:\WINDOWS\system32\advapi32.dll - ok
10:59:40.0000 0x047c [ E7E67C2EE5A306B2AF30D4B446248E34, 7A7818135AC2B4E3512A1488E7808DDCD8426C32024C7C2FBF0C6F0FE305AFF2 ] D:\WINDOWS\system32\rpcrt4.dll
10:59:40.0000 0x047c D:\WINDOWS\system32\rpcrt4.dll - ok
10:59:40.0000 0x047c [ 7CB4DF6D66F99E6C5E09ADFBE29E0275, 1FBE28BD0A6431DC294EE5EE373205CF858A8991A9FE43C9FB5A6B540EE1ECD7 ] D:\WINDOWS\system32\secur32.dll
10:59:40.0000 0x047c D:\WINDOWS\system32\secur32.dll - ok
10:59:40.0015 0x047c [ 8B171E51F5486FC0ACE108BE3E76B1E0, 5FF8172ACB26707FA6689CE6BDFAAA6DF0CEAE9818931496CF39DDE04FBA61FE ] D:\WINDOWS\system32\authz.dll
10:59:40.0015 0x047c D:\WINDOWS\system32\authz.dll - ok
10:59:40.0015 0x047c [ C6A6E53A0C34EC87883137A6CB87AE5E, AC2BA6B65390258D88B08252037AC77CE7CD0FD7E9CFCC6BB412FF07517A6F63 ] D:\WINDOWS\system32\msvcrt.dll
10:59:40.0015 0x047c D:\WINDOWS\system32\msvcrt.dll - ok
10:59:40.0015 0x047c [ 7727D9C5FFB84E103484D52F978D5DC6, B9E1A1C458B50738F5BEC4C2EEFFCB6E9F0085EA67584936303DCAA9B20C0938 ] D:\WINDOWS\system32\crypt32.dll
10:59:40.0015 0x047c D:\WINDOWS\system32\crypt32.dll - ok
10:59:40.0015 0x047c [ AE8ACAD9F6931ECC0BD9A3751A0AB0C4, 19E5920E1D98004C957759EE5E3E7E63D01F3696A48F7E6A27BA09E71EBF04E0 ] D:\WINDOWS\system32\msasn1.dll
10:59:40.0015 0x047c D:\WINDOWS\system32\msasn1.dll - ok
10:59:40.0015 0x047c [ E500CB5F6FE4C1AF388608A54B32E7F7, FF142DEDD4879F41437AC2999AB52F0274682EA3E60B1010D50087ED80E4A0BA ] D:\WINDOWS\system32\nddeapi.dll
10:59:40.0015 0x047c D:\WINDOWS\system32\nddeapi.dll - ok
10:59:40.0031 0x047c [ 7B40A9A5029111D94AB6B97AF0C9FA5E, C2C20AE04A32657F95AFB47D8F6475B0E471ED9E2172CBBF42D77A13DDAE995F ] D:\WINDOWS\system32\netapi32.dll
10:59:40.0031 0x047c D:\WINDOWS\system32\netapi32.dll - ok
10:59:40.0031 0x047c [ B50FBE927DA41AB4A151663F59664B82, CED5ECDDAC5A3CAE51543421F85E853DEAA1C519850F2BD5A1BA9C3A3AF849A8 ] D:\WINDOWS\system32\profmap.dll
10:59:40.0031 0x047c D:\WINDOWS\system32\profmap.dll - ok
10:59:40.0031 0x047c [ 8CB206B85C69B8FB0E7AD1E949BF3194, 8E0F48856A1E59CCFA2A520B8311EBA12299CE4E748F28E81DC2C0462785F2A3 ] D:\WINDOWS\system32\userenv.dll
10:59:40.0031 0x047c D:\WINDOWS\system32\userenv.dll - ok
10:59:40.0031 0x047c [ D0112D84372AB2C47DC9755696354CE6, 12A66C2C1C96DFD871579E19A318FD371191F4D65A1F3C61339CB9BC4C52656C ] D:\WINDOWS\system32\psapi.dll
10:59:40.0031 0x047c D:\WINDOWS\system32\psapi.dll - ok
10:59:40.0031 0x047c [ 06C0391672FB97E017B431076F455857, 6E09ABAD4442E294185D9CE215BAAFFA05174C4F5CC364D981C239EAEA9FA2CB ] D:\WINDOWS\system32\regapi.dll
10:59:40.0031 0x047c D:\WINDOWS\system32\regapi.dll - ok
10:59:40.0046 0x047c [ 5B04BC7C5AF0E2A0A8EC402B2FCBD9E5, 6F0654C8E490149005CCC910909D26167B49A3DBD2F7F551FBF2A94911CCFEA9 ] D:\WINDOWS\system32\setupapi.dll
10:59:40.0046 0x047c D:\WINDOWS\system32\setupapi.dll - ok
Geändert von tymara (30.11.2014 um 11:28 Uhr) |
|
30.11.2014, 11:29
| #6 |
| | Trojan.Agent in syshost.exe hier gehts weiter: Code:
ATTFilter 10:59:40.0046 0x047c D:\WINDOWS\system32\setupapi.dll - ok
10:59:40.0046 0x047c [ F86000634319F71535BCE6B06995EE99, E88CAA85659500DEE3234571267FFEB557A8FB5155EE7FDE8E0D4D84F62E6CCA ] D:\WINDOWS\system32\version.dll
10:59:40.0046 0x047c D:\WINDOWS\system32\version.dll - ok
10:59:40.0046 0x047c [ 24EEC6968BF76464609B2C96523976B8, 283E845CF4088C468F12088579277E93C6B35D2DD588A7C16EC1E19142D40FF9 ] D:\WINDOWS\system32\imagehlp.dll
10:59:40.0046 0x047c D:\WINDOWS\system32\imagehlp.dll - ok
10:59:40.0046 0x047c [ 455AEC2D466FB582D1CB0EF49CE8EDEC, A38530673546363DA970952DE80482DF739BC8EEFFA99D1EA61345C9A59D21DD ] D:\WINDOWS\system32\winsta.dll
10:59:40.0046 0x047c D:\WINDOWS\system32\winsta.dll - ok
10:59:40.0062 0x047c [ 493A290C0D641E22578129BE23F2CA82, 77C87A214C1F05DE856569A06AE977CC1AEF9647048E8CE185E49644C7E02622 ] D:\WINDOWS\system32\wintrust.dll
10:59:40.0062 0x047c D:\WINDOWS\system32\wintrust.dll - ok
10:59:40.0062 0x047c [ 3C1708C5C05910FE495D832C6536ED78, 81E86FB3590E786D129EE6F653B32D5114F432AD3321CE7FA60A89D979B89A7D ] D:\WINDOWS\system32\kbdgr.dll
10:59:40.0062 0x047c D:\WINDOWS\system32\kbdgr.dll - ok
10:59:40.0062 0x047c [ C7D8A0517CBF16B84F657DE87EBE9D4B, B69AAEE7E28375F16C0F2746AFD28C58C7968068C140A2C83838A74A4907F084 ] D:\WINDOWS\system32\ws2help.dll
10:59:40.0062 0x047c D:\WINDOWS\system32\ws2help.dll - ok
10:59:40.0062 0x047c [ 6A35E2D6F5F052C84EC2CEB296389439, 0349BA3243BC91149D6394F5CB3B114934DA5FBB953A8A59AFA90156029D1163 ] D:\WINDOWS\system32\ws2_32.dll
10:59:40.0062 0x047c D:\WINDOWS\system32\ws2_32.dll - ok
10:59:40.0062 0x047c [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] D:\WINDOWS\system32\kbdus.dll
10:59:40.0062 0x047c D:\WINDOWS\system32\kbdus.dll - ok
10:59:40.0078 0x047c [ BEEB23CAA0A08CBECB13D55C1922C86E, 30F8A3F4785757272E1B8598F0361C27BBE4572932B5DB0D931354C04400B907 ] D:\WINDOWS\system32\msgina.dll
10:59:40.0078 0x047c D:\WINDOWS\system32\msgina.dll - ok
10:59:40.0078 0x047c [ AD28671D1B83A386B070DC451A113C13, D906178EC646A26AA9B7E82371E6D7347866713A7071EBFEC18B3E04BF7DD570 ] D:\WINDOWS\system32\comctl32.dll
10:59:40.0078 0x047c D:\WINDOWS\system32\comctl32.dll - ok
10:59:40.0078 0x047c [ 96E31F7B305D0CD510950B945E2ED829, EC0896B347BD376CB00C52A2403B8227C7259E257E89548663EA8A0C48AA4635 ] D:\WINDOWS\system32\comdlg32.dll
10:59:40.0078 0x047c D:\WINDOWS\system32\comdlg32.dll - ok
10:59:40.0078 0x047c [ 220A7166831EE2B71F07010E70AFA34A, 30D15911013394AE769E645C89CDC5D38BF4C4ABDF88208DFDA96A66A9831C0D ] D:\WINDOWS\system32\odbc32.dll
10:59:40.0078 0x047c D:\WINDOWS\system32\odbc32.dll - ok
10:59:40.0078 0x047c [ 0721590C8C1E99FB4286F1EEA65731C2, 7B48BE620AA2BB9049C2EBEB06B123F5ED5ECED4E7B3AC84D780B17FDD68114F ] D:\WINDOWS\system32\shell32.dll
10:59:40.0078 0x047c D:\WINDOWS\system32\shell32.dll - ok
10:59:40.0093 0x047c [ 21F5F91A49CADC4AB873417F54D17D25, DFCC0AEB47DE305ECFCED6349624393ED9C0CA343AD25F3A7E37FA47B75B4F57 ] D:\WINDOWS\system32\shlwapi.dll
10:59:40.0093 0x047c D:\WINDOWS\system32\shlwapi.dll - ok
10:59:40.0093 0x047c [ 353FC7A3091E25F831439E94082C9B35, 2B40A7EC4BFB6DA4775C70192DD3113B9A87C22054BE3C1BDB2B394F01BE0310 ] D:\WINDOWS\system32\sxs.dll
10:59:40.0093 0x047c D:\WINDOWS\system32\sxs.dll - ok
10:59:40.0093 0x047c [ 3C93CE6C6985C55952B7BE6673E9FD15, 1F0D2D8F9739063FF5EAFEFB50D20C235E50CCBB924F6B473E8EBAA5C6BA7619 ] D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
10:59:40.0093 0x047c D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - ok
10:59:40.0093 0x047c [ 4E7F74CFC0DBB2DB988A8A460A603407, 30B439F2FDAFD3FC8F5AA3A987F4C2430486F674BFC0FECCA7DC3B6AE342A4E3 ] D:\WINDOWS\system32\odbcint.dll
10:59:40.0093 0x047c D:\WINDOWS\system32\odbcint.dll - ok
10:59:40.0109 0x047c [ 44161A59DC33AC2EA9C95438ADFFFB7F, 4287C019D707FB601D33779AFA360289EF7775B8E47D438AA3B7ECF68A0D127B ] D:\WINDOWS\system32\sfc.dll
10:59:40.0109 0x047c D:\WINDOWS\system32\sfc.dll - ok
10:59:40.0109 0x047c [ D110369E8D883029325B77D7E1B7B2AD, 81856C906386D11DAC8044477914FF3E4B79EC8CF5EF85DA4B41E230EF7A3749 ] D:\WINDOWS\system32\sfc_os.dll
10:59:40.0109 0x047c D:\WINDOWS\system32\sfc_os.dll - ok
10:59:40.0109 0x047c [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] D:\WINDOWS\system32\shsvcs.dll
10:59:40.0109 0x047c D:\WINDOWS\system32\shsvcs.dll - ok
10:59:40.0109 0x047c [ E08D638BA3D3DD6DF6E31216AB66AE0B, 4CD060A85D194173FA296A56D98D0EFF1C1873C0CE087EA724521D8D97C77BEE ] D:\WINDOWS\system32\ole32.dll
10:59:40.0109 0x047c D:\WINDOWS\system32\ole32.dll - ok
10:59:40.0109 0x047c [ 07CBC9E96C70214034E00136D5642492, 43C2E921044C11D7EBDC34F6AC1C0C05CA6767D3FB15EB11C6FD81C7B667F82A ] D:\WINDOWS\system32\apphelp.dll
10:59:40.0109 0x047c D:\WINDOWS\system32\apphelp.dll - ok
10:59:40.0125 0x047c [ CB28AF8C4F50DDD91D1DB253DF0C2679, 877CFD7E55CB4C92B81D10156467574DCA49928EC1369DBD0F65BC8A7C0E68A5 ] D:\WINDOWS\system32\lsasrv.dll
10:59:40.0125 0x047c D:\WINDOWS\system32\lsasrv.dll - ok
10:59:40.0125 0x047c [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] D:\WINDOWS\system32\lsass.exe
10:59:40.0125 0x047c D:\WINDOWS\system32\lsass.exe - ok
10:59:40.0125 0x047c [ 243955BFA314C7D48D7A6D5BC4A9922A, 5DC34BE9D5670A59B10F36438000EB7A48F90E47CBE8EAC568CA0FB13761A2F0 ] D:\WINDOWS\system32\msvcp60.dll
10:59:40.0125 0x047c D:\WINDOWS\system32\msvcp60.dll - ok
10:59:40.0125 0x047c [ 2957CF1BDDCF21D3F5DB13AD5E406A7B, 78FA6082453DEFFB7CF22DA7783AA6DBBFD5989F48700E5BCF2BCCBA1AA100E7 ] D:\WINDOWS\system32\ncobjapi.dll
10:59:40.0125 0x047c D:\WINDOWS\system32\ncobjapi.dll - ok
10:59:40.0125 0x047c [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] D:\WINDOWS\system32\services.exe
10:59:40.0125 0x047c D:\WINDOWS\system32\services.exe - ok
10:59:40.0140 0x047c [ 7717633EB7A76FBD3FB09BACAB07124E, E65D4DCA692D6EB1EB861999C53B9C1334FAB90312CC540BDE6E6AD6AAD397ED ] D:\WINDOWS\system32\mpr.dll
10:59:40.0140 0x047c D:\WINDOWS\system32\mpr.dll - ok
10:59:40.0140 0x047c [ 37499389DEAE0FF44437AAB7A75DAB73, EB10EE5AA38C22B836EE0C26B55BB1D61024D52CB535218AEA2B21F30A7B307B ] D:\WINDOWS\system32\scesrv.dll
10:59:40.0140 0x047c D:\WINDOWS\system32\scesrv.dll - ok
10:59:40.0140 0x047c [ 292AEB6CBF02DC02445C61EB3F5DAC69, 7D694CF6032AEC7033925E916CDF9172CF8D5EB13798E4AF292922EBAECBD85A ] D:\WINDOWS\system32\dnsapi.dll
10:59:40.0140 0x047c D:\WINDOWS\system32\dnsapi.dll - ok
10:59:40.0140 0x047c [ 8007D5DC09EB8646C03B6D61AACC3B20, 13BB1E57B9202C3418BADFAEFBF420C513759986EB741E423EA76FE024DE8998 ] D:\WINDOWS\system32\ntdsapi.dll
10:59:40.0140 0x047c D:\WINDOWS\system32\ntdsapi.dll - ok
10:59:40.0140 0x047c [ 4B6C449D5AAC708E1BBFDF8BB603E4FA, B0002D30BD4DB250D103B271FF68270F457937C7ED3479B73D061C1E4DF1B94A ] D:\WINDOWS\AppPatch\acadproc.dll
10:59:40.0140 0x047c D:\WINDOWS\AppPatch\acadproc.dll - ok
10:59:40.0156 0x047c [ 6D526EF248128FCEEAD9D35B3744A10B, 3ED8D0CB764250B4B62F77FC27CDFA68043B2765A318A07293FD162307388164 ] D:\WINDOWS\system32\samlib.dll
10:59:40.0156 0x047c D:\WINDOWS\system32\samlib.dll - ok
10:59:40.0156 0x047c [ B5E7026D1CB7D9BCBA0083B9F69683F1, EC3D0746ADE4CA286B778D2A5CEBF4882BCE814F1C7399AE298FB4E1DC979416 ] D:\WINDOWS\system32\shimeng.dll
10:59:40.0156 0x047c D:\WINDOWS\system32\shimeng.dll - ok
10:59:40.0156 0x047c [ 327507F0FD1C410917AD951FE7CAAC2D, 079D71F5E1E0A7ADC31A97FB6F3EA0FD8E4AC49244C34BE058F61A2DD6C6958E ] D:\WINDOWS\system32\umpnpmgr.dll
10:59:40.0156 0x047c D:\WINDOWS\system32\umpnpmgr.dll - ok
10:59:40.0156 0x047c [ FEB0A547DF442F353E1FC83BC7D7AE73, 810563C9A1135AE918DC279DA9CE5FF22AF2C2A678A360A88AE6A033309C55AA ] D:\WINDOWS\system32\wldap32.dll
10:59:40.0156 0x047c D:\WINDOWS\system32\wldap32.dll - ok
10:59:40.0171 0x047c [ 434ADBB2F0875D881D73A9861220A7FD, 0A7AE31AD55A0DF48CDB4BAB82F96920894E2D9E1E9CFBA762CDF144BCC1AF9F ] D:\WINDOWS\system32\samsrv.dll
10:59:40.0171 0x047c D:\WINDOWS\system32\samsrv.dll - ok
10:59:40.0171 0x047c [ 447AF8FE53D79E4F59F9452743C3BB68, ADE7AE92F9360BEDC62A857B1556E72363AE87941F6E9BAB10E2A3A8D639A0A5 ] D:\WINDOWS\system32\cryptdll.dll
10:59:40.0171 0x047c D:\WINDOWS\system32\cryptdll.dll - ok
10:59:40.0171 0x047c [ AC6927F5C5B4A0478BE981E25C4BDDB6, 05381DFF02B6692E586EC8405BA22F4CBD0E64EF5CC73BA22C424FC175C9629E ] D:\WINDOWS\AppPatch\acgenral.dll
10:59:40.0171 0x047c D:\WINDOWS\AppPatch\acgenral.dll - ok
10:59:40.0171 0x047c [ FF452D340940822DF0A1D1BC1D734186, ACFA67E1406A251B7C039FA3D05729A4BFD40DE5049B496BF48D805CE95669C8 ] D:\WINDOWS\system32\winmm.dll
10:59:40.0171 0x047c D:\WINDOWS\system32\winmm.dll - ok
10:59:40.0171 0x047c [ 6AEA30E09213A468AE8F2F6071557246, CD65B04435CA4DBD4FAD9B1CCAB7FD2916A4D01046E7C430DF39C1F56FB376D8 ] D:\WINDOWS\system32\oleaut32.dll
10:59:40.0171 0x047c D:\WINDOWS\system32\oleaut32.dll - ok
10:59:40.0187 0x047c [ 56EB828638033E8DA33A720B22FBBA8A, 6536451650FCA42E0606D201876485D6CF2EB8E597D525076E60681FB4433641 ] D:\WINDOWS\system32\msacm32.dll
10:59:40.0187 0x047c D:\WINDOWS\system32\msacm32.dll - ok
10:59:40.0187 0x047c [ A00674B8ACB5F8726E5AD35202E091D4, CA18E3E5221FF898ACF5465EEF6FB1AAF3EC9ACFDB0E508824B9C6A0A4E64E25 ] D:\WINDOWS\system32\uxtheme.dll
10:59:40.0187 0x047c D:\WINDOWS\system32\uxtheme.dll - ok
10:59:40.0187 0x047c [ FEA07EF8DE796B6956ED23933675CBE8, EEBB4DEFD5C4CF75F92B3311DF8059737BC2B71BD6FE1A46826B8CA0DE150D6E ] D:\WINDOWS\system32\schannel.dll
10:59:40.0187 0x047c D:\WINDOWS\system32\schannel.dll - ok
10:59:40.0187 0x047c [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] D:\WINDOWS\system32\msprivs.dll
10:59:40.0187 0x047c D:\WINDOWS\system32\msprivs.dll - ok
10:59:40.0187 0x047c [ 394CCD355E86092FFDCCA41F8797861E, F4004B50EF25D92CE972EE18845CC91203FE78CC8BBC13EAA891CE2E1FF90B88 ] D:\WINDOWS\system32\kerberos.dll
10:59:40.0187 0x047c D:\WINDOWS\system32\kerberos.dll - ok
10:59:40.0203 0x047c [ 1579CF2100A10C85A4C0758DB66006EE, 85F7087683D5EA1C22E374B313CA9387702BB058BAACCF0A9ADE940497D1C41E ] D:\WINDOWS\system32\msv1_0.dll
10:59:40.0203 0x047c D:\WINDOWS\system32\msv1_0.dll - ok
10:59:40.0203 0x047c [ B65FA22811B17544F24A3E2520F087EF, F22E40A938374ADCCA334F4BA0E75AF517CF2397A27F8F8372D992FCBF100D54 ] D:\WINDOWS\system32\iphlpapi.dll
10:59:40.0203 0x047c D:\WINDOWS\system32\iphlpapi.dll - ok
10:59:40.0203 0x047c [ 0098D35F91DEAB9C127360A877F2CF84, F556E910CAF640CE892B8533B79F5D90F375D8C8C5322EBD153ED762F36A2796 ] D:\WINDOWS\system32\netlogon.dll
10:59:40.0203 0x047c D:\WINDOWS\system32\netlogon.dll - ok
10:59:40.0203 0x047c [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] D:\WINDOWS\system32\rsaenh.dll
10:59:40.0203 0x047c D:\WINDOWS\system32\rsaenh.dll - ok
10:59:40.0203 0x047c [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] D:\WINDOWS\system32\w32time.dll
10:59:40.0203 0x047c D:\WINDOWS\system32\w32time.dll - ok
10:59:40.0218 0x047c [ 22D7E027DD7B81EDAA0BCDCC02449B86, 39DBE05A8A391DE71AEF93956A720B4086CE58549074B2F0C322283472105352 ] D:\WINDOWS\system32\wdigest.dll
10:59:40.0218 0x047c D:\WINDOWS\system32\wdigest.dll - ok
10:59:40.0218 0x047c [ 798D5AE675FD3A9B7CB836112C0EEC78, A83BED504EA1E620A623C27BFEF19800D58E92A7DA55EFB5673F43D530188FD2 ] D:\WINDOWS\system32\winscard.dll
10:59:40.0218 0x047c D:\WINDOWS\system32\winscard.dll - ok
10:59:40.0218 0x047c [ 0752206793CCA5825C0F8E863D83D81E, 44DBF61778B46D4BF3F73A9E4467DD2AC2523CC31211BFBF1AFFEAA1E4D28F72 ] D:\WINDOWS\system32\wtsapi32.dll
10:59:40.0218 0x047c D:\WINDOWS\system32\wtsapi32.dll - ok
10:59:40.0218 0x047c [ 5132443DF6FC3771A17AB4AE55DCBC28, EA8E278FE638FA3ADA33983C2D4AFEB04298EEE87982EE2BA0804751D6BE0CD0 ] D:\WINDOWS\system32\scecli.dll
10:59:40.0218 0x047c D:\WINDOWS\system32\scecli.dll - ok
10:59:40.0218 0x047c [ ECA673779ECD27D674953D692FE070F6, 6FBCAF6C347E06032C63B72261785109D0929BE1B23CA5465995803951954616 ] D:\WINDOWS\system32\ati2evxx.exe
10:59:40.0218 0x047c D:\WINDOWS\system32\ati2evxx.exe - ok
10:59:40.0234 0x047c [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] D:\WINDOWS\system32\drivers\mbam.sys
10:59:40.0234 0x047c D:\WINDOWS\system32\drivers\mbam.sys - ok
10:59:40.0234 0x047c [ FB48C9B0B6382D5AEA6AEEDBDAEA55A3, EDCFB7CBEBCEA04AAF96C2DABD83B338CAB0F367F1E7274FDF973F6B3F0C771C ] D:\WINDOWS\system32\cfgmgr32.dll
10:59:40.0234 0x047c D:\WINDOWS\system32\cfgmgr32.dll - ok
10:59:40.0234 0x047c [ C8C0BDABC966B6C24D337DF0A0A399E1, 2A8376BC6EC1B2A8B632051C47A8A5106B984887774CFEBD2624F58D73BA8E66 ] D:\WINDOWS\system32\powrprof.dll
10:59:40.0234 0x047c D:\WINDOWS\system32\powrprof.dll - ok
10:59:40.0234 0x047c [ 4FBC75B74479C7A6F829E0CA19DF3366, A42568851B48FB9924B3FE18C8A0F3CEECD850254257CFE6C5F168C08F408EF0 ] D:\WINDOWS\system32\svchost.exe
10:59:40.0234 0x047c D:\WINDOWS\system32\svchost.exe - ok
10:59:40.0250 0x047c [ 65ABA37DE32716D6D1164216DB6263BA, DA2C2781F1D9080549CC1E7B0AA3EA1B4C982A96B845853C53B8485BE4A6433E ] D:\WINDOWS\system32\ntmarta.dll
10:59:40.0250 0x047c D:\WINDOWS\system32\ntmarta.dll - ok
10:59:40.0250 0x047c [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] D:\WINDOWS\system32\rpcss.dll
10:59:40.0250 0x047c D:\WINDOWS\system32\rpcss.dll - ok
10:59:40.0250 0x047c [ FDB5E2CA5763E37E1D19B7C4AFAE8055, 054F909CF48C9546F7F7A703AB66A50FE10A76CC384265551896854155A8366C ] D:\WINDOWS\system32\xpsp2res.dll
10:59:40.0250 0x047c D:\WINDOWS\system32\xpsp2res.dll - ok
10:59:40.0250 0x047c [ 04955AA695448C181B367D964AF158AA, 4C6A6FCB3D882D93E1643D8DA555D04625BEE5D6C279FF98879C2A7410635BF2 ] D:\WINDOWS\system32\eventlog.dll
10:59:40.0250 0x047c D:\WINDOWS\system32\eventlog.dll - ok
10:59:40.0250 0x047c [ 68169471FA71B327ED009B80CDDC82DE, 70FDB4F3E4EBA7D93B233D9BDDAAAADE998EE128174A11091AB3C5438C84DD6D ] D:\WINDOWS\system32\ati2edxx.dll
10:59:40.0250 0x047c D:\WINDOWS\system32\ati2edxx.dll - ok
10:59:40.0265 0x047c [ DF585DE3B2AE3CE0FB72EB562BB989A7, 599F391B640FA62AA2F81733791556BEFD4894E71C04C7C3031E184B334A905D ] D:\WINDOWS\system32\atipdlxx.dll
10:59:40.0265 0x047c D:\WINDOWS\system32\atipdlxx.dll - ok
10:59:40.0265 0x047c [ F12B9D9A069331877D006CC81B4735F9, 28EEE4A21412174BE0CAF7B041DAAB8299AA59EA5F6E41B8AFDD1A4DA770C793 ] D:\WINDOWS\system32\mswsock.dll
10:59:40.0265 0x047c D:\WINDOWS\system32\mswsock.dll - ok
10:59:40.0265 0x047c [ 0DAF0705D7B39C94E287913226688804, 6757E08E027B31740DC829F3EF498D45C4D6C1E74CEE7F9711235C15D43AC5A7 ] D:\WINDOWS\system32\hnetcfg.dll
10:59:40.0265 0x047c D:\WINDOWS\system32\hnetcfg.dll - ok
10:59:40.0265 0x047c [ 4934FF44C8B6AE7B4CA0118B3D2CF666, AD33FCDCE79EF82B00AD0B0D08F201C242FA809A110A70968B1D3FB4E7C5170F ] D:\WINDOWS\system32\winrnr.dll
10:59:40.0265 0x047c D:\WINDOWS\system32\winrnr.dll - ok
10:59:40.0265 0x047c [ 41CCC4CD535579D27AEAB485B36CEB9E, 5453E3056EE42579A612BD1A177E3C57A128803189AD8CB91EE2D228FC475D19 ] D:\WINDOWS\system32\wshbth.dll
10:59:40.0265 0x047c D:\WINDOWS\system32\wshbth.dll - ok
10:59:40.0281 0x047c [ 02AF8A799D173C2D0C71F399C03AC9E1, 2337951BAFD3BDCB0102BFAD672354D8C1C2DFDE23AC531F87CE0F0C8B55C851 ] D:\WINDOWS\system32\wshtcpip.dll
10:59:40.0281 0x047c D:\WINDOWS\system32\wshtcpip.dll - ok
10:59:40.0281 0x047c [ 469FED8597896DB77B49384BE90E2E0A, E811D47288AFEC01013A5D907107312A742175384B9BDAC0F9A710EFF70B120B ] D:\WINDOWS\system32\rasadhlp.dll
10:59:40.0281 0x047c D:\WINDOWS\system32\rasadhlp.dll - ok
10:59:40.0281 0x047c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] D:\WINDOWS\system32\drivers\ndisuio.sys
10:59:40.0281 0x047c D:\WINDOWS\system32\drivers\ndisuio.sys - ok
10:59:40.0281 0x047c [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] D:\WINDOWS\system32\dhcpcsvc.dll
10:59:40.0281 0x047c D:\WINDOWS\system32\dhcpcsvc.dll - ok
10:59:40.0296 0x047c [ 8C9ED3B2834AAE63081AB2DA831C6FE9, 87D2931A5CD3658A28072BEC3F28384B91CC3B19D072CE9C69F119B80671C163 ] D:\WINDOWS\system32\dnsrslvr.dll
10:59:40.0296 0x047c D:\WINDOWS\system32\dnsrslvr.dll - ok
10:59:40.0296 0x047c [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] D:\WINDOWS\system32\lmhsvc.dll
10:59:40.0296 0x047c D:\WINDOWS\system32\lmhsvc.dll - ok
10:59:40.0296 0x047c [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] D:\WINDOWS\system32\wzcsvc.dll
10:59:40.0296 0x047c D:\WINDOWS\system32\wzcsvc.dll - ok
10:59:40.0296 0x047c [ 6F5ABF78CEB2A64DAC1CD8A8A04E30A5, 8524937F4B8CB1E3BA8737BA36952B2913A42BBCC4890664A616EEF591641FB0 ] D:\WINDOWS\system32\atl.dll
10:59:40.0296 0x047c D:\WINDOWS\system32\atl.dll - ok
10:59:40.0296 0x047c [ 6B08275230504D5112CE379A3D9DF8D9, 4E8342BDACA2A721FCB16F76DF0F3B5408F1AE4856CEA6F71A51E9DFDA15D0E0 ] D:\WINDOWS\system32\dot3api.dll
10:59:40.0296 0x047c D:\WINDOWS\system32\dot3api.dll - ok
10:59:40.0312 0x047c [ 27EE4C04D81A9B5658C819C43221598B, 51650B93D67732BFB5E1FA156A320607E233A36047064E9843E3E15498A22547 ] D:\WINDOWS\system32\eapolqec.dll
10:59:40.0312 0x047c D:\WINDOWS\system32\eapolqec.dll - ok
10:59:40.0312 0x047c [ EC9DB893C89020C2B95D301429535162, C08DD59C71C3ACEAA5491D1AC10237FBE64962DC66DA9BB981A09B62658EFBF7 ] D:\WINDOWS\system32\esent.dll
10:59:40.0312 0x047c D:\WINDOWS\system32\esent.dll - ok
10:59:40.0312 0x047c [ 06BE178035B554A7638CC45030DFB7A5, AEEDDA78470A951B742B04F9FD429006EFCB0E9097BE871037B3931F2D997745 ] D:\WINDOWS\system32\qutil.dll
10:59:40.0312 0x047c D:\WINDOWS\system32\qutil.dll - ok
10:59:40.0312 0x047c [ 7CC640E3B8D427752F1D5B1093609338, 1CB2CFBE00D6017736E2CA40E2A8B7344427C864BDAD2E936AD76D9B88360114 ] D:\WINDOWS\system32\rtutils.dll
10:59:40.0312 0x047c D:\WINDOWS\system32\rtutils.dll - ok
10:59:40.0312 0x047c [ 43AD9160D7AF6E7EAD00B485EBBAB6A5, BCC321C85162CA13482323B00028880854B7EC5B9BF53FE28B93EB01A73C43C8 ] D:\WINDOWS\system32\wmi.dll
10:59:40.0312 0x047c D:\WINDOWS\system32\wmi.dll - ok
10:59:40.0328 0x047c [ 78CC39AD817831F5BAD2B5D79A299F25, A5146E0FDD520AFA62F7A7B1C403E86DC2C6F7139BD9F1FD28B77473CF753117 ] D:\WINDOWS\system32\clbcatq.dll
10:59:40.0328 0x047c D:\WINDOWS\system32\clbcatq.dll - ok
10:59:40.0328 0x047c [ D0DE8A2EC95184E5193BB4B3112E29DF, 533EDAC06B30E3BA7BC65398D2C1067A0B6015E17A339439DECCD2B13EC1E9BB ] D:\WINDOWS\system32\comres.dll
10:59:40.0328 0x047c D:\WINDOWS\system32\comres.dll - ok
10:59:40.0328 0x047c [ B1CDCB462C2B50F0D66E755D2B285820, 51655195D017FEEF9AA4039D493C840BDDDC4258C8723C58C562A69355C9C2C2 ] D:\WINDOWS\system32\rastls.dll
10:59:40.0328 0x047c D:\WINDOWS\system32\rastls.dll - ok
10:59:40.0328 0x047c [ DB326A97E844964AF487D6FFDE28256B, 939E16FD9AD3D9D91DAA858802FD84045AD743B4126DB9A2E0930CC117547AEB ] D:\WINDOWS\system32\ati2evxx.dll
10:59:40.0328 0x047c D:\WINDOWS\system32\ati2evxx.dll - ok
10:59:40.0328 0x047c [ 8395FB1049CB49B2C14C3CACDF9B2B5A, 0253C0A8B38AECE84BC602EB626FF6D147EACEFB31BC6DA5FACDB1588C3645A4 ] D:\WINDOWS\system32\cryptui.dll
10:59:40.0328 0x047c D:\WINDOWS\system32\cryptui.dll - ok
10:59:40.0343 0x047c [ F2FBB810CEE3E25F8F923959C400E457, A63C42197D321B1BEB44C7BD28AD74BA27D7AD9D33387BEC5759E8AEB63E3D6E ] D:\WINDOWS\system32\logonui.exe
10:59:40.0343 0x047c D:\WINDOWS\system32\logonui.exe - ok
10:59:40.0343 0x047c [ BDB7897C7845025C085EA76B7210150E, F99F1B4ECED2094B622BD81FC7EA9D1EB283350A9AFEE5B56843ED8BA8C2E002 ] D:\WINDOWS\system32\duser.dll
10:59:40.0343 0x047c D:\WINDOWS\system32\duser.dll - ok
10:59:40.0343 0x047c [ D1A962D2DA4241977634365E33DB2417, D589D6D92FD916A06C8024CCD48B31045E66963D98263DFC53A055662CEA2737 ] D:\WINDOWS\system32\cscdll.dll
10:59:40.0343 0x047c D:\WINDOWS\system32\cscdll.dll - ok
10:59:40.0343 0x047c [ DC4E223F5813150073FB5CC63D13293B, 7420E02BD2C81B74E2F9CDFA7B43F087EFE0D086A85DED453B4B65A3280B1A8A ] D:\WINDOWS\system32\msimg32.dll
10:59:40.0343 0x047c D:\WINDOWS\system32\msimg32.dll - ok
10:59:40.0359 0x047c [ 2449D2A51EA2083FA05058F7CEF44714, 3291589AEC31C553C35B54B2D9082BB83035ADA5B68ABBB351E3AE3E0A9ED18B ] D:\WINDOWS\system32\dimsntfy.dll
10:59:40.0359 0x047c D:\WINDOWS\system32\dimsntfy.dll - ok
10:59:40.0359 0x047c [ DF2A4BD2F67F35D803F5342046BA07C6, 6F3E349F90AD65D8777ED6930838A67393892CA082511B211938009BD8E958E0 ] D:\WINDOWS\system32\oleacc.dll
10:59:40.0359 0x047c D:\WINDOWS\system32\oleacc.dll - ok
10:59:40.0359 0x047c [ B4AEE98A48917B274FACFB78BBE0BC84, D5E64C865B09B54212A5D80BE757E01FB8E8486CA2C95D3387CC2869E0A484D0 ] D:\WINDOWS\system32\wininet.dll
10:59:40.0359 0x047c D:\WINDOWS\system32\wininet.dll - ok
10:59:40.0359 0x047c [ C310CEAF283A8B5D4100E7C81E711F74, C9BE6CF66EE33FBF8295F66C6A5EA27D1FA503C950940A425E48DD0182DC77BD ] D:\WINDOWS\system32\mprapi.dll
10:59:40.0359 0x047c D:\WINDOWS\system32\mprapi.dll - ok
10:59:40.0359 0x047c [ E12D149442BBFEA6AA952327B2EA0079, FCCF3B9436632628DF34472DBE61B6DE5FE3C71280420DA23DF0769BEA2E3792 ] D:\WINDOWS\system32\winspool.drv
10:59:40.0359 0x047c D:\WINDOWS\system32\winspool.drv - ok
10:59:40.0375 0x047c [ 85D87ABB3889CE139BFFD7C7CBAC396B, 940BC0718EE819500A12F6F6D29CEE87C320CC37284DE591A3DC72545972A14C ] D:\WINDOWS\system32\wlnotify.dll
10:59:40.0375 0x047c D:\WINDOWS\system32\wlnotify.dll - ok
10:59:40.0375 0x047c [ 210199B7F3F632A95C29C916B040EABE, D535E25C508CD2CF2DB7C6FF9DE5E542590E152A90F9DD494B9D3AD358462B39 ] D:\WINDOWS\system32\activeds.dll
10:59:40.0375 0x047c D:\WINDOWS\system32\activeds.dll - ok
10:59:40.0375 0x047c [ DEF910C95F7C0C9B36C9A90EE25C924E, 3685026FC70CA6B0F40962C87D5A5B4B0B24EDDB68AA8CD5D4586EBD6C6B1238 ] D:\WINDOWS\system32\adsldpc.dll
10:59:40.0375 0x047c D:\WINDOWS\system32\adsldpc.dll - ok
10:59:40.0375 0x047c [ 8DD8B3F22B6E6E62D6D113AB319D1839, A807EC807945DB938D24A17152CBB939A612FF27D0377B8E29133B2CD3BB76DD ] D:\WINDOWS\system32\shgina.dll
10:59:40.0375 0x047c D:\WINDOWS\system32\shgina.dll - ok
10:59:40.0375 0x047c [ FC5F5F2EC1676C7CD898155B6546D2AE, 03590813360B76FD7B27D7FA19FA418FCA135ED4B31E205043F26673C9012795 ] D:\WINDOWS\system32\rasapi32.dll
10:59:40.0375 0x047c D:\WINDOWS\system32\rasapi32.dll - ok
10:59:40.0390 0x047c [ D4A61C9CFD998B132541C658E60C239D, 36A935942C1AF961EAEDE0D15DE889B9F4DAC36E24DD1666ABB685AE3691B71F ] D:\WINDOWS\system32\rasman.dll
10:59:40.0390 0x047c D:\WINDOWS\system32\rasman.dll - ok
10:59:40.0390 0x047c [ 995857A5138976FAEE6455F00033F607, 46EBA315DA3DC227A1173D9A6F1EA1242A8C20F54BEFF20BB83A2D09636B2458 ] D:\WINDOWS\system32\tapi32.dll
10:59:40.0390 0x047c D:\WINDOWS\system32\tapi32.dll - ok
10:59:40.0390 0x047c [ B4B91D8615D022B4143B9AED662008D1, EE719D9ACEBBC92D59E150423884E25343B1D6E0447555CF5588E2D1477BD2F7 ] D:\WINDOWS\system32\riched20.dll
10:59:40.0390 0x047c D:\WINDOWS\system32\riched20.dll - ok
10:59:40.0390 0x047c [ FED5D601190B0CCD6A625C92FACDDC74, 93BACE8F4895E7AE5420FCA94673975CE2A099A393B8410D9A7F2DEB806F123B ] D:\WINDOWS\system32\raschap.dll
10:59:40.0390 0x047c D:\WINDOWS\system32\raschap.dll - ok
10:59:40.0406 0x047c [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] D:\WINDOWS\system32\schedsvc.dll
10:59:40.0406 0x047c D:\WINDOWS\system32\schedsvc.dll - ok
10:59:40.0406 0x047c [ C52B07091AD6E6201FA535686E5642FA, 95E646E10B611BC6B63257AB84012543AD82CF2995B348E367116264E5FA475D ] D:\WINDOWS\system32\msidle.dll
10:59:40.0406 0x047c D:\WINDOWS\system32\msidle.dll - ok
10:59:40.0406 0x047c [ 39356A9CDB6753A6D13A4072A9F5A4BB, 7E41478460B0FFE7606F245B74AD60244816F4523FD4355C26BADF724BCE6575 ] D:\WINDOWS\system32\spoolsv.exe
10:59:40.0406 0x047c D:\WINDOWS\system32\spoolsv.exe - ok
10:59:40.0406 0x047c [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] D:\WINDOWS\system32\audiosrv.dll
10:59:40.0406 0x047c D:\WINDOWS\system32\audiosrv.dll - ok
10:59:40.0406 0x047c [ C0DB1E9367681ECD7ECCA9615C1D0F9B, 0CB18C35032E39163645C1761A9488639D2EF0643D856FDAA013BFF8A69DC744 ] D:\WINDOWS\system32\wkssvc.dll
10:59:40.0406 0x047c D:\WINDOWS\system32\wkssvc.dll - ok
10:59:40.0421 0x047c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] D:\WINDOWS\system32\drivers\mrxdav.sys
10:59:40.0421 0x047c D:\WINDOWS\system32\drivers\mrxdav.sys - ok
10:59:40.0421 0x047c [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] D:\WINDOWS\system32\webclnt.dll
10:59:40.0421 0x047c D:\WINDOWS\system32\webclnt.dll - ok
10:59:40.0421 0x047c [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] D:\WINDOWS\system32\drivers\parvdm.sys
10:59:40.0421 0x047c D:\WINDOWS\system32\drivers\parvdm.sys - ok
10:59:40.0421 0x047c [ F0C803D84B89B2EA3CDB5580CECC15E3, 03E6A3261DDA5341B294CA1742E6569EB805038A31EA6C969318FB280A3CCBBA ] D:\WINDOWS\system32\wsock32.dll
10:59:40.0421 0x047c D:\WINDOWS\system32\wsock32.dll - ok
10:59:40.0421 0x047c [ 7E7D8DD0AFC6EFAA7F39CCF7B222D751, 244946BB067BBD573570417A3C042412A2CFC2AEED23411DB30A1223C2D733DD ] D:\WINDOWS\system32\certcli.dll
10:59:40.0421 0x047c D:\WINDOWS\system32\certcli.dll - ok
10:59:40.0437 0x047c [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] D:\WINDOWS\system32\cryptsvc.dll
10:59:40.0437 0x047c D:\WINDOWS\system32\cryptsvc.dll - ok
10:59:40.0437 0x047c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] D:\WINDOWS\system32\drivers\fastfat.sys
10:59:40.0437 0x047c D:\WINDOWS\system32\drivers\fastfat.sys - ok
10:59:40.0437 0x047c [ 9696786759C4B43FA5C894747E893EA2, 4E68CD3A109EF892F09E2A2E7805A53969B512E7F427A09880E2C2082513929F ] D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
10:59:40.0437 0x047c D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe - ok
10:59:40.0437 0x047c [ 86F1895AE8C5E8B17D99ECE768A70732, 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE ] D:\Programme\Gemeinsame Dateien\LightScribe\msvcr71.dll
10:59:40.0437 0x047c D:\Programme\Gemeinsame Dateien\LightScribe\msvcr71.dll - ok
10:59:40.0437 0x047c [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] D:\WINDOWS\system32\dmserver.dll
10:59:40.0437 0x047c D:\WINDOWS\system32\dmserver.dll - ok
10:59:40.0453 0x047c [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] D:\WINDOWS\system32\ersvc.dll
10:59:40.0453 0x047c D:\WINDOWS\system32\ersvc.dll - ok
10:59:40.0453 0x047c [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C, 8FB19E57429EA5C35C43DADC9C37088A9AD6D039067DA7920DD6A3C9287D0FED ] D:\WINDOWS\system32\es.dll
10:59:40.0453 0x047c D:\WINDOWS\system32\es.dll - ok
10:59:40.0453 0x047c [ 561FA2ABB31DFA8FAB762145F81667C2, DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B ] D:\Programme\Gemeinsame Dateien\LightScribe\msvcp71.dll
10:59:40.0453 0x047c D:\Programme\Gemeinsame Dateien\LightScribe\msvcp71.dll - ok
10:59:40.0453 0x047c [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
10:59:40.0453 0x047c D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
10:59:40.0453 0x047c [ 8E1714FC6103F585F00CF2FA883EB33A, A50446B68792AAE4409F4CF150052835D86760FFE49E9D27B5BB719339C1E223 ] D:\WINDOWS\system32\hid.dll
10:59:40.0453 0x047c D:\WINDOWS\system32\hid.dll - ok
10:59:40.0468 0x047c [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] D:\WINDOWS\system32\hidserv.dll
10:59:40.0468 0x047c D:\WINDOWS\system32\hidserv.dll - ok
10:59:40.0468 0x047c [ A3962F4BBFE699B7EFFBBADE608E314F, C25CC5F546BE13C4632009C4D30522AC7EA4AAA76D88C70E11B336BBD2FE48B4 ] D:\WINDOWS\system32\netmsg.dll
10:59:40.0468 0x047c D:\WINDOWS\system32\netmsg.dll - ok
10:59:40.0468 0x047c [ D6EB4916B203CBE525F8EFF5FD5AB16C, 93C0F25E7D018B85FE8725EF39F25AED80698D39356FA8FC9CA534F68C430EE8 ] D:\WINDOWS\system32\srvsvc.dll
10:59:40.0468 0x047c D:\WINDOWS\system32\srvsvc.dll - ok
10:59:40.0468 0x047c [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] D:\Programme\Malwarebam\mbamscheduler.exe
10:59:40.0468 0x047c D:\Programme\Malwarebam\mbamscheduler.exe - ok
10:59:40.0484 0x047c [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] D:\WINDOWS\system32\drivers\srv.sys
10:59:40.0484 0x047c D:\WINDOWS\system32\drivers\srv.sys - ok
10:59:40.0484 0x047c [ A422816A15CFAC50567FD0F6582FD2CF, 0AA6588C63F53962E2D3665159BAE7402F43BEC0136A48DE39FE977430CA7B5A ] D:\Programme\Malwarebam\mbamsrv.dll
10:59:40.0484 0x047c D:\Programme\Malwarebam\mbamsrv.dll - ok
10:59:40.0484 0x047c [ 9621BE9F6EA24F3D7F09B07853CB5AC8, 289B6CF50AB088D474C84634A0469502153EED94BFBD11396E574451B0E8EF1C ] D:\WINDOWS\system32\spoolss.dll
10:59:40.0484 0x047c D:\WINDOWS\system32\spoolss.dll - ok
10:59:40.0484 0x047c [ 6582453D9A23287F6DCA15B82D339A48, 7FE6EE258F7017C8EEB36A2F8FF66B47C8662957A42EEE97BCDC46176EB014F0 ] D:\WINDOWS\system32\localspl.dll
10:59:40.0484 0x047c D:\WINDOWS\system32\localspl.dll - ok
10:59:40.0484 0x047c [ 61AF7614418BA5B9E8B4EB82E459BE53, 828ABEF68681C061E93FA61E7D12AEAB6D67ABBE597BC207DF0E6DB185C95C72 ] D:\Programme\Malwarebam\QtCore4.dll
10:59:40.0484 0x047c D:\Programme\Malwarebam\QtCore4.dll - ok
10:59:40.0500 0x047c [ CD1A323D787B738DDE0D62AA28214E16, 537C716DCC3F173580F6A34D31CBB099D0AFF57B5A31E737F4A41C8BCF041CB5 ] D:\WINDOWS\system32\cnbjmon.dll
10:59:40.0500 0x047c D:\WINDOWS\system32\cnbjmon.dll - ok
10:59:40.0500 0x047c [ 6CD9B4F273997E04EB548969C4AAEAA1, D3540729FDF61CCBB8CED7DFC3CAB4A1616409AD93F4663FD0C6B3EA42E3FDBA ] D:\WINDOWS\system32\CNMLM64.DLL
10:59:40.0500 0x047c D:\WINDOWS\system32\CNMLM64.DLL - ok
10:59:40.0500 0x047c [ 9B0B5DF56025F6E48C17C7BA75310D35, 11769BD4B25A6C139A347893E543935F85BD357B6EEEC65F174EA94531CD1D46 ] D:\WINDOWS\system32\pjlmon.dll
10:59:40.0500 0x047c D:\WINDOWS\system32\pjlmon.dll - ok
10:59:40.0500 0x047c [ CA8AA75C4DC6A48D65949A30CE46C970, 36315F9335ECECC839B6479A1B772F2B2CDC8CF8891E93507018ACBBF7231063 ] D:\WINDOWS\system32\tcpmon.dll
10:59:40.0500 0x047c D:\WINDOWS\system32\tcpmon.dll - ok
10:59:40.0500 0x047c [ CA55500E2E0515FCC888C4A5E01E64B7, 053910D883931A776F71AF8CF3A15837524B65B933C09038E51F40FCB7B959D2 ] D:\Programme\Malwarebam\msvcp100.dll
10:59:40.0500 0x047c D:\Programme\Malwarebam\msvcp100.dll - ok
10:59:40.0515 0x047c [ E7BB3BF2DFDF4483DFF8A4AB05805416, 596CC4D6E8D3253D29EA0BE7FD01F44BD585910EBBD5D8B49C8911C7BC068470 ] D:\WINDOWS\system32\usbmon.dll
10:59:40.0515 0x047c D:\WINDOWS\system32\usbmon.dll - ok
10:59:40.0515 0x047c [ 4C539E592E50633B21AB1E1FDA40A32A, F07F846E1BFA7AE1B5FE835BCB34CCD2FA671B865415EF2A9C6EB8972D3A0E0C ] D:\Programme\Malwarebam\msvcr100.dll
10:59:40.0515 0x047c D:\Programme\Malwarebam\msvcr100.dll - ok
10:59:40.0515 0x047c [ 1B07F9455F2354120B5E0F7FD0DE21E7, 03E88E4499188CE01646BD16D14A15BAD1F4BEB04D5AF55C3331E28FF14E5B16 ] D:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL
10:59:40.0515 0x047c D:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL - ok
10:59:40.0515 0x047c [ 4333010681772735474A64D984F175AB, 8A5795DEDD12B91562984AEB6F0A0D692A113ECAB66CC0365DC1FB0258E87802 ] D:\WINDOWS\system32\win32spl.dll
10:59:40.0515 0x047c D:\WINDOWS\system32\win32spl.dll - ok
10:59:40.0531 0x047c [ 4BAB096EE0673DE722536F0274DA2373, FFAC271F8E690695C65000204816D78D6E152B3E46091D9643FC6693AE5981E2 ] D:\WINDOWS\system32\inetpp.dll
10:59:40.0531 0x047c D:\WINDOWS\system32\inetpp.dll - ok
10:59:40.0531 0x047c [ 0E892525F035A10857E33153CF65CE6C, D3C18126CCC1B59A90E28CDCAEA2CE3129081E5511C2F3428A39F2168EE9D3F9 ] D:\WINDOWS\system32\netrap.dll
10:59:40.0531 0x047c D:\WINDOWS\system32\netrap.dll - ok
10:59:40.0531 0x047c [ 72DC0AFC9BDCFEB18F390B937A24E32C, 7E0396569EB37E1520F01B99EDE0B906BD032C8410B2F02DD6F2B0C2F07E0D46 ] D:\WINDOWS\system32\ipsecsvc.dll
10:59:40.0531 0x047c D:\WINDOWS\system32\ipsecsvc.dll - ok
10:59:40.0531 0x047c [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] D:\WINDOWS\system32\netman.dll
10:59:40.0531 0x047c D:\WINDOWS\system32\netman.dll - ok
10:59:40.0531 0x047c [ 121E5C473F0AD53BCFDB6E8181C44F81, 82E8036DD29249E826582D8933B04571AAE7B17EDD945B7928C8878DF3D0E454 ] D:\WINDOWS\system32\netshell.dll
10:59:40.0531 0x047c D:\WINDOWS\system32\netshell.dll - ok
10:59:40.0546 0x047c [ A3101C65133F0E3FCFF3ABA073BBA89C, 3041B0031E6834248DE5CD7766E8897DA65099D684F508878768212F17ED537D ] D:\WINDOWS\system32\oakley.dll
10:59:40.0546 0x047c D:\WINDOWS\system32\oakley.dll - ok
10:59:40.0546 0x047c [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] D:\WINDOWS\system32\regsvc.dll
10:59:40.0546 0x047c D:\WINDOWS\system32\regsvc.dll - ok
10:59:40.0546 0x047c [ AB0B97A27AA94AB681F0B0DD7C1B5E89, F0CA25154DABE472ADB4D9A21EEC715E5D91D076CE079D2191E5D0AC1EB90BEE ] D:\WINDOWS\system32\psbase.dll
10:59:40.0546 0x047c D:\WINDOWS\system32\psbase.dll - ok
10:59:40.0546 0x047c [ 1F975474A91306BEFF9A2314A88DB3BF, 9A839FF98353AADA54D66EF57D7AF168E27E845C203C83087EA8CB12A8871430 ] D:\WINDOWS\system32\pstorsvc.dll
10:59:40.0546 0x047c D:\WINDOWS\system32\pstorsvc.dll - ok
10:59:40.0546 0x047c [ C6D9B9487143C455C26BFA3D8BE7C445, 073F10A6216F517710167813B0D0ADD8A261FAC033F8C8948BA5BCACD32D9E57 ] D:\WINDOWS\system32\winipsec.dll
10:59:40.0546 0x047c D:\WINDOWS\system32\winipsec.dll - ok
10:59:40.0562 0x047c [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] D:\WINDOWS\system32\dssenh.dll
10:59:40.0562 0x047c D:\WINDOWS\system32\dssenh.dll - ok
10:59:40.0562 0x047c [ AFF1657382B09291DCB40ECFD2B673F2, F565C41416E13F6C73A063EC7FC393F6E8D0F3F4B3C0F04EEBA3D36220836537 ] D:\WINDOWS\system32\credui.dll
10:59:40.0562 0x047c D:\WINDOWS\system32\credui.dll - ok
10:59:40.0562 0x047c [ AE1BFF56A081E11208AFFCC7209BF5CE, 800E32D54181A1001780B8FC84ACF4646C02FEFBD32D12B8881FA1CDD0C3D20F ] D:\WINDOWS\system32\dot3dlg.dll
10:59:40.0562 0x047c D:\WINDOWS\system32\dot3dlg.dll - ok
10:59:40.0562 0x047c [ 4BAC361B11D8C5F3B38EC668ADD95D60, 7F5719C1D04576B7FF51902C4ED0D10B5824935C18D3D98016E59102EB449A47 ] D:\WINDOWS\system32\onex.dll
10:59:40.0562 0x047c D:\WINDOWS\system32\onex.dll - ok
10:59:40.0578 0x047c [ 14FA15EF89423FBFE55F55BB892C5CF2, F002C5A226FE14956752CA49822FC785639CD4B8F9C7687392062E0CE44D1EA7 ] D:\WINDOWS\system32\eappcfg.dll
10:59:40.0578 0x047c D:\WINDOWS\system32\eappcfg.dll - ok
10:59:40.0578 0x047c [ D6633FC7D1FCE7DCD7A1FE2564DC4FA6, EE96500063A6114F0EBC56026A39ABA62A83D3E12509E6F3187B9BC9426661DF ] D:\WINDOWS\system32\eappprxy.dll
10:59:40.0578 0x047c D:\WINDOWS\system32\eappprxy.dll - ok
10:59:40.0578 0x047c [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] D:\WINDOWS\system32\wiaservc.dll
10:59:40.0578 0x047c D:\WINDOWS\system32\wiaservc.dll - ok
10:59:40.0578 0x047c [ 41696F6200C7151CC0A4A26816E3F577, 66B97C2CF41A6DB28A5118C09A63B95EA8C954698B52A19D457E20D90F85F353 ] D:\WINDOWS\system32\wzcsapi.dll
10:59:40.0578 0x047c D:\WINDOWS\system32\wzcsapi.dll - ok
10:59:40.0578 0x047c [ C30D8C61884413FB35E241A2D98BD08F, E269FFAA5DC6E25F58D185C495F9B8EC054B1923963A0FF05D472392463FB3E3 ] D:\WINDOWS\system32\mscms.dll
10:59:40.0578 0x047c D:\WINDOWS\system32\mscms.dll - ok
10:59:40.0593 0x047c [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] D:\WINDOWS\system32\seclogon.dll
10:59:40.0593 0x047c D:\WINDOWS\system32\seclogon.dll - ok
10:59:40.0593 0x047c [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] D:\WINDOWS\system32\sens.dll
10:59:40.0593 0x047c D:\WINDOWS\system32\sens.dll - ok
10:59:40.0593 0x047c [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] D:\WINDOWS\system32\srsvc.dll
10:59:40.0593 0x047c D:\WINDOWS\system32\srsvc.dll - ok
10:59:40.0593 0x047c [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] D:\WINDOWS\system32\trkwks.dll
10:59:40.0593 0x047c D:\WINDOWS\system32\trkwks.dll - ok
10:59:40.0593 0x047c [ B42057F06BBB98B31876C0B3F2B54E33, 779AF28378E8D37E784BEDBEE23DCFFC6C9C9068180F2A9058C91047E33ED078 ] D:\WINDOWS\system32\browser.dll
10:59:40.0593 0x047c D:\WINDOWS\system32\browser.dll - ok
10:59:40.0609 0x047c [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] D:\WINDOWS\system32\wbem\wmisvc.dll
10:59:40.0609 0x047c D:\WINDOWS\system32\wbem\wmisvc.dll - ok
10:59:40.0609 0x047c [ 6E3FFF4A95EA978E333E53FE7F47E7F6, A71185F0B786691058FFBDA6540BAEE6D95618CF678E26B26C2F522E695C2E70 ] D:\WINDOWS\system32\vssapi.dll
10:59:40.0609 0x047c D:\WINDOWS\system32\vssapi.dll - ok
10:59:40.0609 0x047c [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] D:\WINDOWS\system32\ipnathlp.dll
10:59:40.0609 0x047c D:\WINDOWS\system32\ipnathlp.dll - ok
10:59:40.0609 0x047c [ 18D926CD5F5BE2AA73EAD99C02BC719D, A4FC9EDCB1DA7AFDAB498BDD6245C035F19E478FA1C7F51192608B63F10D6DB8 ] D:\WINDOWS\system32\actxprxy.dll
10:59:40.0609 0x047c D:\WINDOWS\system32\actxprxy.dll - ok
10:59:40.0625 0x047c [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] D:\WINDOWS\system32\wscsvc.dll
10:59:40.0625 0x047c D:\WINDOWS\system32\wscsvc.dll - ok
10:59:40.0625 0x047c [ 8C22083ED515DC94D575438662F0BE6A, 67DC2A393AE31764C090BE2AEFAD3E20220538152157BAEBF366112166FEAB23 ] D:\WINDOWS\system32\msi.dll
10:59:40.0625 0x047c D:\WINDOWS\system32\msi.dll - ok
10:59:40.0625 0x047c [ 8747DA0A28057B6EF2366E4C951A23F5, 96AC4AFEB8D2EB706A5AA58B2B3803F88E8B74774F8FC2C4F7D59A3A961AA70D ] D:\WINDOWS\system32\wbem\wbemcomn.dll
10:59:40.0625 0x047c D:\WINDOWS\system32\wbem\wbemcomn.dll - ok
10:59:40.0625 0x047c [ 8B42C14DA903681760079C1E12D8B4DA, 2527D3FEE00D645620AABC36D2701216FE7C72BCE5C4E6F2BF1EA4C04B26461B ] D:\WINDOWS\system32\wbem\wbemcore.dll
10:59:40.0625 0x047c D:\WINDOWS\system32\wbem\wbemcore.dll - ok
10:59:40.0625 0x047c [ 517A94B722F607B904061447939D7924, B705E2012BA66A257B91DD933238E5A9056BAAB5502DDC9F779F142A9A42772A ] D:\WINDOWS\system32\wbem\wbemprox.dll
10:59:40.0625 0x047c D:\WINDOWS\system32\wbem\wbemprox.dll - ok
10:59:40.0640 0x047c [ 5F07EDF60DC19981238A0D8A9622535D, 35CCC1B21968CA652A8882694895660BF862C72DFB561853D6EBA131B396F8FD ] D:\WINDOWS\system32\wbem\esscli.dll
10:59:40.0640 0x047c D:\WINDOWS\system32\wbem\esscli.dll - ok
10:59:40.0640 0x047c [ 3F2A4A47A2BCE0269B252550D1A2B471, E672F6A19563B715A96A1B9D13C521C865447DD2CEA65CED87A1A943C74FE8CA ] D:\WINDOWS\system32\wbem\fastprox.dll
10:59:40.0640 0x047c D:\WINDOWS\system32\wbem\fastprox.dll - ok
10:59:40.0640 0x047c [ 90075AE5778A16AD07A030377E2E95CD, 90039F8CC696B71B0D88A266B0234A1D8525843344280F55F35204DDE298BC0D ] D:\WINDOWS\system32\comsvcs.dll
10:59:40.0640 0x047c D:\WINDOWS\system32\comsvcs.dll - ok
10:59:40.0640 0x047c [ B601A34A1BC3FFF07B005BC91FF58500, D0DBB43DA277BAA4ED116B873C27EC6CE37607683E427C3A854FDFDA151295A6 ] D:\WINDOWS\system32\clusapi.dll
10:59:40.0640 0x047c D:\WINDOWS\system32\clusapi.dll - ok
10:59:40.0640 0x047c [ 17E6FA7A7EBE1864DD5DDCD66D2735DF, D32882B2CA1503C62A2A65594D95D951EA291726600658A453C4B65C69ABD391 ] D:\WINDOWS\system32\colbact.dll
10:59:40.0640 0x047c D:\WINDOWS\system32\colbact.dll - ok
10:59:40.0656 0x047c [ 89546F0070588D78EA7357583A4C04CB, 3A0912E1B20A1A5A48EDE869C3C9A8EB606CA72DEA9288751DDD0582B8A29E8A ] D:\WINDOWS\system32\mtxclu.dll
10:59:40.0656 0x047c D:\WINDOWS\system32\mtxclu.dll - ok
10:59:40.0656 0x047c [ 241F738F1F3F67297066898C6322E794, 4DD9A20D2EC7F7EC65529D6F53C54C98F7A3AB1A1C662ACBE46ECF3DA5589FF0 ] D:\WINDOWS\system32\resutils.dll
10:59:40.0656 0x047c D:\WINDOWS\system32\resutils.dll - ok
10:59:40.0656 0x047c [ F4E0C344DDBD3F1DD43B438009A06B77, 452BA14451E599B255A56793E30A096CA1F16C4A5F65C4CBDC2F54ECA21DAC51 ] D:\WINDOWS\system32\wbem\wbemsvc.dll
10:59:40.0656 0x047c D:\WINDOWS\system32\wbem\wbemsvc.dll - ok
10:59:40.0656 0x047c [ 61E5A4949B77DFF8A776C3C45383AF2E, E2CD4C4EC1868AB4AA133AC13272ACA65E09AF979447723975BEC514F3E9D629 ] D:\WINDOWS\system32\wbem\repdrvfs.dll
10:59:40.0656 0x047c D:\WINDOWS\system32\wbem\repdrvfs.dll - ok
10:59:40.0656 0x047c [ BBF69BCF56B41E590B3F52719D002DB3, 8C6DA6C5B19C3A2A8FF998120FFEFAEE0C82522BCFA4274CD1775DF98572200B ] D:\WINDOWS\system32\wbem\wmiutils.dll
10:59:40.0656 0x047c D:\WINDOWS\system32\wbem\wmiutils.dll - ok
10:59:40.0671 0x047c [ A7F9E133160AFC926AC272EB80C47C58, D383EBA825C1245391F1D91AAC3FD62C81CB31B4AF7FC79E374DC6AF0F245FF3 ] D:\WINDOWS\system32\wbem\wmiprvsd.dll
10:59:40.0671 0x047c D:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
10:59:40.0671 0x047c [ 885CE91BDCDECEDCA6DB0E59D48FB43D, D4725D4F00DA4142505F124BA987475E98D276F891A868D4B2477857F700A448 ] D:\WINDOWS\system32\wbem\wbemess.dll
10:59:40.0671 0x047c D:\WINDOWS\system32\wbem\wbemess.dll - ok
10:59:40.0671 0x047c [ F49D9D59B38311C3A2F6D1FC1C297BE4, D1555A774396AF2718D5278F4967BB6977BD62C495B824EF6F0B1379730B43FC ] D:\WINDOWS\system32\wuapi.dll
10:59:40.0671 0x047c D:\WINDOWS\system32\wuapi.dll - ok
10:59:40.0671 0x047c [ 755A529EF5EA3960835507A727FABE56, 3FAD58A7BFCD92F101EE44368562110A87FC5BCBDABAE85AFB98147BAB502A00 ] D:\WINDOWS\system32\wbem\ncprov.dll
10:59:40.0671 0x047c D:\WINDOWS\system32\wbem\ncprov.dll - ok
10:59:40.0687 0x047c [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] D:\WINDOWS\system32\alg.exe
10:59:40.0687 0x047c D:\WINDOWS\system32\alg.exe - ok
10:59:40.0687 0x047c [ B9E1B91828711D12BBF27C3A29255127, 947BD601908DBB4EDEF93D2EBD2603614895D4D34BF36DA1B8D7FBC91319F316 ] D:\WINDOWS\system32\netcfgx.dll
10:59:40.0687 0x047c D:\WINDOWS\system32\netcfgx.dll - ok
10:59:40.0687 0x047c [ C7636BA48F5BA08AD427E6FBECC32679, 5C11B849BC7758C96687A492A1BA48DAE5410A043BB2B333B29B6F82578A15A3 ] D:\WINDOWS\system32\wbem\wbemcons.dll
10:59:40.0687 0x047c D:\WINDOWS\system32\wbem\wbemcons.dll - ok
10:59:40.0687 0x047c [ 27EB9D671497EA236E6B59EB9EDE3607, 1AF79A10F1F3D67BF8826A92D9BA523499F2946009DB2619B0988CCAD8C44A63 ] D:\WINDOWS\system32\cscui.dll
10:59:40.0687 0x047c D:\WINDOWS\system32\cscui.dll - ok
10:59:40.0687 0x047c [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] D:\WINDOWS\system32\termsrv.dll
10:59:40.0687 0x047c D:\WINDOWS\system32\termsrv.dll - ok
10:59:40.0703 0x047c [ 39E63B4B76CB20E20949FCC6DE1BC630, F8A80D853B445E43C37BF5EC35CB9D789B2F8F0A09E1CA50368A547EC8BFD060 ] D:\WINDOWS\system32\icaapi.dll
10:59:40.0703 0x047c D:\WINDOWS\system32\icaapi.dll - ok
10:59:40.0703 0x047c [ F0D12C9FA5F8C3ED9329418FFDC4FE4C, 49BAD9620B6671470ADF7F114F241DDD7E6CB28AFCB2F563BAC5DAD520A5B9EB ] D:\WINDOWS\system32\mstlsapi.dll
10:59:40.0703 0x047c D:\WINDOWS\system32\mstlsapi.dll - ok
10:59:40.0703 0x047c [ 5A023A0A96A198A667A9FB42ACFA0D7F, 51C51D1F593D7B3EA68CF636D965B2E121984A7C72C650A52E01B2D100CDAE77 ] D:\WINDOWS\system32\dpcdll.dll
10:59:40.0703 0x047c D:\WINDOWS\system32\dpcdll.dll - ok
10:59:40.0703 0x047c [ BE2C8BD5F596535D534C785B04A3B741, 45873CE1C437B25CBF44C977569C30561830D0993C4116C6EBF400471DED0BB1 ] D:\WINDOWS\system32\wdmaud.drv
10:59:40.0703 0x047c D:\WINDOWS\system32\wdmaud.drv - ok
10:59:40.0703 0x047c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] D:\WINDOWS\system32\drivers\wdmaud.sys
10:59:40.0703 0x047c D:\WINDOWS\system32\drivers\wdmaud.sys - ok
10:59:40.0718 0x047c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] D:\WINDOWS\system32\drivers\sysaudio.sys
10:59:40.0718 0x047c D:\WINDOWS\system32\drivers\sysaudio.sys - ok
10:59:40.0718 0x047c [ 788F95312E26389D596C0FA55834E106, F7090C739CFC4AA6280BFEDC1551118F05A098B0AD71BB9541E21E6FDFED3040 ] D:\WINDOWS\system32\userinit.exe
10:59:40.0718 0x047c D:\WINDOWS\system32\userinit.exe - ok
10:59:40.0718 0x047c [ 418045A93CD87A352098AB7DABE1B53E, 81419093CCB985DA284931FA3DF41C4CFE25350DB1C366792903411819371664 ] D:\WINDOWS\explorer.exe
10:59:40.0718 0x047c D:\WINDOWS\explorer.exe - ok
10:59:40.0718 0x047c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] D:\WINDOWS\system32\drivers\splitter.sys
10:59:40.0718 0x047c D:\WINDOWS\system32\drivers\splitter.sys - ok
10:59:40.0734 0x047c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] D:\WINDOWS\system32\drivers\aec.sys
10:59:40.0734 0x047c D:\WINDOWS\system32\drivers\aec.sys - ok
10:59:40.0734 0x047c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] D:\WINDOWS\system32\drivers\swmidi.sys
10:59:40.0734 0x047c D:\WINDOWS\system32\drivers\swmidi.sys - ok
10:59:40.0734 0x047c [ 62982E7EF025B5D8FB31467265C43918, 50763ED3A1524110A4E1327877C1D6495F135FC462E48D99423AAEC39C139492 ] D:\WINDOWS\system32\browseui.dll
10:59:40.0734 0x047c D:\WINDOWS\system32\browseui.dll - ok
10:59:40.0734 0x047c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] D:\WINDOWS\system32\drivers\dmusic.sys
10:59:40.0734 0x047c D:\WINDOWS\system32\drivers\dmusic.sys - ok
10:59:40.0734 0x047c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] D:\WINDOWS\system32\drivers\kmixer.sys
10:59:40.0734 0x047c D:\WINDOWS\system32\drivers\kmixer.sys - ok
10:59:40.0750 0x047c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] D:\WINDOWS\system32\drivers\drmkaud.sys
10:59:40.0750 0x047c D:\WINDOWS\system32\drivers\drmkaud.sys - ok
10:59:40.0750 0x047c [ 5F62AE472DDEC02CB3C635FAD6F3A632, ED777A976B6F75A20EF7D92972B26D5DF8AC2471412D6CB34E0DE74ABB7DBD44 ] D:\WINDOWS\system32\shdocvw.dll
10:59:40.0750 0x047c D:\WINDOWS\system32\shdocvw.dll - ok
10:59:40.0750 0x047c [ 84BDD3C4FADB534BD843D949CFCDE53C, 5773B9D7A417935D298AFB2D0FCA9FCFCBD9192F9AC0DE3CFBDE0477D819E348 ] D:\WINDOWS\system32\msacm32.drv
10:59:40.0750 0x047c D:\WINDOWS\system32\msacm32.drv - ok
10:59:40.0750 0x047c [ 2CF969B9BF1EF069075DCDCE309FAAE1, 04CD664171AC3BD147CB5FA5CE86F42454D595A73988DFA870410172AC33373A ] D:\WINDOWS\system32\midimap.dll
10:59:40.0750 0x047c D:\WINDOWS\system32\midimap.dll - ok
10:59:40.0750 0x047c [ 4B0451C5A07470A3722171E354ABDADE, A7A1F52BA1A20330FEEBF285A62784475E74C95C76B875DF50B71721E412AA5F ] D:\WINDOWS\system32\desk.cpl
10:59:40.0750 0x047c D:\WINDOWS\system32\desk.cpl - ok
10:59:40.0765 0x047c [ 78898165CF0E27AFBD8653EF6D2FDA07, 0DBE48641D23FBF823E100861428F73ABCE067B78D5FC97B472806A02D12F36A ] D:\WINDOWS\system32\themeui.dll
10:59:40.0765 0x047c D:\WINDOWS\system32\themeui.dll - ok
10:59:40.0765 0x047c [ 65660A5C5C56DEFBA2F0F417D1B4A82C, A55940A35993B24CE3EE420F2C3C5D5EB62207711096E1F690FB0563DAF21B2E ] D:\WINDOWS\system32\urlmon.dll
10:59:40.0765 0x047c D:\WINDOWS\system32\urlmon.dll - ok
10:59:40.0765 0x047c [ 9B890F756D087991322464912FE68E75, 57BF326C1AFC57803F6E5E77458080FE5A1C1413C6F9BD3CC37ADD07008E6812 ] D:\WINDOWS\system32\cmd.exe
10:59:40.0765 0x047c D:\WINDOWS\system32\cmd.exe - ok
10:59:40.0765 0x047c [ EDAFBE25FB6480CE68F688BA691890DC, F21610B3FC4FE3C18334F2B204E9E7E77F7AC3DD7357171AAD2A65B64AC653E0 ] D:\WINDOWS\system32\wscntfy.exe
10:59:40.0765 0x047c D:\WINDOWS\system32\wscntfy.exe - ok
10:59:40.0765 0x047c [ 2AD9820E4B17E78110A6AA06BF5C1CE2, 330A62FC255D24FCF7904B11CD533A9A06C1EBDBD90491A11960317759E7F4D0 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{F9B0BAD2-A76D-4A9E-9159-A678F3457962}.exe
10:59:40.0765 0x047c D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{F9B0BAD2-A76D-4A9E-9159-A678F3457962}.exe - ok
10:59:40.0781 0x047c [ 65657A27D1487BAAFE446ED3E20D2209, F0A1D344E38B9D60F6149E0BDCCB06EF53A298E76B1682A5F573CFD3B8F49CAF ] D:\WINDOWS\system32\msutb.dll
10:59:40.0781 0x047c D:\WINDOWS\system32\msutb.dll - ok
10:59:40.0781 0x047c [ A4472EA73BFB27132483F86BAFCD7783, 04DABF76F91D8F3EE43837591C33516E2C644AB3F2C8E75FE5256258C1632046 ] D:\WINDOWS\system32\msctf.dll
10:59:40.0781 0x047c D:\WINDOWS\system32\msctf.dll - ok
10:59:40.0781 0x047c [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] D:\WINDOWS\system32\ctfmon.exe
10:59:40.0781 0x047c D:\WINDOWS\system32\ctfmon.exe - ok
10:59:40.0781 0x047c [ F6B34CD47CAF6D68106B9F8055F35C50, AEB641391D0186C2A6C2ED97FE87EDF6D0289818FD2CBB98AAD0CDA3504B23B0 ] D:\WINDOWS\system32\rundll32.exe
10:59:40.0781 0x047c D:\WINDOWS\system32\rundll32.exe - ok
10:59:40.0796 0x047c [ 456DFE2E9E04CAD282E19DE078DCF85B, 1236F50D225F331F0583D5203E58B2CE631008832071F8FDAF103D0BF47D49AD ] D:\WINDOWS\ime\sptip.dll
10:59:40.0796 0x047c D:\WINDOWS\ime\sptip.dll - ok
10:59:40.0796 0x047c [ 6106C285CCBAA90AABE190C7F9E25558, 955D34F12EF4A3B4531DF821ACA31762DAE3E7868719F1FFBDDC85637F4E18E8 ] D:\WINDOWS\system32\bthprops.cpl
10:59:40.0796 0x047c D:\WINDOWS\system32\bthprops.cpl - ok
10:59:40.0796 0x047c [ A7A221F7ED230E24A3186A5234751A08, D22B3BE8690FB6BA0586640C67212D5C6105B437086C96572BF3FB01CF308582 ] D:\WINDOWS\system32\winhttp.dll
10:59:40.0796 0x047c D:\WINDOWS\system32\winhttp.dll - ok
10:59:40.0796 0x047c [ 5543A9D4A1D0F9F84092482A9373A024, 6A400462579D71046074FA49A34E0F909C43DCBFA05D1875084FA7FF260949E4 ] D:\WINDOWS\system32\linkinfo.dll
10:59:40.0796 0x047c D:\WINDOWS\system32\linkinfo.dll - ok
10:59:40.0812 0x047c [ E5A0609A36161F9CA277F3E4EEE339F7, E8E300F5535DBDE4682A2263CD3AF12C5CF778412AA97A8D124B3130ED2B7BEF ] D:\WINDOWS\system32\devmgr.dll
10:59:40.0812 0x047c D:\WINDOWS\system32\devmgr.dll - ok
10:59:40.0812 0x047c [ 6AD81A33FE1E1DBB7A1E332C20160D05, 128AA71D3E4CEF642F9C1568349ADFA2AD2A5C4F5E5AA2702380C02783129DE1 ] D:\WINDOWS\system32\ntshrui.dll
10:59:40.0812 0x047c D:\WINDOWS\system32\ntshrui.dll - ok
10:59:40.0812 0x047c [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{A915FA1E-B9A2-4784-BC55-2AD53BDE3C54}.tmp
10:59:40.0812 0x047c D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{A915FA1E-B9A2-4784-BC55-2AD53BDE3C54}.tmp - ok
10:59:40.0812 0x047c [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{D8B76846-5125-487B-A024-C71412463522}.tmp
10:59:40.0812 0x047c D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{D8B76846-5125-487B-A024-C71412463522}.tmp - ok
10:59:40.0812 0x047c [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{C825494E-CCDD-4C59-BD42-623FB051A6D6}.tmp
10:59:40.0812 0x047c D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{C825494E-CCDD-4C59-BD42-623FB051A6D6}.tmp - ok
10:59:40.0828 0x047c [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{602C3539-CA26-43AD-9E1A-126E4196A02D}.tmp
10:59:40.0828 0x047c D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{602C3539-CA26-43AD-9E1A-126E4196A02D}.tmp - ok
10:59:40.0828 0x047c [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{C695AF32-9B0D-4212-969C-26AD74C8FB40}.tmp
10:59:40.0828 0x047c D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{C695AF32-9B0D-4212-969C-26AD74C8FB40}.tmp - ok
10:59:40.0828 0x047c [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{F69A8810-00B3-453C-B66E-951447F74924}.tmp
10:59:40.0828 0x047c D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{F69A8810-00B3-453C-B66E-951447F74924}.tmp - ok
10:59:40.0828 0x047c [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{CCD7B2E7-311B-43F6-A01E-4B3DE706746B}.tmp
10:59:40.0828 0x047c D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{CCD7B2E7-311B-43F6-A01E-4B3DE706746B}.tmp - ok
10:59:40.0828 0x047c [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{BFCD120E-12C9-4C76-8AA1-E1BFDDAA5C9E}.tmp
10:59:40.0828 0x047c D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{BFCD120E-12C9-4C76-8AA1-E1BFDDAA5C9E}.tmp - ok
10:59:40.0843 0x047c [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{8DC56621-3700-4C25-9038-956F22331497}.tmp
10:59:40.0843 0x047c D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{8DC56621-3700-4C25-9038-956F22331497}.tmp - ok
10:59:40.0843 0x047c [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{2384202C-3EAC-42ED-92A8-B008009A0E44}.tmp
10:59:40.0843 0x047c D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{2384202C-3EAC-42ED-92A8-B008009A0E44}.tmp - ok
10:59:40.0843 0x047c [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] D:\WINDOWS\system32\imapi.exe
10:59:40.0843 0x047c D:\WINDOWS\system32\imapi.exe - ok
10:59:40.0843 0x047c [ C1DA9CCE6295AA435877CFBF0C61005D, 63B6B70CF3E535F7863DAA3A2DC904E2FA8470E2E35A4C1368468F4015B80F81 ] D:\WINDOWS\system32\webcheck.dll
10:59:40.0843 0x047c D:\WINDOWS\system32\webcheck.dll - ok
10:59:40.0859 0x047c [ F84AC3459F5ED9B77BC38C481F744729, 14DB981F2256858F144183C0C66ACF1100D65CBEF73ADD31E1B41D6F648DAF56 ] D:\WINDOWS\system32\batmeter.dll
10:59:40.0859 0x047c D:\WINDOWS\system32\batmeter.dll - ok
10:59:40.0859 0x047c [ DE2CD737BB7C6B2F391D54A06C1B80A1, 364E8F5088E0B9B7A7672D752BB1CED92DC2FFEEE4F9A1F16C46839462CB48A6 ] D:\WINDOWS\system32\stobject.dll
10:59:40.0859 0x047c D:\WINDOWS\system32\stobject.dll - ok
10:59:40.0859 0x047c [ 3F541BFA1043223844EBBFEBE3ED1AD8, 7A78013B9DC714FEF40B445653E1B901E3476C38724F43AEFC5715F26448D063 ] D:\WINDOWS\system32\ssdpapi.dll
10:59:40.0859 0x047c D:\WINDOWS\system32\ssdpapi.dll - ok
10:59:40.0859 0x047c [ 24ABEFFDE26EDD53F33187FB46068876, 988157B737163DEAAFDB8157DBC3D37C05DADC4433A864D7C811CF23087E86F2 ] D:\WINDOWS\system32\upnp.dll
10:59:40.0859 0x047c D:\WINDOWS\system32\upnp.dll - ok
10:59:40.0859 0x047c [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] D:\WINDOWS\system32\drivers\http.sys
10:59:40.0859 0x047c D:\WINDOWS\system32\drivers\http.sys - ok
10:59:40.0875 0x047c [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] D:\WINDOWS\system32\ssdpsrv.dll
10:59:40.0875 0x047c D:\WINDOWS\system32\ssdpsrv.dll - ok
10:59:40.0875 0x047c [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] D:\WINDOWS\system32\rasmans.dll
10:59:40.0875 0x047c D:\WINDOWS\system32\rasmans.dll - ok
10:59:40.0875 0x047c [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] D:\WINDOWS\system32\tapisrv.dll
10:59:40.0875 0x047c D:\WINDOWS\system32\tapisrv.dll - ok
10:59:40.0875 0x047c [ 67F2A1E0D4EF9F276346E9FE5007C6A2, 8790C9560BEF428634D3824E129B57CC70DCE59FD27CBE86BD1DE36FBCD1CED1 ] D:\WINDOWS\system32\rastapi.dll
10:59:40.0875 0x047c D:\WINDOWS\system32\rastapi.dll - ok
10:59:40.0875 0x047c [ A0D8D3E40071A2D46A174F358E579FF9, 2AEFE14B4B789878A067686056D35A09B8C7D2FE10833FF4526ABE4B0FAF7CC5 ] D:\WINDOWS\system32\unimdm.tsp
10:59:40.0875 0x047c D:\WINDOWS\system32\unimdm.tsp - ok
10:59:40.0890 0x047c [ 6880D17F2120260DED52864711FD5D40, 5B2AF29DD885F58B6137D6F0D9CF2F4417388E2C6A7D0E823844238E64352DF9 ] D:\WINDOWS\system32\uniplat.dll
10:59:40.0890 0x047c D:\WINDOWS\system32\uniplat.dll - ok
10:59:40.0890 0x047c [ E1A725D3FAC63C1D61EDA9D01D52018E, E6C43143A63FB8D168D50D90BDD7E0228D5C4CEB44F51FC6D80E5ABAF83850AD ] D:\WINDOWS\system32\modemui.dll
10:59:40.0890 0x047c D:\WINDOWS\system32\modemui.dll - ok
10:59:40.0890 0x047c [ F7F6B41973142FACBCB0227051B8758C, E9068499EFDE0BBAF7F3AC2A28858FD4D4D7D68BF0F11625C2F35FE3A81F4DDF ] D:\WINDOWS\system32\unimdmat.dll
10:59:40.0890 0x047c D:\WINDOWS\system32\unimdmat.dll - ok
10:59:40.0890 0x047c [ A46C35D2222289E11498E63DC255D9EE, 52E4AE39EE6E7026F7C5E9698773A7C6AB98DBBF298BD6C7482033DB5ED7DA70 ] D:\WINDOWS\system32\h323.tsp
10:59:40.0890 0x047c D:\WINDOWS\system32\h323.tsp - ok
10:59:40.0890 0x047c [ FAB9161D01BAFED0FBA37B7EDC2E6C3E, 4FC6445C53AB9ABA555ACD77A46725ADD25185ECAB775A65981B931758BF1781 ] D:\WINDOWS\system32\ipconf.tsp
10:59:40.0890 0x047c D:\WINDOWS\system32\ipconf.tsp - ok
10:59:40.0906 0x047c [ B88E7C1BECF19CB7DF5D14C139E1B129, A0AFE18EE94B3A5621639B99766289339780470077FCCBD4D8592EC11D6BAF83 ] D:\WINDOWS\system32\kmddsp.tsp
10:59:40.0906 0x047c D:\WINDOWS\system32\kmddsp.tsp - ok
10:59:40.0906 0x047c [ B6368A01066D60B47927E70C3FCC4F4E, 2BAA8A00B3CDC2559360D83E53981404E8945D25A21BA411D96630B80FB0879F ] D:\WINDOWS\system32\ndptsp.tsp
10:59:40.0906 0x047c D:\WINDOWS\system32\ndptsp.tsp - ok
10:59:40.0906 0x047c [ B469B24EB3B6A5FA2E9AD4679F209A5A, 057467DE813719DA55E8A763E7DB54CB078EA248FCE1964A7DE48E74791BE115 ] D:\WINDOWS\system32\hidphone.tsp
10:59:40.0906 0x047c D:\WINDOWS\system32\hidphone.tsp - ok
10:59:40.0906 0x047c [ 41AA6EB6D03E14F64CAE4E661C45F5FC, F3B6FE36CBD517D05EF6E78585D612583C99237B3A1C4F12EC5533111E9C39CB ] D:\WINDOWS\system32\ntlsapi.dll
10:59:40.0906 0x047c D:\WINDOWS\system32\ntlsapi.dll - ok
10:59:40.0921 0x047c [ 784CE11452CEE7FA71BE94ACABC8D241, 8808A42B819D17921C417AFE4EF8653D6D63E62E86E26994CF1D6DF7A878646C ] D:\WINDOWS\system32\rasppp.dll
10:59:40.0921 0x047c D:\WINDOWS\system32\rasppp.dll - ok
10:59:40.0921 0x047c [ 1F869848291EFDBE3883B101EDD39025, F2771C370D1BE7AEDBC88140CAD704A96906F6ACC5F2D67F87909B8BF209F5A8 ] D:\WINDOWS\system32\rasqec.dll
10:59:40.0921 0x047c D:\WINDOWS\system32\rasqec.dll - ok
10:59:40.0921 0x047c [ 31940D74AE890495C73E37482F150DC3, B557CF9608AB3F31980EE36587F66CFF19017FD28398306590A783CBEDB9A58C ] D:\WINDOWS\system32\rasdlg.dll
10:59:40.0921 0x047c D:\WINDOWS\system32\rasdlg.dll - ok
10:59:40.0921 0x047c ================ Scan generic autorun ======================
10:59:40.0921 0x047c BluetoothAuthenticationAgent - ok
10:59:40.0953 0x047c [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] D:\WINDOWS\system32\CTFMON.EXE
10:59:41.0031 0x047c CTFMON.EXE - ok
10:59:41.0156 0x047c [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] D:\Programme\Spy\TeaTimer.exe
10:59:41.0296 0x047c SpybotSD TeaTimer - detected UnsignedFile.Multi.Generic ( 1 )
10:59:41.0296 0x047c SpybotSD TeaTimer ( UnsignedFile.Multi.Generic ) - warning
10:59:41.0312 0x047c [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] D:\WINDOWS\system32\ctfmon.exe
10:59:41.0375 0x047c CTFMON.EXE - ok
10:59:41.0484 0x047c Win FW state via NFM: enabled
10:59:41.0484 0x047c ============================================================
10:59:41.0484 0x047c Scan finished
10:59:41.0484 0x047c ============================================================
10:59:41.0500 0x0744 Detected object count: 3
10:59:41.0500 0x0744 Actual detected object count: 3
11:00:07.0968 0x0744 41d78ef79c384a09 ( Rootkit.Win32.Necurs.gen ) - skipped by user
11:00:07.0968 0x0744 41d78ef79c384a09 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
11:00:07.0968 0x0744 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:07.0968 0x0744 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:00:07.0968 0x0744 SpybotSD TeaTimer ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:07.0968 0x0744 SpybotSD TeaTimer ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
30.11.2014, 17:43
| #7 | |
| /// the machine /// TB-Ausbilder | Trojan.Agent in syshost.exeZitat:
Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt Poste den Inhalt bitte hier in deinen Thread. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.11.2014, 20:44
| #8 |
| | Trojan.Agent in syshost.exe Hallo, hier die Logs. TDSS erster Teil [CODE 19:00:03.0875 0x0218 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34 19:00:05.0781 0x0218 ============================================================ 19:00:05.0781 0x0218 Current date / time: 2014/11/30 19:00:05.0781 19:00:05.0781 0x0218 SystemInfo: 19:00:05.0781 0x0218 19:00:05.0781 0x0218 OS Version: 5.1.2600 ServicePack: 3.0 19:00:05.0781 0x0218 Product type: Workstation 19:00:05.0781 0x0218 ComputerName: INTRNET 19:00:05.0781 0x0218 UserName: Arbeit 19:00:05.0781 0x0218 Windows directory: D:\WINDOWS 19:00:05.0781 0x0218 System windows directory: D:\WINDOWS 19:00:05.0781 0x0218 Processor architecture: Intel x86 19:00:05.0781 0x0218 Number of processors: 2 19:00:05.0781 0x0218 Page size: 0x1000 19:00:05.0781 0x0218 Boot type: Normal boot 19:00:05.0781 0x0218 ============================================================ 19:00:05.0781 0x0218 BG loaded 19:00:05.0953 0x0218 System UUID: {78DF7FD0-1D0E-3939-D90F-C6BA596866FA} 19:00:06.0437 0x0218 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044 19:00:06.0437 0x0218 Drive \Device\Harddisk1\DR3 - Size: 0x7A800000 ( 1.91 Gb ), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:00:06.0453 0x0218 ============================================================ 19:00:06.0453 0x0218 \Device\Harddisk0\DR0: 19:00:06.0453 0x0218 MBR partitions: 19:00:06.0453 0x0218 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C25FE 19:00:06.0453 0x0218 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C267C, BlocksNum 0x1C7FE044 19:00:06.0453 0x0218 \Device\Harddisk1\DR3: 19:00:06.0453 0x0218 MBR partitions: 19:00:06.0453 0x0218 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x5F0, BlocksNum 0x3D3A10 19:00:06.0453 0x0218 ============================================================ 19:00:06.0468 0x0218 C: <-> \Device\Harddisk0\DR0\Partition1 19:00:06.0500 0x0218 D: <-> \Device\Harddisk0\DR0\Partition2 19:00:06.0500 0x0218 ============================================================ 19:00:06.0500 0x0218 Initialize success 19:00:06.0500 0x0218 ============================================================ 19:00:25.0265 0x05c8 ============================================================ 19:00:25.0265 0x05c8 Scan started 19:00:25.0265 0x05c8 Mode: Manual; SigCheck; TDLFS; 19:00:25.0265 0x05c8 ============================================================ 19:00:25.0265 0x05c8 KSN ping started 19:00:25.0312 0x05c8 KSN ping finished: false 19:00:25.0718 0x05c8 ================ Scan system memory ======================== 19:00:25.0718 0x05c8 System memory - ok 19:00:25.0718 0x05c8 ================ Scan services ============================= 19:00:25.0718 0x05c8 Suspicious service (NoAccess): 41d78ef79c384a09 19:00:25.0812 0x05c8 [ B2234CF29BF7D128FA69510E0F2D11E2, 11C378B58C37C42365897250DE874E51E612137AC83B181E206571FD173AF4DA ] 41d78ef79c384a09 D:\WINDOWS\System32\Drivers\41d78ef79c384a09.sys 19:00:25.0812 0x05c8 Suspicious file ( NoAccess ): D:\WINDOWS\System32\Drivers\41d78ef79c384a09.sys. md5: B2234CF29BF7D128FA69510E0F2D11E2, sha256: 11C378B58C37C42365897250DE874E51E612137AC83B181E206571FD173AF4DA 19:00:26.0406 0x05c8 41d78ef79c384a09 - detected Rootkit.Win32.Necurs.gen ( 0 ) 19:00:26.0562 0x05c8 41d78ef79c384a09 ( Rootkit.Win32.Necurs.gen ) - infected 19:00:26.0562 0x05c8 Force sending object to P2P due to detect: 41d78ef79c384a09 19:00:26.0562 0x05c8 Object send P2P result: false 19:00:26.0562 0x05c8 Abiosdsk - ok 19:00:26.0562 0x05c8 abp480n5 - ok 19:00:26.0656 0x05c8 ACDaemon - ok 19:00:26.0687 0x05c8 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI D:\WINDOWS\system32\DRIVERS\ACPI.sys 19:00:27.0531 0x05c8 ACPI - ok 19:00:27.0578 0x05c8 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC D:\WINDOWS\system32\drivers\ACPIEC.sys 19:00:27.0671 0x05c8 ACPIEC - ok 19:00:27.0671 0x05c8 adpu160m - ok 19:00:27.0703 0x05c8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec D:\WINDOWS\system32\drivers\aec.sys 19:00:27.0796 0x05c8 aec - ok 19:00:27.0843 0x05c8 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc D:\WINDOWS\system32\drivers\Afc.sys 19:00:27.0890 0x05c8 Afc - ok 19:00:27.0968 0x05c8 [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD D:\WINDOWS\System32\drivers\afd.sys 19:00:28.0062 0x05c8 AFD - ok 19:00:28.0062 0x05c8 Aha154x - ok 19:00:28.0062 0x05c8 aic78u2 - ok 19:00:28.0062 0x05c8 aic78xx - ok 19:00:28.0125 0x05c8 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter D:\WINDOWS\system32\alrsvc.dll 19:00:28.0234 0x05c8 Alerter - ok 19:00:28.0250 0x05c8 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG D:\WINDOWS\System32\alg.exe 19:00:28.0328 0x05c8 ALG - ok 19:00:28.0328 0x05c8 AliIde - ok 19:00:28.0421 0x05c8 [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt D:\WINDOWS\system32\drivers\Ambfilt.sys 19:00:28.0531 0x05c8 Ambfilt - ok 19:00:28.0562 0x05c8 [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] AmdPPM D:\WINDOWS\system32\DRIVERS\AmdPPM.sys 19:00:28.0609 0x05c8 AmdPPM - ok 19:00:28.0609 0x05c8 amsint - ok 19:00:28.0640 0x05c8 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt D:\WINDOWS\System32\appmgmts.dll 19:00:28.0734 0x05c8 AppMgmt - ok 19:00:28.0734 0x05c8 asc - ok 19:00:28.0750 0x05c8 asc3350p - ok 19:00:28.0750 0x05c8 asc3550 - ok 19:00:28.0796 0x05c8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac D:\WINDOWS\system32\DRIVERS\asyncmac.sys 19:00:28.0875 0x05c8 AsyncMac - ok 19:00:28.0906 0x05c8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi D:\WINDOWS\system32\DRIVERS\atapi.sys 19:00:28.0984 0x05c8 atapi - ok 19:00:29.0000 0x05c8 Atdisk - ok 19:00:29.0062 0x05c8 [ ECA673779ECD27D674953D692FE070F6, 6FBCAF6C347E06032C63B72261785109D0929BE1B23CA5465995803951954616 ] Ati HotKey Poller D:\WINDOWS\system32\Ati2evxx.exe 19:00:29.0125 0x05c8 Ati HotKey Poller - ok 19:00:29.0234 0x05c8 [ 15B2FE76E2ECEB98C49ED52311A6F26F, E917AEBD221BF2DB217C111F256033FDA2B28FE55C7E87DAD4A16B84E3FD9398 ] ati2mtag D:\WINDOWS\system32\DRIVERS\ati2mtag.sys 19:00:29.0390 0x05c8 ati2mtag - ok 19:00:29.0453 0x05c8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc D:\WINDOWS\system32\DRIVERS\atmarpc.sys 19:00:29.0546 0x05c8 Atmarpc - ok 19:00:29.0578 0x05c8 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv D:\WINDOWS\System32\audiosrv.dll 19:00:29.0656 0x05c8 AudioSrv - ok 19:00:29.0703 0x05c8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub D:\WINDOWS\system32\DRIVERS\audstub.sys 19:00:29.0781 0x05c8 audstub - ok 19:00:29.0828 0x05c8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep D:\WINDOWS\system32\drivers\Beep.sys 19:00:29.0906 0x05c8 Beep - ok 19:00:29.0953 0x05c8 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS D:\WINDOWS\system32\qmgr.dll 19:00:30.0062 0x05c8 BITS - ok 19:00:30.0093 0x05c8 [ 852A1BD08E7DFEB9E30B5440881C0501, 92D3F82A29D4466706DA0A30921B4AE5D67F08C2C4EF362EDB1A2D254A5AF068 ] BlueletAudio D:\WINDOWS\system32\DRIVERS\blueletaudio.sys 19:00:30.0109 0x05c8 BlueletAudio - ok 19:00:30.0125 0x05c8 [ 8FC27B12A02B43947787F0EF1885DF9B, 1C0A44406FCD78BB6410140512B2165F974CD1837400A818529E4054A358E7BF ] BlueletSCOAudio D:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys 19:00:30.0140 0x05c8 BlueletSCOAudio - ok 19:00:30.0171 0x05c8 [ B42057F06BBB98B31876C0B3F2B54E33, 779AF28378E8D37E784BEDBEE23DCFFC6C9C9068180F2A9058C91047E33ED078 ] Browser D:\WINDOWS\System32\browser.dll 19:00:30.0250 0x05c8 Browser - ok 19:00:30.0265 0x05c8 [ C5CCE2B26F73F8CF7F3C82159E79AA08, 09FDCB702ADB4A58F061D314BD7FD4A2BD487EA877F89A5F31B86BE0BBC24360 ] BT D:\WINDOWS\system32\DRIVERS\btnetdrv.sys 19:00:30.0265 0x05c8 BT - ok 19:00:30.0281 0x05c8 [ DA473D279420234170DA795F1CAD4479, A6958C700496695D9B24D570FDCCB47C114217426AACB3FABBBA1941C722008D ] Btcsrusb D:\WINDOWS\system32\Drivers\btcusb.sys 19:00:30.0281 0x05c8 Btcsrusb - ok 19:00:30.0328 0x05c8 [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum D:\WINDOWS\system32\DRIVERS\BthEnum.sys 19:00:30.0421 0x05c8 BthEnum - ok 19:00:30.0437 0x05c8 [ CE643D0918123D76A5CAAB008FCA9663, 045FA050D273C56AF13DC24A3E4AB14B236AC2CB4DD48D5B3180696096D3A931 ] BTHidEnum D:\WINDOWS\system32\Drivers\vbtenum.sys 19:00:30.0437 0x05c8 BTHidEnum - ok 19:00:30.0437 0x05c8 [ DFCA4FE4C8AEC786B4D0F432EB730F48, 3D9731A50127E86280B93466A3CAA90607027341E04EA3A8AE89B373DFC0A5B8 ] BTHidMgr D:\WINDOWS\system32\Drivers\BTHidMgr.sys 19:00:30.0453 0x05c8 BTHidMgr - ok 19:00:30.0453 0x05c8 [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM D:\WINDOWS\system32\DRIVERS\bthmodem.sys 19:00:30.0531 0x05c8 BTHMODEM - ok 19:00:30.0546 0x05c8 [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan D:\WINDOWS\system32\DRIVERS\bthpan.sys 19:00:30.0640 0x05c8 BthPan - ok 19:00:30.0671 0x05c8 [ 27D6108CFEBA7EF5AA976FC66EC77BBD, B0C3C61B3AF6358D9BE12DF56F741FE3CC5714950C74014EBED6804034D9D5DE ] BTHPORT D:\WINDOWS\system32\Drivers\BTHport.sys 19:00:30.0750 0x05c8 BTHPORT - ok 19:00:30.0796 0x05c8 [ 26C601EF7525E31379744ABFC6F35A1B, 842626D3A00DDA959A4AB730C0D551244DCDA15AC291FD70CC7324571A6088EC ] BthServ D:\WINDOWS\System32\bthserv.dll 19:00:30.0875 0x05c8 BthServ - ok 19:00:30.0890 0x05c8 [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB D:\WINDOWS\system32\Drivers\BTHUSB.sys 19:00:30.0968 0x05c8 BTHUSB - ok 19:00:31.0031 0x05c8 [ 4F26303BECBB7CC5CA8FF39593124CF2, 2953C2F0F81230B97ABD517F68367A3B787A2F02E780062386EFFF2F22E159BF ] BTNetFilter D:\Programme\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys 19:00:31.0046 0x05c8 BTNetFilter - ok 19:00:31.0062 0x05c8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k D:\WINDOWS\system32\drivers\cbidf2k.sys 19:00:31.0140 0x05c8 cbidf2k - ok 19:00:31.0140 0x05c8 cd20xrnt - ok 19:00:31.0171 0x05c8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio D:\WINDOWS\system32\drivers\Cdaudio.sys 19:00:31.0250 0x05c8 Cdaudio - ok 19:00:31.0296 0x05c8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs D:\WINDOWS\system32\drivers\Cdfs.sys 19:00:31.0375 0x05c8 Cdfs - ok 19:00:31.0375 0x05c8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom D:\WINDOWS\system32\DRIVERS\cdrom.sys 19:00:31.0468 0x05c8 Cdrom - ok 19:00:31.0468 0x05c8 Changer - ok 19:00:31.0500 0x05c8 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc D:\WINDOWS\system32\cisvc.exe 19:00:31.0578 0x05c8 CiSvc - ok 19:00:31.0593 0x05c8 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv D:\WINDOWS\system32\clipsrv.exe 19:00:31.0656 0x05c8 ClipSrv - ok 19:00:31.0656 0x05c8 CmdIde - ok 19:00:31.0671 0x05c8 COMSysApp - ok 19:00:31.0671 0x05c8 Cpqarray - ok 19:00:31.0687 0x05c8 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc D:\WINDOWS\System32\cryptsvc.dll 19:00:31.0765 0x05c8 CryptSvc - ok 19:00:31.0765 0x05c8 dac2w2k - ok 19:00:31.0765 0x05c8 dac960nt - ok 19:00:31.0828 0x05c8 [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] DcomLaunch D:\WINDOWS\system32\rpcss.dll 19:00:31.0921 0x05c8 DcomLaunch - ok 19:00:31.0984 0x05c8 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp D:\WINDOWS\System32\dhcpcsvc.dll 19:00:32.0062 0x05c8 Dhcp - ok 19:00:32.0093 0x05c8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk D:\WINDOWS\system32\DRIVERS\disk.sys 19:00:32.0171 0x05c8 Disk - ok 19:00:32.0187 0x05c8 dmadmin - ok 19:00:32.0234 0x05c8 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot D:\WINDOWS\system32\drivers\dmboot.sys 19:00:32.0343 0x05c8 dmboot - ok 19:00:32.0359 0x05c8 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio D:\WINDOWS\system32\drivers\dmio.sys 19:00:32.0437 0x05c8 dmio - ok 19:00:32.0468 0x05c8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload D:\WINDOWS\system32\drivers\dmload.sys 19:00:32.0546 0x05c8 dmload - ok 19:00:32.0578 0x05c8 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver D:\WINDOWS\System32\dmserver.dll 19:00:32.0656 0x05c8 dmserver - ok 19:00:32.0687 0x05c8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic D:\WINDOWS\system32\drivers\DMusic.sys 19:00:32.0765 0x05c8 DMusic - ok 19:00:32.0781 0x05c8 [ 8C9ED3B2834AAE63081AB2DA831C6FE9, 87D2931A5CD3658A28072BEC3F28384B91CC3B19D072CE9C69F119B80671C163 ] Dnscache D:\WINDOWS\System32\dnsrslvr.dll 19:00:32.0859 0x05c8 Dnscache - ok 19:00:32.0906 0x05c8 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc D:\WINDOWS\System32\dot3svc.dll 19:00:32.0984 0x05c8 Dot3svc - ok 19:00:33.0000 0x05c8 dpti2o - ok 19:00:33.0015 0x05c8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud D:\WINDOWS\system32\drivers\drmkaud.sys 19:00:33.0093 0x05c8 drmkaud - ok 19:00:33.0140 0x05c8 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost D:\WINDOWS\System32\eapsvc.dll 19:00:33.0718 0x05c8 EapHost - ok 19:00:33.0765 0x05c8 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc D:\WINDOWS\System32\ersvc.dll 19:00:33.0843 0x05c8 ERSvc - ok 19:00:33.0875 0x05c8 [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] Eventlog D:\WINDOWS\system32\services.exe 19:00:33.0953 0x05c8 Eventlog - ok 19:00:33.0984 0x05c8 [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C, 8FB19E57429EA5C35C43DADC9C37088A9AD6D039067DA7920DD6A3C9287D0FED ] EventSystem D:\WINDOWS\system32\es.dll 19:00:34.0062 0x05c8 EventSystem - ok 19:00:34.0109 0x05c8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat D:\WINDOWS\system32\drivers\Fastfat.sys 19:00:34.0187 0x05c8 Fastfat - ok 19:00:34.0234 0x05c8 [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] FastUserSwitchingCompatibility D:\WINDOWS\System32\shsvcs.dll 19:00:34.0312 0x05c8 FastUserSwitchingCompatibility - ok 19:00:34.0328 0x05c8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc D:\WINDOWS\system32\drivers\Fdc.sys 19:00:34.0390 0x05c8 Fdc - ok 19:00:34.0390 0x05c8 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips D:\WINDOWS\system32\drivers\Fips.sys 19:00:34.0468 0x05c8 Fips - ok 19:00:34.0468 0x05c8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk D:\WINDOWS\system32\drivers\Flpydisk.sys 19:00:34.0546 0x05c8 Flpydisk - ok 19:00:34.0593 0x05c8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr D:\WINDOWS\system32\drivers\fltmgr.sys 19:00:34.0656 0x05c8 FltMgr - ok 19:00:34.0671 0x05c8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec D:\WINDOWS\system32\drivers\Fs_Rec.sys 19:00:34.0750 0x05c8 Fs_Rec - ok 19:00:34.0765 0x05c8 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk D:\WINDOWS\system32\DRIVERS\ftdisk.sys 19:00:34.0843 0x05c8 Ftdisk - ok 19:00:34.0843 0x05c8 gdrv - ok 19:00:34.0890 0x05c8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc D:\WINDOWS\system32\DRIVERS\msgpc.sys 19:00:34.0953 0x05c8 Gpc - ok 19:00:34.0984 0x05c8 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus D:\WINDOWS\system32\DRIVERS\HDAudBus.sys 19:00:35.0062 0x05c8 HDAudBus - ok 19:00:35.0156 0x05c8 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 19:00:35.0218 0x05c8 helpsvc - ok 19:00:35.0250 0x05c8 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ D:\WINDOWS\System32\hidserv.dll 19:00:35.0312 0x05c8 HidServ - ok 19:00:35.0343 0x05c8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb D:\WINDOWS\system32\DRIVERS\hidusb.sys 19:00:35.0421 0x05c8 hidusb - ok 19:00:35.0468 0x05c8 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc D:\WINDOWS\System32\kmsvc.dll 19:00:35.0546 0x05c8 hkmsvc - ok 19:00:35.0546 0x05c8 hpn - ok 19:00:35.0593 0x05c8 [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP D:\WINDOWS\system32\Drivers\HTTP.sys 19:00:35.0671 0x05c8 HTTP - ok 19:00:35.0703 0x05c8 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter D:\WINDOWS\System32\w3ssl.dll 19:00:35.0781 0x05c8 HTTPFilter - ok 19:00:35.0781 0x05c8 i2omgmt - ok 19:00:35.0781 0x05c8 i2omp - ok 19:00:35.0828 0x05c8 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt D:\WINDOWS\system32\DRIVERS\i8042prt.sys 19:00:35.0906 0x05c8 i8042prt - ok 19:00:35.0921 0x05c8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi D:\WINDOWS\system32\DRIVERS\imapi.sys 19:00:36.0000 0x05c8 Imapi - ok 19:00:36.0031 0x05c8 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService D:\WINDOWS\system32\imapi.exe 19:00:36.0109 0x05c8 ImapiService - ok 19:00:36.0125 0x05c8 ini910u - ok 19:00:36.0312 0x05c8 [ 0C5A04F0FFAEBC25AC815EE14441A8CB, 1A140EFBAC42370180830543F765780508176CAD342541843F54F2B2BCFBD102 ] IntcAzAudAddService D:\WINDOWS\system32\drivers\RtkHDAud.sys 19:00:36.0531 0x05c8 IntcAzAudAddService - ok 19:00:36.0546 0x05c8 IntelIde - ok 19:00:36.0593 0x05c8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw D:\WINDOWS\system32\drivers\ip6fw.sys 19:00:36.0671 0x05c8 Ip6Fw - ok 19:00:36.0718 0x05c8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 19:00:36.0812 0x05c8 IpFilterDriver - ok 19:00:36.0859 0x05c8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp D:\WINDOWS\system32\DRIVERS\ipinip.sys 19:00:36.0921 0x05c8 IpInIp - ok 19:00:36.0953 0x05c8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat D:\WINDOWS\system32\DRIVERS\ipnat.sys 19:00:37.0046 0x05c8 IpNat - ok 19:00:37.0062 0x05c8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec D:\WINDOWS\system32\DRIVERS\ipsec.sys 19:00:37.0140 0x05c8 IPSec - ok 19:00:37.0140 0x05c8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM D:\WINDOWS\system32\DRIVERS\irenum.sys 19:00:37.0218 0x05c8 IRENUM - ok 19:00:37.0234 0x05c8 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp D:\WINDOWS\system32\DRIVERS\isapnp.sys 19:00:37.0296 0x05c8 isapnp - ok 19:00:37.0312 0x05c8 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass D:\WINDOWS\system32\DRIVERS\kbdclass.sys 19:00:37.0406 0x05c8 Kbdclass - ok 19:00:37.0421 0x05c8 [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid D:\WINDOWS\system32\DRIVERS\kbdhid.sys 19:00:37.0500 0x05c8 kbdhid - ok 19:00:37.0531 0x05c8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer D:\WINDOWS\system32\drivers\kmixer.sys 19:00:37.0609 0x05c8 kmixer - ok 19:00:37.0656 0x05c8 [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD D:\WINDOWS\system32\drivers\KSecDD.sys 19:00:37.0750 0x05c8 KSecDD - ok 19:00:37.0781 0x05c8 [ D6EB4916B203CBE525F8EFF5FD5AB16C, 93C0F25E7D018B85FE8725EF39F25AED80698D39356FA8FC9CA534F68C430EE8 ] lanmanserver D:\WINDOWS\System32\srvsvc.dll 19:00:37.0859 0x05c8 lanmanserver - ok 19:00:37.0906 0x05c8 [ C0DB1E9367681ECD7ECCA9615C1D0F9B, 0CB18C35032E39163645C1761A9488639D2EF0643D856FDAA013BFF8A69DC744 ] lanmanworkstation D:\WINDOWS\System32\wkssvc.dll 19:00:37.0984 0x05c8 lanmanworkstation - ok 19:00:37.0984 0x05c8 lbrtfdc - ok 19:00:38.0062 0x05c8 [ 9696786759C4B43FA5C894747E893EA2, 4E68CD3A109EF892F09E2A2E7805A53969B512E7F427A09880E2C2082513929F ] LightScribeService D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe 19:00:38.0062 0x05c8 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 ) 19:00:38.0078 0x05c8 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 19:00:38.0109 0x05c8 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts D:\WINDOWS\System32\lmhsvc.dll 19:00:38.0187 0x05c8 LmHosts - ok 19:00:38.0234 0x05c8 [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] MBAMProtector D:\WINDOWS\system32\drivers\mbam.sys 19:00:38.0234 0x05c8 MBAMProtector - ok 19:00:38.0343 0x05c8 [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler D:\Programme\Malwarebam\mbamscheduler.exe 19:00:38.0390 0x05c8 MBAMScheduler - ok 19:00:38.0484 0x05c8 [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService D:\Programme\Malwarebam\mbamservice.exe 19:00:38.0546 0x05c8 MBAMService - ok 19:00:38.0593 0x05c8 [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy D:\WINDOWS\system32\drivers\49F22E28.sys 19:00:38.0609 0x05c8 MBAMSwissArmy - ok 19:00:38.0640 0x05c8 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger D:\WINDOWS\System32\msgsvc.dll 19:00:38.0703 0x05c8 Messenger - ok 19:00:38.0750 0x05c8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd D:\WINDOWS\system32\drivers\mnmdd.sys 19:00:38.0828 0x05c8 mnmdd - ok 19:00:38.0875 0x05c8 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc D:\WINDOWS\system32\mnmsrvc.exe 19:00:38.0953 0x05c8 mnmsrvc - ok 19:00:38.0968 0x05c8 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem D:\WINDOWS\system32\drivers\Modem.sys 19:00:39.0062 0x05c8 Modem - ok 19:00:39.0140 0x05c8 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt D:\WINDOWS\system32\drivers\Monfilt.sys 19:00:39.0218 0x05c8 Monfilt - ok 19:00:39.0250 0x05c8 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass D:\WINDOWS\system32\DRIVERS\mouclass.sys 19:00:39.0328 0x05c8 Mouclass - ok 19:00:39.0343 0x05c8 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid D:\WINDOWS\system32\DRIVERS\mouhid.sys 19:00:39.0437 0x05c8 mouhid - ok 19:00:39.0437 0x05c8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr D:\WINDOWS\system32\drivers\MountMgr.sys 19:00:39.0515 0x05c8 MountMgr - ok 19:00:39.0531 0x05c8 MozillaMaintenance - ok 19:00:39.0531 0x05c8 mraid35x - ok 19:00:39.0546 0x05c8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV D:\WINDOWS\system32\DRIVERS\mrxdav.sys 19:00:39.0609 0x05c8 MRxDAV - ok 19:00:39.0640 0x05c8 [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb D:\WINDOWS\system32\DRIVERS\mrxsmb.sys 19:00:39.0718 0x05c8 MRxSmb - ok 19:00:39.0765 0x05c8 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC D:\WINDOWS\system32\msdtc.exe 19:00:39.0828 0x05c8 MSDTC - ok 19:00:39.0843 0x05c8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs D:\WINDOWS\system32\drivers\Msfs.sys 19:00:39.0906 0x05c8 Msfs - ok 19:00:39.0906 0x05c8 MSIServer - ok 19:00:39.0937 0x05c8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV D:\WINDOWS\system32\drivers\MSKSSRV.sys 19:00:40.0015 0x05c8 MSKSSRV - ok 19:00:40.0031 0x05c8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK D:\WINDOWS\system32\drivers\MSPCLOCK.sys 19:00:40.0093 0x05c8 MSPCLOCK - ok 19:00:40.0109 0x05c8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM D:\WINDOWS\system32\drivers\MSPQM.sys 19:00:40.0187 0x05c8 MSPQM - ok 19:00:40.0187 0x05c8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios D:\WINDOWS\system32\DRIVERS\mssmbios.sys 19:00:40.0265 0x05c8 mssmbios - ok 19:00:40.0281 0x05c8 [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup D:\WINDOWS\system32\drivers\Mup.sys 19:00:40.0343 0x05c8 Mup - ok 19:00:40.0390 0x05c8 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent D:\WINDOWS\System32\qagentrt.dll 19:00:40.0484 0x05c8 napagent - ok 19:00:40.0546 0x05c8 NAVENG - ok 19:00:40.0546 0x05c8 NAVEX15 - ok 19:00:40.0578 0x05c8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS D:\WINDOWS\system32\drivers\NDIS.sys 19:00:40.0656 0x05c8 NDIS - ok 19:00:40.0671 0x05c8 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi D:\WINDOWS\system32\DRIVERS\ndistapi.sys 19:00:40.0750 0x05c8 NdisTapi - ok 19:00:40.0765 0x05c8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio D:\WINDOWS\system32\DRIVERS\ndisuio.sys 19:00:40.0828 0x05c8 Ndisuio - ok 19:00:40.0828 0x05c8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan D:\WINDOWS\system32\DRIVERS\ndiswan.sys 19:00:40.0937 0x05c8 NdisWan - ok 19:00:40.0953 0x05c8 [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy D:\WINDOWS\system32\drivers\NDProxy.sys 19:00:41.0031 0x05c8 NDProxy - ok 19:00:41.0046 0x05c8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS D:\WINDOWS\system32\DRIVERS\netbios.sys 19:00:41.0125 0x05c8 NetBIOS - ok 19:00:41.0140 0x05c8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT D:\WINDOWS\system32\DRIVERS\netbt.sys 19:00:41.0234 0x05c8 NetBT - ok 19:00:41.0265 0x05c8 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE D:\WINDOWS\system32\netdde.exe 19:00:41.0343 0x05c8 NetDDE - ok 19:00:41.0343 0x05c8 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm D:\WINDOWS\system32\netdde.exe 19:00:41.0421 0x05c8 NetDDEdsdm - ok 19:00:41.0468 0x05c8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon D:\WINDOWS\system32\lsass.exe 19:00:41.0546 0x05c8 Netlogon - ok 19:00:41.0562 0x05c8 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman D:\WINDOWS\System32\netman.dll 19:00:41.0640 0x05c8 Netman - ok 19:00:41.0671 0x05c8 [ F12B9D9A069331877D006CC81B4735F9, 28EEE4A21412174BE0CAF7B041DAAB8299AA59EA5F6E41B8AFDD1A4DA770C793 ] Nla D:\WINDOWS\System32\mswsock.dll 19:00:41.0750 0x05c8 Nla - ok 19:00:41.0750 0x05c8 Norton Internet Security - ok 19:00:41.0796 0x05c8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs D:\WINDOWS\system32\drivers\Npfs.sys 19:00:41.0859 0x05c8 Npfs - ok 19:00:41.0906 0x05c8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs D:\WINDOWS\system32\drivers\Ntfs.sys 19:00:42.0015 0x05c8 Ntfs - ok 19:00:42.0046 0x05c8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp D:\WINDOWS\system32\lsass.exe 19:00:42.0109 0x05c8 NtLmSsp - ok 19:00:42.0171 0x05c8 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc D:\WINDOWS\system32\ntmssvc.dll 19:00:42.0265 0x05c8 NtmsSvc - ok 19:00:42.0296 0x05c8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null D:\WINDOWS\system32\drivers\Null.sys 19:00:42.0359 0x05c8 Null - ok 19:00:42.0406 0x05c8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 19:00:42.0484 0x05c8 NwlnkFlt - ok 19:00:42.0500 0x05c8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 19:00:42.0578 0x05c8 NwlnkFwd - ok 19:00:42.0656 0x05c8 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 19:00:42.0656 0x05c8 ose - ok 19:00:42.0703 0x05c8 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport D:\WINDOWS\system32\DRIVERS\parport.sys 19:00:42.0781 0x05c8 Parport - ok 19:00:42.0796 0x05c8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr D:\WINDOWS\system32\drivers\PartMgr.sys 19:00:42.0875 0x05c8 PartMgr - ok 19:00:42.0921 0x05c8 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm D:\WINDOWS\system32\drivers\ParVdm.sys 19:00:43.0000 0x05c8 ParVdm - ok 19:00:43.0000 0x05c8 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI D:\WINDOWS\system32\DRIVERS\pci.sys 19:00:43.0078 0x05c8 PCI - ok 19:00:43.0078 0x05c8 PCIDump - ok 19:00:43.0078 0x05c8 [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde D:\WINDOWS\system32\DRIVERS\pciide.sys 19:00:43.0187 0x05c8 PCIIde - ok 19:00:43.0203 0x05c8 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia D:\WINDOWS\system32\drivers\Pcmcia.sys 19:00:43.0281 0x05c8 Pcmcia - ok 19:00:43.0296 0x05c8 PDCOMP - ok 19:00:43.0296 0x05c8 PDFRAME - ok 19:00:43.0296 0x05c8 PDRELI - ok 19:00:43.0296 0x05c8 PDRFRAME - ok 19:00:43.0312 0x05c8 perc2 - ok 19:00:43.0312 0x05c8 perc2hib - ok 19:00:43.0328 0x05c8 [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] PlugPlay D:\WINDOWS\system32\services.exe 19:00:43.0406 0x05c8 PlugPlay - ok 19:00:43.0406 0x05c8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent D:\WINDOWS\system32\lsass.exe 19:00:43.0468 0x05c8 PolicyAgent - ok 19:00:43.0515 0x05c8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport D:\WINDOWS\system32\DRIVERS\raspptp.sys 19:00:43.0593 0x05c8 PptpMiniport - ok 19:00:43.0609 0x05c8 [ 2CB55427C58679F49AD600FCCBA76360, 2B5242E9637FCB6A7C16F720C9D8D440AA88B61FB5F108B295A208886C01C4D1 ] Processor D:\WINDOWS\system32\DRIVERS\processr.sys 19:00:43.0671 0x05c8 Processor - ok 19:00:43.0687 0x05c8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage D:\WINDOWS\system32\lsass.exe 19:00:43.0750 0x05c8 ProtectedStorage - ok 19:00:43.0750 0x05c8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched D:\WINDOWS\system32\DRIVERS\psched.sys 19:00:43.0828 0x05c8 PSched - ok 19:00:43.0843 0x05c8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink D:\WINDOWS\system32\DRIVERS\ptilink.sys 19:00:43.0937 0x05c8 Ptilink - ok 19:00:43.0937 0x05c8 ql1080 - ok 19:00:43.0937 0x05c8 Ql10wnt - ok 19:00:43.0937 0x05c8 ql12160 - ok 19:00:43.0953 0x05c8 ql1240 - ok 19:00:43.0953 0x05c8 ql1280 - ok 19:00:43.0968 0x05c8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd D:\WINDOWS\system32\DRIVERS\rasacd.sys 19:00:44.0046 0x05c8 RasAcd - ok 19:00:44.0093 0x05c8 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto D:\WINDOWS\System32\rasauto.dll 19:00:44.0171 0x05c8 RasAuto - ok 19:00:44.0218 0x05c8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp D:\WINDOWS\system32\DRIVERS\rasl2tp.sys 19:00:44.0296 0x05c8 Rasl2tp - ok 19:00:44.0343 0x05c8 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan D:\WINDOWS\System32\rasmans.dll 19:00:44.0406 0x05c8 RasMan - ok 19:00:44.0406 0x05c8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe D:\WINDOWS\system32\DRIVERS\raspppoe.sys 19:00:44.0500 0x05c8 RasPppoe - ok 19:00:44.0500 0x05c8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti D:\WINDOWS\system32\DRIVERS\raspti.sys 19:00:44.0578 0x05c8 Raspti - ok 19:00:44.0593 0x05c8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss D:\WINDOWS\system32\DRIVERS\rdbss.sys 19:00:44.0671 0x05c8 Rdbss - ok 19:00:44.0687 0x05c8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD D:\WINDOWS\system32\DRIVERS\RDPCDD.sys 19:00:44.0781 0x05c8 RDPCDD - ok 19:00:44.0781 0x05c8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr D:\WINDOWS\system32\DRIVERS\rdpdr.sys 19:00:44.0875 0x05c8 rdpdr - ok 19:00:44.0906 0x05c8 [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD D:\WINDOWS\system32\drivers\RDPWD.sys 19:00:44.0984 0x05c8 RDPWD - ok 19:00:45.0015 0x05c8 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr D:\WINDOWS\system32\sessmgr.exe 19:00:45.0109 0x05c8 RDSessMgr - ok 19:00:45.0156 0x05c8 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook D:\WINDOWS\system32\DRIVERS\redbook.sys 19:00:45.0218 0x05c8 redbook - ok 19:00:45.0250 0x05c8 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess D:\WINDOWS\System32\mprdim.dll 19:00:45.0343 0x05c8 RemoteAccess - ok 19:00:45.0390 0x05c8 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry D:\WINDOWS\system32\regsvc.dll 19:00:45.0468 0x05c8 RemoteRegistry - ok 19:00:45.0515 0x05c8 [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM D:\WINDOWS\system32\DRIVERS\rfcomm.sys 19:00:45.0578 0x05c8 RFCOMM - ok 19:00:45.0625 0x05c8 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM D:\WINDOWS\system32\Drivers\RootMdm.sys 19:00:45.0687 0x05c8 ROOTMODEM - ok 19:00:45.0703 0x05c8 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator D:\WINDOWS\system32\locator.exe 19:00:45.0781 0x05c8 RpcLocator - ok 19:00:45.0796 0x05c8 [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] RpcSs D:\WINDOWS\system32\rpcss.dll 19:00:45.0890 0x05c8 RpcSs - ok 19:00:45.0906 0x05c8 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP D:\WINDOWS\system32\rsvp.exe 19:00:46.0000 0x05c8 RSVP - ok 19:00:46.0156 0x05c8 [ 1674A34F0084BFFDEC2DCDB1625A87F0, 139F0F18779009EBDD72AEFCC8395B0F818A197E7B1D624896D88D7399026281 ] RTHDMIAzAudService D:\WINDOWS\system32\drivers\RtKHDMI.sys 19:00:46.0296 0x05c8 RTHDMIAzAudService - ok 19:00:46.0328 0x05c8 [ 00FD6811350E175585ABCF7D4A61DD90, 00B54CB6547E47E6A2B8AE4BB220E68BBFECF2188CB7DFE651B50F7FE6AC7E9D ] RTLE8023xp D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 19:00:46.0359 0x05c8 RTLE8023xp - ok 19:00:46.0390 0x05c8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs D:\WINDOWS\system32\lsass.exe 19:00:46.0453 0x05c8 SamSs - ok 19:00:46.0484 0x05c8 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr D:\WINDOWS\System32\SCardSvr.exe 19:00:46.0562 0x05c8 SCardSvr - ok 19:00:46.0625 0x05c8 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule D:\WINDOWS\system32\schedsvc.dll 19:00:46.0703 0x05c8 Schedule - ok 19:00:46.0734 0x05c8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv D:\WINDOWS\system32\DRIVERS\secdrv.sys 19:00:46.0796 0x05c8 Secdrv - ok 19:00:46.0828 0x05c8 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon D:\WINDOWS\System32\seclogon.dll 19:00:46.0921 0x05c8 seclogon - ok 19:00:46.0921 0x05c8 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS D:\WINDOWS\system32\sens.dll 19:00:46.0984 0x05c8 SENS - ok 19:00:47.0015 0x05c8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum D:\WINDOWS\system32\DRIVERS\serenum.sys 19:00:47.0078 0x05c8 serenum - ok 19:00:47.0078 0x05c8 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial D:\WINDOWS\system32\DRIVERS\serial.sys 19:00:47.0156 0x05c8 Serial - ok 19:00:47.0171 0x05c8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy D:\WINDOWS\system32\drivers\Sfloppy.sys 19:00:47.0250 0x05c8 Sfloppy - ok 19:00:47.0296 0x05c8 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess D:\WINDOWS\System32\ipnathlp.dll 19:00:47.0375 0x05c8 SharedAccess - ok 19:00:47.0406 0x05c8 [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] ShellHWDetection D:\WINDOWS\System32\shsvcs.dll 19:00:47.0468 0x05c8 ShellHWDetection - ok 19:00:47.0468 0x05c8 Simbad - ok 19:00:47.0468 0x05c8 Sparrow - ok 19:00:47.0515 0x05c8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter D:\WINDOWS\system32\drivers\splitter.sys 19:00:47.0593 0x05c8 splitter - ok 19:00:47.0640 0x05c8 [ 39356A9CDB6753A6D13A4072A9F5A4BB, 7E41478460B0FFE7606F245B74AD60244816F4523FD4355C26BADF724BCE6575 ] Spooler D:\WINDOWS\system32\spoolsv.exe 19:00:47.0718 0x05c8 Spooler - ok 19:00:47.0734 0x05c8 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr D:\WINDOWS\system32\DRIVERS\sr.sys 19:00:47.0796 0x05c8 sr - ok 19:00:47.0828 0x05c8 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice D:\WINDOWS\system32\srsvc.dll 19:00:47.0906 0x05c8 srservice - ok 19:00:47.0906 0x05c8 SRTSP - ok 19:00:47.0921 0x05c8 SRTSPX - ok 19:00:47.0953 0x05c8 [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] Srv D:\WINDOWS\system32\DRIVERS\srv.sys 19:00:48.0031 0x05c8 Srv - ok 19:00:48.0062 0x05c8 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV D:\WINDOWS\System32\ssdpsrv.dll 19:00:48.0125 0x05c8 SSDPSRV - ok 19:00:48.0171 0x05c8 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc D:\WINDOWS\system32\wiaservc.dll 19:00:48.0265 0x05c8 stisvc - ok 19:00:48.0296 0x05c8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum D:\WINDOWS\system32\DRIVERS\swenum.sys 19:00:48.0375 0x05c8 swenum - ok 19:00:48.0390 0x05c8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi D:\WINDOWS\system32\drivers\swmidi.sys 19:00:48.0468 0x05c8 swmidi - ok 19:00:48.0468 0x05c8 SwPrv - ok 19:00:48.0468 0x05c8 symc810 - ok 19:00:48.0468 0x05c8 symc8xx - ok 19:00:48.0484 0x05c8 sym_hi - ok 19:00:48.0484 0x05c8 sym_u3 - ok 19:00:48.0500 0x05c8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio D:\WINDOWS\system32\drivers\sysaudio.sys 19:00:48.0578 0x05c8 sysaudio - ok 19:00:48.0625 0x05c8 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog D:\WINDOWS\system32\smlogsvc.exe 19:00:48.0703 0x05c8 SysmonLog - ok 19:00:48.0718 0x05c8 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv D:\WINDOWS\System32\tapisrv.dll 19:00:48.0796 0x05c8 TapiSrv - ok 19:00:48.0843 0x05c8 [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] Tcpip D:\WINDOWS\system32\DRIVERS\tcpip.sys 19:00:48.0921 0x05c8 Tcpip - ok 19:00:48.0953 0x05c8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE D:\WINDOWS\system32\drivers\TDPIPE.sys 19:00:49.0031 0x05c8 TDPIPE - ok 19:00:49.0031 0x05c8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP D:\WINDOWS\system32\drivers\TDTCP.sys 19:00:49.0093 0x05c8 TDTCP - ok 19:00:49.0109 0x05c8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD D:\WINDOWS\system32\DRIVERS\termdd.sys 19:00:49.0187 0x05c8 TermDD - ok 19:00:49.0234 0x05c8 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService D:\WINDOWS\System32\termsrv.dll 19:00:49.0312 0x05c8 TermService - ok 19:00:49.0343 0x05c8 [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] Themes D:\WINDOWS\System32\shsvcs.dll 19:00:49.0406 0x05c8 Themes - ok 19:00:49.0437 0x05c8 [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr D:\WINDOWS\system32\tlntsvr.exe 19:00:49.0500 0x05c8 TlntSvr - ok 19:00:49.0515 0x05c8 TosIde - ok 19:00:49.0531 0x05c8 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks D:\WINDOWS\system32\trkwks.dll 19:00:49.0625 0x05c8 TrkWks - ok 19:00:49.0656 0x05c8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs D:\WINDOWS\system32\drivers\Udfs.sys 19:00:49.0734 0x05c8 Udfs - ok 19:00:49.0734 0x05c8 ultra - ok 19:00:49.0796 0x05c8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update D:\WINDOWS\system32\DRIVERS\update.sys 19:00:49.0875 0x05c8 Update - ok 19:00:49.0906 0x05c8 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost D:\WINDOWS\System32\upnphost.dll 19:00:50.0000 0x05c8 upnphost - ok 19:00:50.0015 0x05c8 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS D:\WINDOWS\System32\ups.exe 19:00:50.0093 0x05c8 UPS - ok 19:00:50.0140 0x05c8 [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp D:\WINDOWS\system32\DRIVERS\usbccgp.sys 19:00:50.0218 0x05c8 usbccgp - ok 19:00:50.0265 0x05c8 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci D:\WINDOWS\system32\DRIVERS\usbehci.sys 19:00:50.0328 0x05c8 usbehci - ok 19:00:50.0343 0x05c8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub D:\WINDOWS\system32\DRIVERS\usbhub.sys 19:00:50.0421 0x05c8 usbhub - ok 19:00:50.0437 0x05c8 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci D:\WINDOWS\system32\DRIVERS\usbohci.sys 19:00:50.0500 0x05c8 usbohci - ok 19:00:50.0546 0x05c8 [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan D:\WINDOWS\system32\DRIVERS\usbscan.sys 19:00:50.0625 0x05c8 usbscan - ok 19:00:50.0671 0x05c8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:00:50.0734 0x05c8 usbstor - ok 19:00:50.0781 0x05c8 [ 51750B0539986186C6931FC40D171521, 8288954D1393D8D3EEECDF79A73FB82E19B03B67022AFE9C20E99134E6E4C8BF ] VComm D:\WINDOWS\system32\DRIVERS\VComm.sys 19:00:50.0781 0x05c8 VComm - ok 19:00:50.0796 0x05c8 [ 6D9C891C0A761AFED1F3609C2E56F2B9, 53A528AB64CE5567C05194D006F066E8ABA572DCF305A42A5915EFE66A127BDA ] VcommMgr D:\WINDOWS\system32\Drivers\VcommMgr.sys 19:00:50.0796 0x05c8 VcommMgr - ok 19:00:50.0843 0x05c8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave D:\WINDOWS\System32\drivers\vga.sys 19:00:50.0921 0x05c8 VgaSave - ok 19:00:50.0921 0x05c8 ViaIde - ok 19:00:50.0953 0x05c8 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap D:\WINDOWS\system32\drivers\VolSnap.sys 19:00:51.0031 0x05c8 VolSnap - ok 19:00:51.0078 0x05c8 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS D:\WINDOWS\System32\vssvc.exe 19:00:51.0171 0x05c8 VSS - ok 19:00:51.0187 0x05c8 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time D:\WINDOWS\system32\w32time.dll 19:00:51.0265 0x05c8 W32Time - ok 19:00:51.0296 0x05c8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp D:\WINDOWS\system32\DRIVERS\wanarp.sys 19:00:51.0375 0x05c8 Wanarp - ok 19:00:51.0375 0x05c8 WDICA - ok 19:00:51.0390 0x05c8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud D:\WINDOWS\system32\drivers\wdmaud.sys 19:00:51.0453 0x05c8 wdmaud - ok 19:00:51.0500 0x05c8 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient D:\WINDOWS\System32\webclnt.dll 19:00:51.0578 0x05c8 WebClient - ok 19:00:51.0671 0x05c8 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt D:\WINDOWS\system32\wbem\WMIsvc.dll 19:00:51.0750 0x05c8 winmgmt - ok 19:00:51.0796 0x05c8 [ 6E18978B749F0696A774DE3F2CB142DD, 4BBE31A78F6CF474A4CFDBB7C365DE058247F8BFA21F7E563111E84D8937BC26 ] WmdmPmSN D:\WINDOWS\system32\mspmsnsv.dll 19:00:51.0875 0x05c8 WmdmPmSN - ok 19:00:51.0921 0x05c8 [ 53E1CCF332A2F40B5E08476921CD8B44, BBD472701811695EB8BD06CB3DFAF07D2632E1D271B387395455FE9B274CB470 ] Wmi D:\WINDOWS\System32\advapi32.dll 19:00:52.0046 0x05c8 Wmi - ok 19:00:52.0078 0x05c8 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv D:\WINDOWS\system32\wbem\wmiapsrv.exe 19:00:52.0156 0x05c8 WmiApSrv - ok 19:00:52.0203 0x05c8 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL D:\WINDOWS\System32\drivers\ws2ifsl.sys 19:00:52.0265 0x05c8 WS2IFSL - ok 19:00:52.0312 0x05c8 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc D:\WINDOWS\system32\wscsvc.dll 19:00:52.0390 0x05c8 wscsvc - ok 19:00:52.0421 0x05c8 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv D:\WINDOWS\system32\wuauserv.dll 19:00:52.0515 0x05c8 wuauserv - ok 19:00:52.0562 0x05c8 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC D:\WINDOWS\System32\wzcsvc.dll 19:00:52.0656 0x05c8 WZCSVC - ok 19:00:52.0718 0x05c8 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov D:\WINDOWS\System32\xmlprov.dll 19:00:52.0828 0x05c8 xmlprov - ok 19:00:52.0828 0x05c8 ================ Scan global =============================== 19:00:52.0875 0x05c8 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] D:\WINDOWS\system32\basesrv.dll 19:00:52.0906 0x05c8 [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] D:\WINDOWS\system32\winsrv.dll 19:00:52.0921 0x05c8 [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] D:\WINDOWS\system32\winsrv.dll 19:00:52.0937 0x05c8 [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] D:\WINDOWS\system32\services.exe 19:00:52.0953 0x05c8 [ Global ] - ok 19:00:52.0953 0x05c8 ================ Scan MBR ================================== 19:00:52.0968 0x05c8 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 19:00:53.0140 0x05c8 \Device\Harddisk0\DR0 - ok 19:00:53.0156 0x05c8 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR3 19:00:53.0312 0x05c8 \Device\Harddisk1\DR3 - ok 19:00:53.0312 0x05c8 ================ Scan VBR ================================== 19:00:53.0312 0x05c8 [ EEA1061F0EF31F4EDA64FCBE1BD45D45 ] \Device\Harddisk0\DR0\Partition1 19:00:53.0312 0x05c8 \Device\Harddisk0\DR0\Partition1 - ok 19:00:53.0328 0x05c8 [ B4F7B80D6A8D52769E63625C7E1C6299 ] \Device\Harddisk0\DR0\Partition2 19:00:53.0328 0x05c8 \Device\Harddisk0\DR0\Partition2 - ok 19:00:53.0328 0x05c8 [ 6A7D02BEED42A7C411D6FF9B31958F5E ] \Device\Harddisk1\DR3\Partition1 19:00:53.0328 0x05c8 \Device\Harddisk1\DR3\Partition1 - ok 19:00:53.0328 0x05c8 ================ Scan active images ======================== 19:00:53.0328 0x05c8 [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] D:\WINDOWS\system32\drivers\AmdPPM.sys 19:00:53.0328 0x05c8 D:\WINDOWS\system32\drivers\AmdPPM.sys - ok 19:00:53.0328 0x05c8 [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] D:\WINDOWS\system32\drivers\videoprt.sys 19:00:53.0328 0x05c8 D:\WINDOWS\system32\drivers\videoprt.sys - ok 19:00:53.0343 0x05c8 [ 15B2FE76E2ECEB98C49ED52311A6F26F, E917AEBD221BF2DB217C111F256033FDA2B28FE55C7E87DAD4A16B84E3FD9398 ] D:\WINDOWS\system32\drivers\ati2mtag.sys 19:00:53.0343 0x05c8 D:\WINDOWS\system32\drivers\ati2mtag.sys - ok 19:00:53.0343 0x05c8 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] D:\WINDOWS\system32\drivers\hdaudbus.sys 19:00:53.0343 0x05c8 D:\WINDOWS\system32\drivers\hdaudbus.sys - ok 19:00:53.0343 0x05c8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] D:\WINDOWS\system32\drivers\imapi.sys 19:00:53.0343 0x05c8 D:\WINDOWS\system32\drivers\imapi.sys - ok 19:00:53.0343 0x05c8 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] D:\WINDOWS\system32\drivers\afc.sys 19:00:53.0343 0x05c8 D:\WINDOWS\system32\drivers\afc.sys - ok 19:00:53.0343 0x05c8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] D:\WINDOWS\system32\drivers\cdrom.sys 19:00:53.0343 0x05c8 D:\WINDOWS\system32\drivers\cdrom.sys - ok 19:00:53.0359 0x05c8 [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] D:\WINDOWS\system32\drivers\ks.sys 19:00:53.0359 0x05c8 D:\WINDOWS\system32\drivers\ks.sys - ok 19:00:53.0359 0x05c8 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] D:\WINDOWS\system32\drivers\redbook.sys 19:00:53.0359 0x05c8 D:\WINDOWS\system32\drivers\redbook.sys - ok 19:00:53.0359 0x05c8 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] D:\WINDOWS\system32\drivers\usbohci.sys 19:00:53.0359 0x05c8 D:\WINDOWS\system32\drivers\usbohci.sys - ok 19:00:53.0359 0x05c8 [ 791912E524CC2CC6F50B5F2B52D1EB71, 2B269372E5B39B03089F781CC69AE519D1C840A80ADBE15EA3787FBCDE97F1A8 ] D:\WINDOWS\system32\drivers\usbport.sys 19:00:53.0359 0x05c8 D:\WINDOWS\system32\drivers\usbport.sys - ok 19:00:53.0359 0x05c8 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] D:\WINDOWS\system32\drivers\parport.sys 19:00:53.0359 0x05c8 D:\WINDOWS\system32\drivers\parport.sys - ok 19:00:53.0375 0x05c8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] D:\WINDOWS\system32\drivers\serenum.sys 19:00:53.0375 0x05c8 D:\WINDOWS\system32\drivers\serenum.sys - ok 19:00:53.0375 0x05c8 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] D:\WINDOWS\system32\drivers\serial.sys 19:00:53.0375 0x05c8 D:\WINDOWS\system32\drivers\serial.sys - ok 19:00:53.0375 0x05c8 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] D:\WINDOWS\system32\drivers\usbehci.sys 19:00:53.0375 0x05c8 D:\WINDOWS\system32\drivers\usbehci.sys - ok 19:00:53.0375 0x05c8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] D:\WINDOWS\system32\drivers\audstub.sys 19:00:53.0375 0x05c8 D:\WINDOWS\system32\drivers\audstub.sys - ok 19:00:53.0390 0x05c8 [ 852A1BD08E7DFEB9E30B5440881C0501, 92D3F82A29D4466706DA0A30921B4AE5D67F08C2C4EF362EDB1A2D254A5AF068 ] D:\WINDOWS\system32\drivers\blueletaudio.sys 19:00:53.0390 0x05c8 D:\WINDOWS\system32\drivers\blueletaudio.sys - ok 19:00:53.0390 0x05c8 [ 8FC27B12A02B43947787F0EF1885DF9B, 1C0A44406FCD78BB6410140512B2165F974CD1837400A818529E4054A358E7BF ] D:\WINDOWS\system32\drivers\BlueletSCOAudio.sys 19:00:53.0390 0x05c8 D:\WINDOWS\system32\drivers\BlueletSCOAudio.sys - ok 19:00:53.0390 0x05c8 [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] D:\WINDOWS\system32\drivers\drmk.sys 19:00:53.0390 0x05c8 D:\WINDOWS\system32\drivers\drmk.sys - ok 19:00:53.0390 0x05c8 [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] D:\WINDOWS\system32\drivers\portcls.sys 19:00:53.0390 0x05c8 D:\WINDOWS\system32\drivers\portcls.sys - ok 19:00:53.0390 0x05c8 [ 6D9C891C0A761AFED1F3609C2E56F2B9, 53A528AB64CE5567C05194D006F066E8ABA572DCF305A42A5915EFE66A127BDA ] D:\WINDOWS\system32\drivers\VcommMgr.sys 19:00:53.0390 0x05c8 D:\WINDOWS\system32\drivers\VcommMgr.sys - ok 19:00:53.0406 0x05c8 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] D:\WINDOWS\system32\drivers\modem.sys 19:00:53.0406 0x05c8 D:\WINDOWS\system32\drivers\modem.sys - ok 19:00:53.0406 0x05c8 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] D:\WINDOWS\system32\drivers\ndistapi.sys 19:00:53.0406 0x05c8 D:\WINDOWS\system32\drivers\ndistapi.sys - ok 19:00:53.0406 0x05c8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] D:\WINDOWS\system32\drivers\ndiswan.sys 19:00:53.0406 0x05c8 D:\WINDOWS\system32\drivers\ndiswan.sys - ok 19:00:53.0406 0x05c8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] D:\WINDOWS\system32\drivers\rasl2tp.sys 19:00:53.0406 0x05c8 D:\WINDOWS\system32\drivers\rasl2tp.sys - ok 19:00:53.0406 0x05c8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] D:\WINDOWS\system32\drivers\raspppoe.sys 19:00:53.0406 0x05c8 D:\WINDOWS\system32\drivers\raspppoe.sys - ok 19:00:53.0421 0x05c8 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] D:\WINDOWS\system32\drivers\rootmdm.sys 19:00:53.0421 0x05c8 D:\WINDOWS\system32\drivers\rootmdm.sys - ok 19:00:53.0421 0x05c8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] D:\WINDOWS\system32\drivers\msgpc.sys 19:00:53.0421 0x05c8 D:\WINDOWS\system32\drivers\msgpc.sys - ok 19:00:53.0421 0x05c8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] D:\WINDOWS\system32\drivers\psched.sys 19:00:53.0421 0x05c8 D:\WINDOWS\system32\drivers\psched.sys - ok 19:00:53.0421 0x05c8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] D:\WINDOWS\system32\drivers\raspptp.sys 19:00:53.0421 0x05c8 D:\WINDOWS\system32\drivers\raspptp.sys - ok 19:00:53.0437 0x05c8 [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] D:\WINDOWS\system32\drivers\tdi.sys 19:00:53.0437 0x05c8 D:\WINDOWS\system32\drivers\tdi.sys - ok 19:00:53.0437 0x05c8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] D:\WINDOWS\system32\drivers\ptilink.sys 19:00:53.0437 0x05c8 D:\WINDOWS\system32\drivers\ptilink.sys - ok 19:00:53.0437 0x05c8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] D:\WINDOWS\system32\drivers\raspti.sys 19:00:53.0437 0x05c8 D:\WINDOWS\system32\drivers\raspti.sys - ok 19:00:53.0437 0x05c8 [ 51750B0539986186C6931FC40D171521, 8288954D1393D8D3EEECDF79A73FB82E19B03B67022AFE9C20E99134E6E4C8BF ] D:\WINDOWS\system32\drivers\VComm.sys 19:00:53.0437 0x05c8 D:\WINDOWS\system32\drivers\VComm.sys - ok 19:00:53.0437 0x05c8 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] D:\WINDOWS\system32\drivers\kbdclass.sys 19:00:53.0437 0x05c8 D:\WINDOWS\system32\drivers\kbdclass.sys - ok 19:00:53.0453 0x05c8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] D:\WINDOWS\system32\drivers\rdpdr.sys 19:00:53.0453 0x05c8 D:\WINDOWS\system32\drivers\rdpdr.sys - ok 19:00:53.0453 0x05c8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] D:\WINDOWS\system32\drivers\termdd.sys 19:00:53.0453 0x05c8 D:\WINDOWS\system32\drivers\termdd.sys - ok 19:00:53.0453 0x05c8 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] D:\WINDOWS\system32\drivers\mouclass.sys 19:00:53.0453 0x05c8 D:\WINDOWS\system32\drivers\mouclass.sys - ok 19:00:53.0453 0x05c8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] D:\WINDOWS\system32\drivers\swenum.sys 19:00:53.0453 0x05c8 D:\WINDOWS\system32\drivers\swenum.sys - ok 19:00:53.0453 0x05c8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] D:\WINDOWS\system32\drivers\update.sys 19:00:53.0453 0x05c8 D:\WINDOWS\system32\drivers\update.sys - ok 19:00:53.0468 0x05c8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] D:\WINDOWS\system32\drivers\mssmbios.sys 19:00:53.0468 0x05c8 D:\WINDOWS\system32\drivers\mssmbios.sys - ok 19:00:53.0468 0x05c8 [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] D:\WINDOWS\system32\drivers\ndproxy.sys 19:00:53.0468 0x05c8 D:\WINDOWS\system32\drivers\ndproxy.sys - ok 19:00:53.0468 0x05c8 [ 1674A34F0084BFFDEC2DCDB1625A87F0, 139F0F18779009EBDD72AEFCC8395B0F818A197E7B1D624896D88D7399026281 ] D:\WINDOWS\system32\drivers\RtKHDMI.sys 19:00:53.0468 0x05c8 D:\WINDOWS\system32\drivers\RtKHDMI.sys - ok 19:00:53.0468 0x05c8 [ 596EB39B50D6EBD9B734DC4AE0544693, EFCA2CFFFB8467BAC63F5174F125FEEFFA1F29491285C5BF99B3A2B2A6A25934 ] D:\WINDOWS\system32\drivers\usbd.sys 19:00:53.0468 0x05c8 D:\WINDOWS\system32\drivers\usbd.sys - ok 19:00:53.0484 0x05c8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] D:\WINDOWS\system32\drivers\usbhub.sys 19:00:53.0484 0x05c8 D:\WINDOWS\system32\drivers\usbhub.sys - ok 19:00:53.0484 0x05c8 [ 0C5A04F0FFAEBC25AC815EE14441A8CB, 1A140EFBAC42370180830543F765780508176CAD342541843F54F2B2BCFBD102 ] D:\WINDOWS\system32\drivers\RtkHDAud.sys 19:00:53.0484 0x05c8 D:\WINDOWS\system32\drivers\RtkHDAud.sys - ok 19:00:53.0484 0x05c8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] D:\WINDOWS\system32\drivers\fdc.sys 19:00:53.0484 0x05c8 D:\WINDOWS\system32\drivers\fdc.sys - ok 19:00:53.0484 0x05c8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] D:\WINDOWS\system32\drivers\cdaudio.sys 19:00:53.0484 0x05c8 D:\WINDOWS\system32\drivers\cdaudio.sys - ok 19:00:53.0484 0x05c8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] D:\WINDOWS\system32\drivers\flpydisk.sys 19:00:53.0484 0x05c8 D:\WINDOWS\system32\drivers\flpydisk.sys - ok 19:00:53.0500 0x05c8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] D:\WINDOWS\system32\drivers\sfloppy.sys 19:00:53.0500 0x05c8 D:\WINDOWS\system32\drivers\sfloppy.sys - ok 19:00:53.0500 0x05c8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] D:\WINDOWS\system32\drivers\beep.sys 19:00:53.0500 0x05c8 D:\WINDOWS\system32\drivers\beep.sys - ok 19:00:53.0500 0x05c8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] D:\WINDOWS\system32\drivers\fs_rec.sys 19:00:53.0500 0x05c8 D:\WINDOWS\system32\drivers\fs_rec.sys - ok 19:00:53.0500 0x05c8 [ 96ECCF28FDBF1B2CC12725818A63628D, 0F25069EE8A44B6F4B18F82F384D404CC1776A2AFC5032D9ED19CE36FF2A61DC ] D:\WINDOWS\system32\drivers\hidparse.sys 19:00:53.0500 0x05c8 D:\WINDOWS\system32\drivers\hidparse.sys - ok 19:00:53.0500 0x05c8 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] D:\WINDOWS\system32\drivers\i8042prt.sys 19:00:53.0500 0x05c8 D:\WINDOWS\system32\drivers\i8042prt.sys - ok 19:00:53.0515 0x05c8 [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] D:\WINDOWS\system32\drivers\kbdhid.sys 19:00:53.0515 0x05c8 D:\WINDOWS\system32\drivers\kbdhid.sys - ok 19:00:53.0515 0x05c8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] D:\WINDOWS\system32\drivers\null.sys 19:00:53.0515 0x05c8 D:\WINDOWS\system32\drivers\null.sys - ok 19:00:53.0515 0x05c8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] D:\WINDOWS\system32\drivers\vga.sys 19:00:53.0515 0x05c8 D:\WINDOWS\system32\drivers\vga.sys - ok 19:00:53.0515 0x05c8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] D:\WINDOWS\system32\drivers\mnmdd.sys 19:00:53.0515 0x05c8 D:\WINDOWS\system32\drivers\mnmdd.sys - ok 19:00:53.0515 0x05c8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] D:\WINDOWS\system32\drivers\msfs.sys 19:00:53.0515 0x05c8 D:\WINDOWS\system32\drivers\msfs.sys - ok 19:00:53.0531 0x05c8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] D:\WINDOWS\system32\drivers\rdpcdd.sys 19:00:53.0531 0x05c8 D:\WINDOWS\system32\drivers\rdpcdd.sys - ok 19:00:53.0531 0x05c8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] D:\WINDOWS\system32\drivers\ipsec.sys 19:00:53.0531 0x05c8 D:\WINDOWS\system32\drivers\ipsec.sys - ok 19:00:53.0531 0x05c8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] D:\WINDOWS\system32\drivers\npfs.sys 19:00:53.0531 0x05c8 D:\WINDOWS\system32\drivers\npfs.sys - ok 19:00:53.0531 0x05c8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] D:\WINDOWS\system32\drivers\rasacd.sys 19:00:53.0531 0x05c8 D:\WINDOWS\system32\drivers\rasacd.sys - ok 19:00:53.0546 0x05c8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] D:\WINDOWS\system32\drivers\netbt.sys 19:00:53.0546 0x05c8 D:\WINDOWS\system32\drivers\netbt.sys - ok 19:00:53.0546 0x05c8 [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] D:\WINDOWS\system32\drivers\tcpip.sys 19:00:53.0546 0x05c8 D:\WINDOWS\system32\drivers\tcpip.sys - ok 19:00:53.0546 0x05c8 [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] D:\WINDOWS\system32\drivers\afd.sys 19:00:53.0546 0x05c8 D:\WINDOWS\system32\drivers\afd.sys - ok 19:00:53.0546 0x05c8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] D:\WINDOWS\system32\drivers\ipnat.sys 19:00:53.0546 0x05c8 D:\WINDOWS\system32\drivers\ipnat.sys - ok 19:00:53.0546 0x05c8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] D:\WINDOWS\system32\drivers\wanarp.sys 19:00:53.0546 0x05c8 D:\WINDOWS\system32\drivers\wanarp.sys - ok 19:00:53.0562 0x05c8 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] D:\WINDOWS\system32\drivers\ws2ifsl.sys 19:00:53.0562 0x05c8 D:\WINDOWS\system32\drivers\ws2ifsl.sys - ok 19:00:53.0562 0x05c8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] D:\WINDOWS\system32\drivers\netbios.sys 19:00:53.0562 0x05c8 D:\WINDOWS\system32\drivers\netbios.sys - ok 19:00:53.0562 0x05c8 [ 2CB55427C58679F49AD600FCCBA76360, 2B5242E9637FCB6A7C16F720C9D8D440AA88B61FB5F108B295A208886C01C4D1 ] D:\WINDOWS\system32\drivers\processr.sys 19:00:53.0562 0x05c8 D:\WINDOWS\system32\drivers\processr.sys - ok 19:00:53.0562 0x05c8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] D:\WINDOWS\system32\drivers\rdbss.sys 19:00:53.0562 0x05c8 D:\WINDOWS\system32\drivers\rdbss.sys - ok 19:00:53.0562 0x05c8 [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] D:\WINDOWS\system32\drivers\mrxsmb.sys 19:00:53.0562 0x05c8 D:\WINDOWS\system32\drivers\mrxsmb.sys - ok 19:00:53.0578 0x05c8 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] D:\WINDOWS\system32\drivers\fips.sys 19:00:53.0578 0x05c8 D:\WINDOWS\system32\drivers\fips.sys - ok 19:00:53.0578 0x05c8 [ 95092EFBE367A108ECDD5D6E439754C3, 82B3041AFC520243B0D1E6DB5FF908771BB0DE86B8FCB1514B2C1E25ADCA95B1 ] D:\WINDOWS\system32\ntdll.dll 19:00:53.0578 0x05c8 D:\WINDOWS\system32\ntdll.dll - ok 19:00:53.0578 0x05c8 [ B3EFDE4B2CC3AC949BCDE7A89712AFCF, EE1A3E5F7324E0169F42683E698B74AA72459BE817E5512BD7319F488E39D3B8 ] D:\WINDOWS\system32\smss.exe 19:00:53.0578 0x05c8 D:\WINDOWS\system32\smss.exe - ok 19:00:53.0578 0x05c8 [ 813DB4805C6EF1D8A86EAF530597EAB7, 445E6ECBA0DB169B52B68CC05ACD3E5F2D69CE6F06FD31667247FC17D24C1EDF ] D:\WINDOWS\system32\autochk.exe 19:00:53.0578 0x05c8 D:\WINDOWS\system32\autochk.exe - ok 19:00:53.0593 0x05c8 [ 5251425B86EA4A3532B8BB8D14044E61, 3A5F57DA2C2B4C1BA5B5B356379D0B12C358EA76642856DD607422B656EF4985 ] D:\WINDOWS\system32\sfcfiles.dll 19:00:53.0593 0x05c8 D:\WINDOWS\system32\sfcfiles.dll - ok 19:00:53.0593 0x05c8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] D:\WINDOWS\system32\drivers\cdfs.sys 19:00:53.0593 0x05c8 D:\WINDOWS\system32\drivers\cdfs.sys - ok 19:00:53.0593 0x05c8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] D:\WINDOWS\system32\drivers\usbstor.sys 19:00:53.0593 0x05c8 D:\WINDOWS\system32\drivers\usbstor.sys - ok 19:00:53.0593 0x05c8 [ 1AF592532532A402ED7C060F6954004F, 84A55432A7FBBD1B84FF8DD1BD84266747E4A88297BDAA84AAD12F13B848BFF2 ] D:\WINDOWS\system32\drivers\hidclass.sys 19:00:53.0593 0x05c8 D:\WINDOWS\system32\drivers\hidclass.sys - ok 19:00:53.0593 0x05c8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] D:\WINDOWS\system32\drivers\hidusb.sys 19:00:53.0593 0x05c8 D:\WINDOWS\system32\drivers\hidusb.sys - ok 19:00:53.0609 0x05c8 [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] D:\WINDOWS\system32\drivers\usbccgp.sys 19:00:53.0609 0x05c8 D:\WINDOWS\system32\drivers\usbccgp.sys - ok 19:00:53.0609 0x05c8 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] D:\WINDOWS\system32\drivers\mouhid.sys 19:00:53.0609 0x05c8 D:\WINDOWS\system32\drivers\mouhid.sys - ok 19:00:53.0609 0x05c8 [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] D:\WINDOWS\system32\drivers\dxapi.sys 19:00:53.0609 0x05c8 D:\WINDOWS\system32\drivers\dxapi.sys - ok 19:00:53.0609 0x05c8 [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] D:\WINDOWS\system32\watchdog.sys 19:00:53.0609 0x05c8 D:\WINDOWS\system32\watchdog.sys - ok 19:00:53.0625 0x05c8 [ 261BC0644BEFEF7D3DB5E45D244866FA, 8A55EB0C9D849B41A7902BEF94BAD759654AE70ABD5D1A7CFF68AA9A831823B1 ] D:\WINDOWS\system32\win32k.sys 19:00:53.0625 0x05c8 D:\WINDOWS\system32\win32k.sys - ok 19:00:53.0625 0x05c8 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] D:\WINDOWS\system32\basesrv.dll 19:00:53.0625 0x05c8 D:\WINDOWS\system32\basesrv.dll - ok 19:00:53.0625 0x05c8 [ D192E1ECA15213F90601FF4DF5683C15, 6AED1CFE6190A12171A97E1BC333E99ECEC891F0E86DE74C32A640025359AA8B ] D:\WINDOWS\system32\csrsrv.dll 19:00:53.0625 0x05c8 D:\WINDOWS\system32\csrsrv.dll - ok 19:00:53.0625 0x05c8 [ 9B22AAE3566AEFEE33CE498DBE0D2FD2, C2AD4DA8DB58BE4DB12FE93451F24D3070C591BB4E8D56FA1505A7CD3BAD6E4D ] D:\WINDOWS\system32\csrss.exe 19:00:53.0625 0x05c8 D:\WINDOWS\system32\csrss.exe - ok 19:00:53.0625 0x05c8 [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] D:\WINDOWS\system32\winsrv.dll 19:00:53.0625 0x05c8 D:\WINDOWS\system32\winsrv.dll - ok 19:00:53.0640 0x05c8 [ ADDA37626598A6F5ED786195EAC26A4F, 5484A37A3E5265DCE0D2AB4C6A3F0D6E7A3F8BD482BCF9E473DA414483AC7861 ] D:\WINDOWS\system32\gdi32.dll 19:00:53.0640 0x05c8 D:\WINDOWS\system32\gdi32.dll - ok 19:00:53.0640 0x05c8 [ 4C897C69754D88F496339B1A666907C1, 39C9F8330E87D81EC3955E8D41218CC0EB1799915A13F3ADCED5A0E4DA596949 ] D:\WINDOWS\system32\kernel32.dll 19:00:53.0640 0x05c8 D:\WINDOWS\system32\kernel32.dll - ok 19:00:53.0640 0x05c8 [ B0050CC5340E3A0760DD8B417FF7AEBD, 340C042C78E55824F2D84D83E03E6C5CA0F44B329245AC2F4C034F2CB4306F53 ] D:\WINDOWS\system32\user32.dll 19:00:53.0640 0x05c8 D:\WINDOWS\system32\user32.dll - ok 19:00:53.0640 0x05c8 [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] D:\WINDOWS\system32\drivers\dxg.sys 19:00:53.0640 0x05c8 D:\WINDOWS\system32\drivers\dxg.sys - ok 19:00:53.0656 0x05c8 [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] D:\WINDOWS\system32\drivers\dxgthk.sys 19:00:53.0656 0x05c8 D:\WINDOWS\system32\drivers\dxgthk.sys - ok 19:00:53.0656 0x05c8 [ A06014D0934F17FA5A567FAEB42118D9, 5F25A45975301B8E8012C8A665814A1D95BD4516E2AEBC8E6588B7264C702B35 ] D:\WINDOWS\system32\ati2dvag.dll 19:00:53.0656 0x05c8 D:\WINDOWS\system32\ati2dvag.dll - ok 19:00:53.0656 0x05c8 [ BEF558BEDEC2B5F2728D0AAE8EDBDC20, 9F14F75A3A0FA608E5CD0CBB98D86627E8287CC55E1F74BA9D0C0C5F9D7BC752 ] D:\WINDOWS\system32\ati2cqag.dll 19:00:53.0656 0x05c8 D:\WINDOWS\system32\ati2cqag.dll - ok 19:00:53.0656 0x05c8 [ 44F99CA575CEEBA6819578C4F170FCAC, 49B1223095F9DF3374C8A80C57D59D2C57F9877AD721259C058DE9233C00A7D0 ] D:\WINDOWS\system32\atikvmag.dll 19:00:53.0656 0x05c8 D:\WINDOWS\system32\atikvmag.dll - ok 19:00:53.0656 0x05c8 [ 95C6B8206B8A55D89CD517675583AA4B, 1ACD1B84C93DE18921AC6B5765FAA9B3577420FCA9047A7BEC6017D4208C3415 ] D:\WINDOWS\system32\vga.dll 19:00:53.0656 0x05c8 D:\WINDOWS\system32\vga.dll - ok 19:00:53.0671 0x05c8 [ E129E32C09F5B2F3A1C61C264691500E, 1B83CDB3243A5BEA468C7A680511EFF6F0D53CDC71151C202C456C002A4EAA58 ] D:\WINDOWS\system32\atiok3x2.dll 19:00:53.0671 0x05c8 D:\WINDOWS\system32\atiok3x2.dll - ok 19:00:53.0671 0x05c8 [ 167395C27BE91BCD950CED197FE7A5E4, D9CB7DE0AC5E4430F270AA3EABCD4BC76EFD521723534F1A19CD252A84C492B9 ] D:\WINDOWS\system32\ati3duag.dll 19:00:53.0671 0x05c8 D:\WINDOWS\system32\ati3duag.dll - ok 19:00:53.0671 0x05c8 [ BC3BBAEC284D360CD37E1E035929C6D8, A3E653103EAC08980A64116561D8A36D53953E69AF5359FFA30499F7C7D0C6E3 ] D:\WINDOWS\system32\ativvaxx.dll 19:00:53.0671 0x05c8 D:\WINDOWS\system32\ativvaxx.dll - ok 19:00:53.0671 0x05c8 [ F09A527B422E25C478E38CAA0E44417A, 8E4D860C5C753B657A1BCB42579556E582CBDAABF07EAE59F81519AC6997ACCB ] D:\WINDOWS\system32\winlogon.exe 19:00:53.0671 0x05c8 D:\WINDOWS\system32\winlogon.exe - ok 19:00:53.0671 0x05c8 [ 53E1CCF332A2F40B5E08476921CD8B44, BBD472701811695EB8BD06CB3DFAF07D2632E1D271B387395455FE9B274CB470 ] D:\WINDOWS\system32\advapi32.dll 19:00:53.0671 0x05c8 D:\WINDOWS\system32\advapi32.dll - ok 19:00:53.0687 0x05c8 [ 8B171E51F5486FC0ACE108BE3E76B1E0, 5FF8172ACB26707FA6689CE6BDFAAA6DF0CEAE9818931496CF39DDE04FBA61FE ] D:\WINDOWS\system32\authz.dll 19:00:53.0687 0x05c8 D:\WINDOWS\system32\authz.dll - ok 19:00:53.0687 0x05c8 [ E7E67C2EE5A306B2AF30D4B446248E34, 7A7818135AC2B4E3512A1488E7808DDCD8426C32024C7C2FBF0C6F0FE305AFF2 ] D:\WINDOWS\system32\rpcrt4.dll 19:00:53.0687 0x05c8 D:\WINDOWS\system32\rpcrt4.dll - ok 19:00:53.0687 0x05c8 [ 7CB4DF6D66F99E6C5E09ADFBE29E0275, 1FBE28BD0A6431DC294EE5EE373205CF858A8991A9FE43C9FB5A6B540EE1ECD7 ] D:\WINDOWS\system32\secur32.dll 19:00:53.0687 0x05c8 D:\WINDOWS\system32\secur32.dll - ok 19:00:53.0687 0x05c8 [ 7727D9C5FFB84E103484D52F978D5DC6, B9E1A1C458B50738F5BEC4C2EEFFCB6E9F0085EA67584936303DCAA9B20C0938 ] D:\WINDOWS\system32\crypt32.dll 19:00:53.0687 0x05c8 D:\WINDOWS\system32\crypt32.dll - ok 19:00:53.0687 0x05c8 [ C6A6E53A0C34EC87883137A6CB87AE5E, AC2BA6B65390258D88B08252037AC77CE7CD0FD7E9CFCC6BB412FF07517A6F63 ] D:\WINDOWS\system32\msvcrt.dll 19:00:53.0687 0x05c8 D:\WINDOWS\system32\msvcrt.dll - ok 19:00:53.0703 0x05c8 [ AE8ACAD9F6931ECC0BD9A3751A0AB0C4, 19E5920E1D98004C957759EE5E3E7E63D01F3696A48F7E6A27BA09E71EBF04E0 ] D:\WINDOWS\system32\msasn1.dll 19:00:53.0703 0x05c8 D:\WINDOWS\system32\msasn1.dll - ok 19:00:53.0703 0x05c8 [ E500CB5F6FE4C1AF388608A54B32E7F7, FF142DEDD4879F41437AC2999AB52F0274682EA3E60B1010D50087ED80E4A0BA ] D:\WINDOWS\system32\nddeapi.dll 19:00:53.0703 0x05c8 D:\WINDOWS\system32\nddeapi.dll - ok 19:00:53.0703 0x05c8 [ 7B40A9A5029111D94AB6B97AF0C9FA5E, C2C20AE04A32657F95AFB47D8F6475B0E471ED9E2172CBBF42D77A13DDAE995F ] D:\WINDOWS\system32\netapi32.dll 19:00:53.0703 0x05c8 D:\WINDOWS\system32\netapi32.dll - ok 19:00:53.0703 0x05c8 [ B50FBE927DA41AB4A151663F59664B82, CED5ECDDAC5A3CAE51543421F85E853DEAA1C519850F2BD5A1BA9C3A3AF849A8 ] D:\WINDOWS\system32\profmap.dll 19:00:53.0703 0x05c8 D:\WINDOWS\system32\profmap.dll - ok 19:00:53.0718 0x05c8 [ 8CB206B85C69B8FB0E7AD1E949BF3194, 8E0F48856A1E59CCFA2A520B8311EBA12299CE4E748F28E81DC2C0462785F2A3 ] D:\WINDOWS\system32\userenv.dll 19:00:53.0718 0x05c8 D:\WINDOWS\system32\userenv.dll - ok 19:00:53.0718 0x05c8 [ D0112D84372AB2C47DC9755696354CE6, 12A66C2C1C96DFD871579E19A318FD371191F4D65A1F3C61339CB9BC4C52656C ] D:\WINDOWS\system32\psapi.dll 19:00:53.0718 0x05c8 D:\WINDOWS\system32\psapi.dll - ok 19:00:53.0718 0x05c8 [ 06C0391672FB97E017B431076F455857, 6E09ABAD4442E294185D9CE215BAAFFA05174C4F5CC364D981C239EAEA9FA2CB ] D:\WINDOWS\system32\regapi.dll 19:00:53.0718 0x05c8 D:\WINDOWS\system32\regapi.dll - ok 19:00:53.0718 0x05c8 [ 5B04BC7C5AF0E2A0A8EC402B2FCBD9E5, 6F0654C8E490149005CCC910909D26167B49A3DBD2F7F551FBF2A94911CCFEA9 ] D:\WINDOWS\system32\setupapi.dll 19:00:53.0718 0x05c8 D:\WINDOWS\system32\setupapi.dll - ok 19:00:53.0718 0x05c8 [ 24EEC6968BF76464609B2C96523976B8, 283E845CF4088C468F12088579277E93C6B35D2DD588A7C16EC1E19142D40FF9 ] D:\WINDOWS\system32\imagehlp.dll 19:00:53.0718 0x05c8 D:\WINDOWS\system32\imagehlp.dll - ok 19:00:53.0734 0x05c8 [ F86000634319F71535BCE6B06995EE99, E88CAA85659500DEE3234571267FFEB557A8FB5155EE7FDE8E0D4D84F62E6CCA ] D:\WINDOWS\system32\version.dll 19:00:53.0734 0x05c8 D:\WINDOWS\system32\version.dll - ok 19:00:53.0734 0x05c8 [ 455AEC2D466FB582D1CB0EF49CE8EDEC, A38530673546363DA970952DE80482DF739BC8EEFFA99D1EA61345C9A59D21DD ] D:\WINDOWS\system32\winsta.dll 19:00:53.0734 0x05c8 D:\WINDOWS\system32\winsta.dll - ok 19:00:53.0734 0x05c8 [ 493A290C0D641E22578129BE23F2CA82, 77C87A214C1F05DE856569A06AE977CC1AEF9647048E8CE185E49644C7E02622 ] D:\WINDOWS\system32\wintrust.dll 19:00:53.0734 0x05c8 D:\WINDOWS\system32\wintrust.dll - ok 19:00:53.0734 0x05c8 [ 3C1708C5C05910FE495D832C6536ED78, 81E86FB3590E786D129EE6F653B32D5114F432AD3321CE7FA60A89D979B89A7D ] D:\WINDOWS\system32\kbdgr.dll 19:00:53.0734 0x05c8 D:\WINDOWS\system32\kbdgr.dll - ok 19:00:53.0734 0x05c8 [ C7D8A0517CBF16B84F657DE87EBE9D4B, B69AAEE7E28375F16C0F2746AFD28C58C7968068C140A2C83838A74A4907F084 ] D:\WINDOWS\system32\ws2help.dll 19:00:53.0734 0x05c8 D:\WINDOWS\system32\ws2help.dll - ok 19:00:53.0750 0x05c8 [ 6A35E2D6F5F052C84EC2CEB296389439, 0349BA3243BC91149D6394F5CB3B114934DA5FBB953A8A59AFA90156029D1163 ] D:\WINDOWS\system32\ws2_32.dll 19:00:53.0750 0x05c8 D:\WINDOWS\system32\ws2_32.dll - ok 19:00:53.0750 0x05c8 [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] D:\WINDOWS\system32\kbdus.dll 19:00:53.0750 0x05c8 D:\WINDOWS\system32\kbdus.dll - ok 19:00:53.0750 0x05c8 [ BEEB23CAA0A08CBECB13D55C1922C86E, 30F8A3F4785757272E1B8598F0361C27BBE4572932B5DB0D931354C04400B907 ] D:\WINDOWS\system32\msgina.dll 19:00:53.0750 0x05c8 D:\WINDOWS\system32\msgina.dll - ok 19:00:53.0750 0x05c8 [ AD28671D1B83A386B070DC451A113C13, D906178EC646A26AA9B7E82371E6D7347866713A7071EBFEC18B3E04BF7DD570 ] D:\WINDOWS\system32\comctl32.dll 19:00:53.0750 0x05c8 D:\WINDOWS\system32\comctl32.dll - ok 19:00:53.0765 0x05c8 [ 220A7166831EE2B71F07010E70AFA34A, 30D15911013394AE769E645C89CDC5D38BF4C4ABDF88208DFDA96A66A9831C0D ] D:\WINDOWS\system32\odbc32.dll 19:00:53.0765 0x05c8 D:\WINDOWS\system32\odbc32.dll - ok 19:00:53.0765 0x05c8 [ 96E31F7B305D0CD510950B945E2ED829, EC0896B347BD376CB00C52A2403B8227C7259E257E89548663EA8A0C48AA4635 ] D:\WINDOWS\system32\comdlg32.dll 19:00:53.0765 0x05c8 D:\WINDOWS\system32\comdlg32.dll - ok 19:00:53.0765 0x05c8 [ 0721590C8C1E99FB4286F1EEA65731C2, 7B48BE620AA2BB9049C2EBEB06B123F5ED5ECED4E7B3AC84D780B17FDD68114F ] D:\WINDOWS\system32\shell32.dll 19:00:53.0765 0x05c8 D:\WINDOWS\system32\shell32.dll - ok 19:00:53.0765 0x05c8 [ 21F5F91A49CADC4AB873417F54D17D25, DFCC0AEB47DE305ECFCED6349624393ED9C0CA343AD25F3A7E37FA47B75B4F57 ] D:\WINDOWS\system32\shlwapi.dll 19:00:53.0765 0x05c8 D:\WINDOWS\system32\shlwapi.dll - ok 19:00:53.0765 0x05c8 [ 353FC7A3091E25F831439E94082C9B35, 2B40A7EC4BFB6DA4775C70192DD3113B9A87C22054BE3C1BDB2B394F01BE0310 ] D:\WINDOWS\system32\sxs.dll 19:00:53.0765 0x05c8 D:\WINDOWS\system32\sxs.dll - ok 19:00:53.0781 0x05c8 [ 3C93CE6C6985C55952B7BE6673E9FD15, 1F0D2D8F9739063FF5EAFEFB50D20C235E50CCBB924F6B473E8EBAA5C6BA7619 ] D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 19:00:53.0781 0x05c8 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - ok 19:00:53.0781 0x05c8 [ 4E7F74CFC0DBB2DB988A8A460A603407, 30B439F2FDAFD3FC8F5AA3A987F4C2430486F674BFC0FECCA7DC3B6AE342A4E3 ] D:\WINDOWS\system32\odbcint.dll 19:00:53.0781 0x05c8 D:\WINDOWS\system32\odbcint.dll - ok 19:00:53.0781 0x05c8 [ 44161A59DC33AC2EA9C95438ADFFFB7F, 4287C019D707FB601D33779AFA360289EF7775B8E47D438AA3B7ECF68A0D127B ] D:\WINDOWS\system32\sfc.dll 19:00:53.0781 0x05c8 D:\WINDOWS\system32\sfc.dll - ok 19:00:53.0781 0x05c8 [ D110369E8D883029325B77D7E1B7B2AD, 81856C906386D11DAC8044477914FF3E4B79EC8CF5EF85DA4B41E230EF7A3749 ] D:\WINDOWS\system32\sfc_os.dll 19:00:53.0781 0x05c8 D:\WINDOWS\system32\sfc_os.dll - ok 19:00:53.0781 0x05c8 [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] D:\WINDOWS\system32\shsvcs.dll 19:00:53.0781 0x05c8 D:\WINDOWS\system32\shsvcs.dll - ok 19:00:53.0796 0x05c8 [ E08D638BA3D3DD6DF6E31216AB66AE0B, 4CD060A85D194173FA296A56D98D0EFF1C1873C0CE087EA724521D8D97C77BEE ] D:\WINDOWS\system32\ole32.dll [/CODE] |
|
30.11.2014, 20:50
| #9 |
| | Trojan.Agent in syshost.exe TDSS zweiter Teil Code:
ATTFilter 19:00:53.0796 0x05c8 D:\WINDOWS\system32\ole32.dll - ok
19:00:53.0796 0x05c8 [ 07CBC9E96C70214034E00136D5642492, 43C2E921044C11D7EBDC34F6AC1C0C05CA6767D3FB15EB11C6FD81C7B667F82A ] D:\WINDOWS\system32\apphelp.dll
19:00:53.0796 0x05c8 D:\WINDOWS\system32\apphelp.dll - ok
19:00:53.0796 0x05c8 [ CB28AF8C4F50DDD91D1DB253DF0C2679, 877CFD7E55CB4C92B81D10156467574DCA49928EC1369DBD0F65BC8A7C0E68A5 ] D:\WINDOWS\system32\lsasrv.dll
19:00:53.0796 0x05c8 D:\WINDOWS\system32\lsasrv.dll - ok
19:00:53.0796 0x05c8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] D:\WINDOWS\system32\lsass.exe
19:00:53.0796 0x05c8 D:\WINDOWS\system32\lsass.exe - ok
19:00:53.0812 0x05c8 [ 243955BFA314C7D48D7A6D5BC4A9922A, 5DC34BE9D5670A59B10F36438000EB7A48F90E47CBE8EAC568CA0FB13761A2F0 ] D:\WINDOWS\system32\msvcp60.dll
19:00:53.0812 0x05c8 D:\WINDOWS\system32\msvcp60.dll - ok
19:00:53.0812 0x05c8 [ 2957CF1BDDCF21D3F5DB13AD5E406A7B, 78FA6082453DEFFB7CF22DA7783AA6DBBFD5989F48700E5BCF2BCCBA1AA100E7 ] D:\WINDOWS\system32\ncobjapi.dll
19:00:53.0812 0x05c8 D:\WINDOWS\system32\ncobjapi.dll - ok
19:00:53.0812 0x05c8 [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] D:\WINDOWS\system32\services.exe
19:00:53.0812 0x05c8 D:\WINDOWS\system32\services.exe - ok
19:00:53.0812 0x05c8 [ 7717633EB7A76FBD3FB09BACAB07124E, E65D4DCA692D6EB1EB861999C53B9C1334FAB90312CC540BDE6E6AD6AAD397ED ] D:\WINDOWS\system32\mpr.dll
19:00:53.0812 0x05c8 D:\WINDOWS\system32\mpr.dll - ok
19:00:53.0812 0x05c8 [ 37499389DEAE0FF44437AAB7A75DAB73, EB10EE5AA38C22B836EE0C26B55BB1D61024D52CB535218AEA2B21F30A7B307B ] D:\WINDOWS\system32\scesrv.dll
19:00:53.0812 0x05c8 D:\WINDOWS\system32\scesrv.dll - ok
19:00:53.0828 0x05c8 [ 4B6C449D5AAC708E1BBFDF8BB603E4FA, B0002D30BD4DB250D103B271FF68270F457937C7ED3479B73D061C1E4DF1B94A ] D:\WINDOWS\AppPatch\acadproc.dll
19:00:53.0828 0x05c8 D:\WINDOWS\AppPatch\acadproc.dll - ok
19:00:53.0828 0x05c8 [ 292AEB6CBF02DC02445C61EB3F5DAC69, 7D694CF6032AEC7033925E916CDF9172CF8D5EB13798E4AF292922EBAECBD85A ] D:\WINDOWS\system32\dnsapi.dll
19:00:53.0828 0x05c8 D:\WINDOWS\system32\dnsapi.dll - ok
19:00:53.0828 0x05c8 [ 8007D5DC09EB8646C03B6D61AACC3B20, 13BB1E57B9202C3418BADFAEFBF420C513759986EB741E423EA76FE024DE8998 ] D:\WINDOWS\system32\ntdsapi.dll
19:00:53.0828 0x05c8 D:\WINDOWS\system32\ntdsapi.dll - ok
19:00:53.0828 0x05c8 [ B5E7026D1CB7D9BCBA0083B9F69683F1, EC3D0746ADE4CA286B778D2A5CEBF4882BCE814F1C7399AE298FB4E1DC979416 ] D:\WINDOWS\system32\shimeng.dll
19:00:53.0828 0x05c8 D:\WINDOWS\system32\shimeng.dll - ok
19:00:53.0828 0x05c8 [ 327507F0FD1C410917AD951FE7CAAC2D, 079D71F5E1E0A7ADC31A97FB6F3EA0FD8E4AC49244C34BE058F61A2DD6C6958E ] D:\WINDOWS\system32\umpnpmgr.dll
19:00:53.0828 0x05c8 D:\WINDOWS\system32\umpnpmgr.dll - ok
19:00:53.0843 0x05c8 [ FEB0A547DF442F353E1FC83BC7D7AE73, 810563C9A1135AE918DC279DA9CE5FF22AF2C2A678A360A88AE6A033309C55AA ] D:\WINDOWS\system32\wldap32.dll
19:00:53.0843 0x05c8 D:\WINDOWS\system32\wldap32.dll - ok
19:00:53.0843 0x05c8 [ 6D526EF248128FCEEAD9D35B3744A10B, 3ED8D0CB764250B4B62F77FC27CDFA68043B2765A318A07293FD162307388164 ] D:\WINDOWS\system32\samlib.dll
19:00:53.0843 0x05c8 D:\WINDOWS\system32\samlib.dll - ok
19:00:53.0843 0x05c8 [ 434ADBB2F0875D881D73A9861220A7FD, 0A7AE31AD55A0DF48CDB4BAB82F96920894E2D9E1E9CFBA762CDF144BCC1AF9F ] D:\WINDOWS\system32\samsrv.dll
19:00:53.0843 0x05c8 D:\WINDOWS\system32\samsrv.dll - ok
19:00:53.0843 0x05c8 [ AC6927F5C5B4A0478BE981E25C4BDDB6, 05381DFF02B6692E586EC8405BA22F4CBD0E64EF5CC73BA22C424FC175C9629E ] D:\WINDOWS\AppPatch\acgenral.dll
19:00:53.0843 0x05c8 D:\WINDOWS\AppPatch\acgenral.dll - ok
19:00:53.0859 0x05c8 [ 447AF8FE53D79E4F59F9452743C3BB68, ADE7AE92F9360BEDC62A857B1556E72363AE87941F6E9BAB10E2A3A8D639A0A5 ] D:\WINDOWS\system32\cryptdll.dll
19:00:53.0859 0x05c8 D:\WINDOWS\system32\cryptdll.dll - ok
19:00:53.0859 0x05c8 [ 6AEA30E09213A468AE8F2F6071557246, CD65B04435CA4DBD4FAD9B1CCAB7FD2916A4D01046E7C430DF39C1F56FB376D8 ] D:\WINDOWS\system32\oleaut32.dll
19:00:53.0859 0x05c8 D:\WINDOWS\system32\oleaut32.dll - ok
19:00:53.0859 0x05c8 [ FF452D340940822DF0A1D1BC1D734186, ACFA67E1406A251B7C039FA3D05729A4BFD40DE5049B496BF48D805CE95669C8 ] D:\WINDOWS\system32\winmm.dll
19:00:53.0859 0x05c8 D:\WINDOWS\system32\winmm.dll - ok
19:00:53.0859 0x05c8 [ 56EB828638033E8DA33A720B22FBBA8A, 6536451650FCA42E0606D201876485D6CF2EB8E597D525076E60681FB4433641 ] D:\WINDOWS\system32\msacm32.dll
19:00:53.0859 0x05c8 D:\WINDOWS\system32\msacm32.dll - ok
19:00:53.0859 0x05c8 [ A00674B8ACB5F8726E5AD35202E091D4, CA18E3E5221FF898ACF5465EEF6FB1AAF3EC9ACFDB0E508824B9C6A0A4E64E25 ] D:\WINDOWS\system32\uxtheme.dll
19:00:53.0859 0x05c8 D:\WINDOWS\system32\uxtheme.dll - ok
19:00:53.0875 0x05c8 [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] D:\WINDOWS\system32\msprivs.dll
19:00:53.0875 0x05c8 D:\WINDOWS\system32\msprivs.dll - ok
19:00:53.0875 0x05c8 [ FEA07EF8DE796B6956ED23933675CBE8, EEBB4DEFD5C4CF75F92B3311DF8059737BC2B71BD6FE1A46826B8CA0DE150D6E ] D:\WINDOWS\system32\schannel.dll
19:00:53.0875 0x05c8 D:\WINDOWS\system32\schannel.dll - ok
19:00:53.0875 0x05c8 [ 394CCD355E86092FFDCCA41F8797861E, F4004B50EF25D92CE972EE18845CC91203FE78CC8BBC13EAA891CE2E1FF90B88 ] D:\WINDOWS\system32\kerberos.dll
19:00:53.0875 0x05c8 D:\WINDOWS\system32\kerberos.dll - ok
19:00:53.0875 0x05c8 [ 1579CF2100A10C85A4C0758DB66006EE, 85F7087683D5EA1C22E374B313CA9387702BB058BAACCF0A9ADE940497D1C41E ] D:\WINDOWS\system32\msv1_0.dll
19:00:53.0875 0x05c8 D:\WINDOWS\system32\msv1_0.dll - ok
19:00:53.0875 0x05c8 [ B65FA22811B17544F24A3E2520F087EF, F22E40A938374ADCCA334F4BA0E75AF517CF2397A27F8F8372D992FCBF100D54 ] D:\WINDOWS\system32\iphlpapi.dll
19:00:53.0875 0x05c8 D:\WINDOWS\system32\iphlpapi.dll - ok
19:00:53.0890 0x05c8 [ 0098D35F91DEAB9C127360A877F2CF84, F556E910CAF640CE892B8533B79F5D90F375D8C8C5322EBD153ED762F36A2796 ] D:\WINDOWS\system32\netlogon.dll
19:00:53.0890 0x05c8 D:\WINDOWS\system32\netlogon.dll - ok
19:00:53.0890 0x05c8 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] D:\WINDOWS\system32\w32time.dll
19:00:53.0890 0x05c8 D:\WINDOWS\system32\w32time.dll - ok
19:00:53.0890 0x05c8 [ 22D7E027DD7B81EDAA0BCDCC02449B86, 39DBE05A8A391DE71AEF93956A720B4086CE58549074B2F0C322283472105352 ] D:\WINDOWS\system32\wdigest.dll
19:00:53.0890 0x05c8 D:\WINDOWS\system32\wdigest.dll - ok
19:00:53.0890 0x05c8 [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] D:\WINDOWS\system32\rsaenh.dll
19:00:53.0890 0x05c8 D:\WINDOWS\system32\rsaenh.dll - ok
19:00:53.0906 0x05c8 [ 798D5AE675FD3A9B7CB836112C0EEC78, A83BED504EA1E620A623C27BFEF19800D58E92A7DA55EFB5673F43D530188FD2 ] D:\WINDOWS\system32\winscard.dll
19:00:53.0906 0x05c8 D:\WINDOWS\system32\winscard.dll - ok
19:00:53.0906 0x05c8 [ 0752206793CCA5825C0F8E863D83D81E, 44DBF61778B46D4BF3F73A9E4467DD2AC2523CC31211BFBF1AFFEAA1E4D28F72 ] D:\WINDOWS\system32\wtsapi32.dll
19:00:53.0906 0x05c8 D:\WINDOWS\system32\wtsapi32.dll - ok
19:00:53.0906 0x05c8 [ 5132443DF6FC3771A17AB4AE55DCBC28, EA8E278FE638FA3ADA33983C2D4AFEB04298EEE87982EE2BA0804751D6BE0CD0 ] D:\WINDOWS\system32\scecli.dll
19:00:53.0906 0x05c8 D:\WINDOWS\system32\scecli.dll - ok
19:00:53.0906 0x05c8 [ ECA673779ECD27D674953D692FE070F6, 6FBCAF6C347E06032C63B72261785109D0929BE1B23CA5465995803951954616 ] D:\WINDOWS\system32\ati2evxx.exe
19:00:53.0906 0x05c8 D:\WINDOWS\system32\ati2evxx.exe - ok
19:00:53.0906 0x05c8 [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] D:\WINDOWS\system32\drivers\mbam.sys
19:00:53.0906 0x05c8 D:\WINDOWS\system32\drivers\mbam.sys - ok
19:00:53.0921 0x05c8 [ FB48C9B0B6382D5AEA6AEEDBDAEA55A3, EDCFB7CBEBCEA04AAF96C2DABD83B338CAB0F367F1E7274FDF973F6B3F0C771C ] D:\WINDOWS\system32\cfgmgr32.dll
19:00:53.0921 0x05c8 D:\WINDOWS\system32\cfgmgr32.dll - ok
19:00:53.0921 0x05c8 [ C8C0BDABC966B6C24D337DF0A0A399E1, 2A8376BC6EC1B2A8B632051C47A8A5106B984887774CFEBD2624F58D73BA8E66 ] D:\WINDOWS\system32\powrprof.dll
19:00:53.0921 0x05c8 D:\WINDOWS\system32\powrprof.dll - ok
19:00:53.0921 0x05c8 [ 4FBC75B74479C7A6F829E0CA19DF3366, A42568851B48FB9924B3FE18C8A0F3CEECD850254257CFE6C5F168C08F408EF0 ] D:\WINDOWS\system32\svchost.exe
19:00:53.0921 0x05c8 D:\WINDOWS\system32\svchost.exe - ok
19:00:53.0921 0x05c8 [ 65ABA37DE32716D6D1164216DB6263BA, DA2C2781F1D9080549CC1E7B0AA3EA1B4C982A96B845853C53B8485BE4A6433E ] D:\WINDOWS\system32\ntmarta.dll
19:00:53.0921 0x05c8 D:\WINDOWS\system32\ntmarta.dll - ok
19:00:53.0921 0x05c8 [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] D:\WINDOWS\system32\rpcss.dll
19:00:53.0921 0x05c8 D:\WINDOWS\system32\rpcss.dll - ok
19:00:53.0937 0x05c8 [ FDB5E2CA5763E37E1D19B7C4AFAE8055, 054F909CF48C9546F7F7A703AB66A50FE10A76CC384265551896854155A8366C ] D:\WINDOWS\system32\xpsp2res.dll
19:00:53.0937 0x05c8 D:\WINDOWS\system32\xpsp2res.dll - ok
19:00:53.0937 0x05c8 [ 04955AA695448C181B367D964AF158AA, 4C6A6FCB3D882D93E1643D8DA555D04625BEE5D6C279FF98879C2A7410635BF2 ] D:\WINDOWS\system32\eventlog.dll
19:00:53.0937 0x05c8 D:\WINDOWS\system32\eventlog.dll - ok
19:00:53.0937 0x05c8 [ 68169471FA71B327ED009B80CDDC82DE, 70FDB4F3E4EBA7D93B233D9BDDAAAADE998EE128174A11091AB3C5438C84DD6D ] D:\WINDOWS\system32\ati2edxx.dll
19:00:53.0937 0x05c8 D:\WINDOWS\system32\ati2edxx.dll - ok
19:00:53.0937 0x05c8 [ DF585DE3B2AE3CE0FB72EB562BB989A7, 599F391B640FA62AA2F81733791556BEFD4894E71C04C7C3031E184B334A905D ] D:\WINDOWS\system32\atipdlxx.dll
19:00:53.0937 0x05c8 D:\WINDOWS\system32\atipdlxx.dll - ok
19:00:53.0937 0x05c8 [ F12B9D9A069331877D006CC81B4735F9, 28EEE4A21412174BE0CAF7B041DAAB8299AA59EA5F6E41B8AFDD1A4DA770C793 ] D:\WINDOWS\system32\mswsock.dll
19:00:53.0937 0x05c8 D:\WINDOWS\system32\mswsock.dll - ok
19:00:53.0953 0x05c8 [ 0DAF0705D7B39C94E287913226688804, 6757E08E027B31740DC829F3EF498D45C4D6C1E74CEE7F9711235C15D43AC5A7 ] D:\WINDOWS\system32\hnetcfg.dll
19:00:53.0953 0x05c8 D:\WINDOWS\system32\hnetcfg.dll - ok
19:00:53.0953 0x05c8 [ 02AF8A799D173C2D0C71F399C03AC9E1, 2337951BAFD3BDCB0102BFAD672354D8C1C2DFDE23AC531F87CE0F0C8B55C851 ] D:\WINDOWS\system32\wshtcpip.dll
19:00:53.0953 0x05c8 D:\WINDOWS\system32\wshtcpip.dll - ok
19:00:53.0953 0x05c8 [ 469FED8597896DB77B49384BE90E2E0A, E811D47288AFEC01013A5D907107312A742175384B9BDAC0F9A710EFF70B120B ] D:\WINDOWS\system32\rasadhlp.dll
19:00:53.0953 0x05c8 D:\WINDOWS\system32\rasadhlp.dll - ok
19:00:53.0953 0x05c8 [ 4934FF44C8B6AE7B4CA0118B3D2CF666, AD33FCDCE79EF82B00AD0B0D08F201C242FA809A110A70968B1D3FB4E7C5170F ] D:\WINDOWS\system32\winrnr.dll
19:00:53.0953 0x05c8 D:\WINDOWS\system32\winrnr.dll - ok
19:00:53.0968 0x05c8 [ 41CCC4CD535579D27AEAB485B36CEB9E, 5453E3056EE42579A612BD1A177E3C57A128803189AD8CB91EE2D228FC475D19 ] D:\WINDOWS\system32\wshbth.dll
19:00:53.0968 0x05c8 D:\WINDOWS\system32\wshbth.dll - ok
19:00:53.0968 0x05c8 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] D:\WINDOWS\system32\dhcpcsvc.dll
19:00:53.0968 0x05c8 D:\WINDOWS\system32\dhcpcsvc.dll - ok
19:00:53.0968 0x05c8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] D:\WINDOWS\system32\drivers\ndisuio.sys
19:00:53.0968 0x05c8 D:\WINDOWS\system32\drivers\ndisuio.sys - ok
19:00:53.0968 0x05c8 [ 8C9ED3B2834AAE63081AB2DA831C6FE9, 87D2931A5CD3658A28072BEC3F28384B91CC3B19D072CE9C69F119B80671C163 ] D:\WINDOWS\system32\dnsrslvr.dll
19:00:53.0968 0x05c8 D:\WINDOWS\system32\dnsrslvr.dll - ok
19:00:53.0968 0x05c8 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] D:\WINDOWS\system32\lmhsvc.dll
19:00:53.0968 0x05c8 D:\WINDOWS\system32\lmhsvc.dll - ok
19:00:53.0984 0x05c8 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] D:\WINDOWS\system32\wzcsvc.dll
19:00:53.0984 0x05c8 D:\WINDOWS\system32\wzcsvc.dll - ok
19:00:53.0984 0x05c8 [ 6F5ABF78CEB2A64DAC1CD8A8A04E30A5, 8524937F4B8CB1E3BA8737BA36952B2913A42BBCC4890664A616EEF591641FB0 ] D:\WINDOWS\system32\atl.dll
19:00:53.0984 0x05c8 D:\WINDOWS\system32\atl.dll - ok
19:00:53.0984 0x05c8 [ 6B08275230504D5112CE379A3D9DF8D9, 4E8342BDACA2A721FCB16F76DF0F3B5408F1AE4856CEA6F71A51E9DFDA15D0E0 ] D:\WINDOWS\system32\dot3api.dll
19:00:53.0984 0x05c8 D:\WINDOWS\system32\dot3api.dll - ok
19:00:53.0984 0x05c8 [ 27EE4C04D81A9B5658C819C43221598B, 51650B93D67732BFB5E1FA156A320607E233A36047064E9843E3E15498A22547 ] D:\WINDOWS\system32\eapolqec.dll
19:00:53.0984 0x05c8 D:\WINDOWS\system32\eapolqec.dll - ok
19:00:53.0984 0x05c8 [ EC9DB893C89020C2B95D301429535162, C08DD59C71C3ACEAA5491D1AC10237FBE64962DC66DA9BB981A09B62658EFBF7 ] D:\WINDOWS\system32\esent.dll
19:00:53.0984 0x05c8 D:\WINDOWS\system32\esent.dll - ok
19:00:54.0000 0x05c8 [ 06BE178035B554A7638CC45030DFB7A5, AEEDDA78470A951B742B04F9FD429006EFCB0E9097BE871037B3931F2D997745 ] D:\WINDOWS\system32\qutil.dll
19:00:54.0000 0x05c8 D:\WINDOWS\system32\qutil.dll - ok
19:00:54.0000 0x05c8 [ 7CC640E3B8D427752F1D5B1093609338, 1CB2CFBE00D6017736E2CA40E2A8B7344427C864BDAD2E936AD76D9B88360114 ] D:\WINDOWS\system32\rtutils.dll
19:00:54.0000 0x05c8 D:\WINDOWS\system32\rtutils.dll - ok
19:00:54.0000 0x05c8 [ 43AD9160D7AF6E7EAD00B485EBBAB6A5, BCC321C85162CA13482323B00028880854B7EC5B9BF53FE28B93EB01A73C43C8 ] D:\WINDOWS\system32\wmi.dll
19:00:54.0000 0x05c8 D:\WINDOWS\system32\wmi.dll - ok
19:00:54.0000 0x05c8 [ 78CC39AD817831F5BAD2B5D79A299F25, A5146E0FDD520AFA62F7A7B1C403E86DC2C6F7139BD9F1FD28B77473CF753117 ] D:\WINDOWS\system32\clbcatq.dll
19:00:54.0000 0x05c8 D:\WINDOWS\system32\clbcatq.dll - ok
19:00:54.0015 0x05c8 [ D0DE8A2EC95184E5193BB4B3112E29DF, 533EDAC06B30E3BA7BC65398D2C1067A0B6015E17A339439DECCD2B13EC1E9BB ] D:\WINDOWS\system32\comres.dll
19:00:54.0015 0x05c8 D:\WINDOWS\system32\comres.dll - ok
19:00:54.0015 0x05c8 [ F2FBB810CEE3E25F8F923959C400E457, A63C42197D321B1BEB44C7BD28AD74BA27D7AD9D33387BEC5759E8AEB63E3D6E ] D:\WINDOWS\system32\logonui.exe
19:00:54.0015 0x05c8 D:\WINDOWS\system32\logonui.exe - ok
19:00:54.0015 0x05c8 [ B1CDCB462C2B50F0D66E755D2B285820, 51655195D017FEEF9AA4039D493C840BDDDC4258C8723C58C562A69355C9C2C2 ] D:\WINDOWS\system32\rastls.dll
19:00:54.0015 0x05c8 D:\WINDOWS\system32\rastls.dll - ok
19:00:54.0015 0x05c8 [ DB326A97E844964AF487D6FFDE28256B, 939E16FD9AD3D9D91DAA858802FD84045AD743B4126DB9A2E0930CC117547AEB ] D:\WINDOWS\system32\ati2evxx.dll
19:00:54.0015 0x05c8 D:\WINDOWS\system32\ati2evxx.dll - ok
19:00:54.0015 0x05c8 [ 8395FB1049CB49B2C14C3CACDF9B2B5A, 0253C0A8B38AECE84BC602EB626FF6D147EACEFB31BC6DA5FACDB1588C3645A4 ] D:\WINDOWS\system32\cryptui.dll
19:00:54.0015 0x05c8 D:\WINDOWS\system32\cryptui.dll - ok
19:00:54.0031 0x05c8 [ BDB7897C7845025C085EA76B7210150E, F99F1B4ECED2094B622BD81FC7EA9D1EB283350A9AFEE5B56843ED8BA8C2E002 ] D:\WINDOWS\system32\duser.dll
19:00:54.0031 0x05c8 D:\WINDOWS\system32\duser.dll - ok
19:00:54.0031 0x05c8 [ D1A962D2DA4241977634365E33DB2417, D589D6D92FD916A06C8024CCD48B31045E66963D98263DFC53A055662CEA2737 ] D:\WINDOWS\system32\cscdll.dll
19:00:54.0031 0x05c8 D:\WINDOWS\system32\cscdll.dll - ok
19:00:54.0031 0x05c8 [ 2449D2A51EA2083FA05058F7CEF44714, 3291589AEC31C553C35B54B2D9082BB83035ADA5B68ABBB351E3AE3E0A9ED18B ] D:\WINDOWS\system32\dimsntfy.dll
19:00:54.0031 0x05c8 D:\WINDOWS\system32\dimsntfy.dll - ok
19:00:54.0031 0x05c8 [ DC4E223F5813150073FB5CC63D13293B, 7420E02BD2C81B74E2F9CDFA7B43F087EFE0D086A85DED453B4B65A3280B1A8A ] D:\WINDOWS\system32\msimg32.dll
19:00:54.0031 0x05c8 D:\WINDOWS\system32\msimg32.dll - ok
19:00:54.0031 0x05c8 [ DF2A4BD2F67F35D803F5342046BA07C6, 6F3E349F90AD65D8777ED6930838A67393892CA082511B211938009BD8E958E0 ] D:\WINDOWS\system32\oleacc.dll
19:00:54.0031 0x05c8 D:\WINDOWS\system32\oleacc.dll - ok
19:00:54.0046 0x05c8 [ B4AEE98A48917B274FACFB78BBE0BC84, D5E64C865B09B54212A5D80BE757E01FB8E8486CA2C95D3387CC2869E0A484D0 ] D:\WINDOWS\system32\wininet.dll
19:00:54.0046 0x05c8 D:\WINDOWS\system32\wininet.dll - ok
19:00:54.0046 0x05c8 [ 85D87ABB3889CE139BFFD7C7CBAC396B, 940BC0718EE819500A12F6F6D29CEE87C320CC37284DE591A3DC72545972A14C ] D:\WINDOWS\system32\wlnotify.dll
19:00:54.0046 0x05c8 D:\WINDOWS\system32\wlnotify.dll - ok
19:00:54.0046 0x05c8 [ E12D149442BBFEA6AA952327B2EA0079, FCCF3B9436632628DF34472DBE61B6DE5FE3C71280420DA23DF0769BEA2E3792 ] D:\WINDOWS\system32\winspool.drv
19:00:54.0046 0x05c8 D:\WINDOWS\system32\winspool.drv - ok
19:00:54.0046 0x05c8 [ C310CEAF283A8B5D4100E7C81E711F74, C9BE6CF66EE33FBF8295F66C6A5EA27D1FA503C950940A425E48DD0182DC77BD ] D:\WINDOWS\system32\mprapi.dll
19:00:54.0046 0x05c8 D:\WINDOWS\system32\mprapi.dll - ok
19:00:54.0062 0x05c8 [ 210199B7F3F632A95C29C916B040EABE, D535E25C508CD2CF2DB7C6FF9DE5E542590E152A90F9DD494B9D3AD358462B39 ] D:\WINDOWS\system32\activeds.dll
19:00:54.0062 0x05c8 D:\WINDOWS\system32\activeds.dll - ok
19:00:54.0062 0x05c8 [ DEF910C95F7C0C9B36C9A90EE25C924E, 3685026FC70CA6B0F40962C87D5A5B4B0B24EDDB68AA8CD5D4586EBD6C6B1238 ] D:\WINDOWS\system32\adsldpc.dll
19:00:54.0062 0x05c8 D:\WINDOWS\system32\adsldpc.dll - ok
19:00:54.0062 0x05c8 [ 8DD8B3F22B6E6E62D6D113AB319D1839, A807EC807945DB938D24A17152CBB939A612FF27D0377B8E29133B2CD3BB76DD ] D:\WINDOWS\system32\shgina.dll
19:00:54.0062 0x05c8 D:\WINDOWS\system32\shgina.dll - ok
19:00:54.0062 0x05c8 [ FC5F5F2EC1676C7CD898155B6546D2AE, 03590813360B76FD7B27D7FA19FA418FCA135ED4B31E205043F26673C9012795 ] D:\WINDOWS\system32\rasapi32.dll
19:00:54.0062 0x05c8 D:\WINDOWS\system32\rasapi32.dll - ok
19:00:54.0062 0x05c8 [ D4A61C9CFD998B132541C658E60C239D, 36A935942C1AF961EAEDE0D15DE889B9F4DAC36E24DD1666ABB685AE3691B71F ] D:\WINDOWS\system32\rasman.dll
19:00:54.0062 0x05c8 D:\WINDOWS\system32\rasman.dll - ok
19:00:54.0078 0x05c8 [ 995857A5138976FAEE6455F00033F607, 46EBA315DA3DC227A1173D9A6F1EA1242A8C20F54BEFF20BB83A2D09636B2458 ] D:\WINDOWS\system32\tapi32.dll
19:00:54.0078 0x05c8 D:\WINDOWS\system32\tapi32.dll - ok
19:00:54.0078 0x05c8 [ B4B91D8615D022B4143B9AED662008D1, EE719D9ACEBBC92D59E150423884E25343B1D6E0447555CF5588E2D1477BD2F7 ] D:\WINDOWS\system32\riched20.dll
19:00:54.0078 0x05c8 D:\WINDOWS\system32\riched20.dll - ok
19:00:54.0078 0x05c8 [ FED5D601190B0CCD6A625C92FACDDC74, 93BACE8F4895E7AE5420FCA94673975CE2A099A393B8410D9A7F2DEB806F123B ] D:\WINDOWS\system32\raschap.dll
19:00:54.0078 0x05c8 D:\WINDOWS\system32\raschap.dll - ok
19:00:54.0078 0x05c8 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] D:\WINDOWS\system32\schedsvc.dll
19:00:54.0078 0x05c8 D:\WINDOWS\system32\schedsvc.dll - ok
19:00:54.0078 0x05c8 [ C52B07091AD6E6201FA535686E5642FA, 95E646E10B611BC6B63257AB84012543AD82CF2995B348E367116264E5FA475D ] D:\WINDOWS\system32\msidle.dll
19:00:54.0078 0x05c8 D:\WINDOWS\system32\msidle.dll - ok
19:00:54.0093 0x05c8 [ 39356A9CDB6753A6D13A4072A9F5A4BB, 7E41478460B0FFE7606F245B74AD60244816F4523FD4355C26BADF724BCE6575 ] D:\WINDOWS\system32\spoolsv.exe
19:00:54.0093 0x05c8 D:\WINDOWS\system32\spoolsv.exe - ok
19:00:54.0093 0x05c8 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] D:\WINDOWS\system32\audiosrv.dll
19:00:54.0093 0x05c8 D:\WINDOWS\system32\audiosrv.dll - ok
19:00:54.0093 0x05c8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] D:\WINDOWS\system32\drivers\mrxdav.sys
19:00:54.0093 0x05c8 D:\WINDOWS\system32\drivers\mrxdav.sys - ok
19:00:54.0093 0x05c8 [ C0DB1E9367681ECD7ECCA9615C1D0F9B, 0CB18C35032E39163645C1761A9488639D2EF0643D856FDAA013BFF8A69DC744 ] D:\WINDOWS\system32\wkssvc.dll
19:00:54.0093 0x05c8 D:\WINDOWS\system32\wkssvc.dll - ok
19:00:54.0109 0x05c8 [ 9621BE9F6EA24F3D7F09B07853CB5AC8, 289B6CF50AB088D474C84634A0469502153EED94BFBD11396E574451B0E8EF1C ] D:\WINDOWS\system32\spoolss.dll
19:00:54.0109 0x05c8 D:\WINDOWS\system32\spoolss.dll - ok
19:00:54.0109 0x05c8 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] D:\WINDOWS\system32\webclnt.dll
19:00:54.0109 0x05c8 D:\WINDOWS\system32\webclnt.dll - ok
19:00:54.0109 0x05c8 [ 6582453D9A23287F6DCA15B82D339A48, 7FE6EE258F7017C8EEB36A2F8FF66B47C8662957A42EEE97BCDC46176EB014F0 ] D:\WINDOWS\system32\localspl.dll
19:00:54.0109 0x05c8 D:\WINDOWS\system32\localspl.dll - ok
19:00:54.0109 0x05c8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] D:\WINDOWS\system32\drivers\fastfat.sys
19:00:54.0109 0x05c8 D:\WINDOWS\system32\drivers\fastfat.sys - ok
19:00:54.0109 0x05c8 [ F0C803D84B89B2EA3CDB5580CECC15E3, 03E6A3261DDA5341B294CA1742E6569EB805038A31EA6C969318FB280A3CCBBA ] D:\WINDOWS\system32\wsock32.dll
19:00:54.0109 0x05c8 D:\WINDOWS\system32\wsock32.dll - ok
19:00:54.0125 0x05c8 [ 7E7D8DD0AFC6EFAA7F39CCF7B222D751, 244946BB067BBD573570417A3C042412A2CFC2AEED23411DB30A1223C2D733DD ] D:\WINDOWS\system32\certcli.dll
19:00:54.0125 0x05c8 D:\WINDOWS\system32\certcli.dll - ok
19:00:54.0125 0x05c8 [ CD1A323D787B738DDE0D62AA28214E16, 537C716DCC3F173580F6A34D31CBB099D0AFF57B5A31E737F4A41C8BCF041CB5 ] D:\WINDOWS\system32\cnbjmon.dll
19:00:54.0125 0x05c8 D:\WINDOWS\system32\cnbjmon.dll - ok
19:00:54.0125 0x05c8 [ 6CD9B4F273997E04EB548969C4AAEAA1, D3540729FDF61CCBB8CED7DFC3CAB4A1616409AD93F4663FD0C6B3EA42E3FDBA ] D:\WINDOWS\system32\CNMLM64.DLL
19:00:54.0125 0x05c8 D:\WINDOWS\system32\CNMLM64.DLL - ok
19:00:54.0125 0x05c8 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] D:\WINDOWS\system32\cryptsvc.dll
19:00:54.0125 0x05c8 D:\WINDOWS\system32\cryptsvc.dll - ok
19:00:54.0125 0x05c8 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] D:\WINDOWS\system32\drivers\parvdm.sys
19:00:54.0125 0x05c8 D:\WINDOWS\system32\drivers\parvdm.sys - ok
19:00:54.0140 0x05c8 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] D:\WINDOWS\system32\dmserver.dll
19:00:54.0140 0x05c8 D:\WINDOWS\system32\dmserver.dll - ok
19:00:54.0140 0x05c8 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] D:\WINDOWS\system32\ersvc.dll
19:00:54.0140 0x05c8 D:\WINDOWS\system32\ersvc.dll - ok
19:00:54.0140 0x05c8 [ 9B0B5DF56025F6E48C17C7BA75310D35, 11769BD4B25A6C139A347893E543935F85BD357B6EEEC65F174EA94531CD1D46 ] D:\WINDOWS\system32\pjlmon.dll
19:00:54.0140 0x05c8 D:\WINDOWS\system32\pjlmon.dll - ok
19:00:54.0140 0x05c8 [ CA8AA75C4DC6A48D65949A30CE46C970, 36315F9335ECECC839B6479A1B772F2B2CDC8CF8891E93507018ACBBF7231063 ] D:\WINDOWS\system32\tcpmon.dll
19:00:54.0140 0x05c8 D:\WINDOWS\system32\tcpmon.dll - ok
19:00:54.0140 0x05c8 [ 9696786759C4B43FA5C894747E893EA2, 4E68CD3A109EF892F09E2A2E7805A53969B512E7F427A09880E2C2082513929F ] D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
19:00:54.0140 0x05c8 D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe - ok
19:00:54.0156 0x05c8 [ 86F1895AE8C5E8B17D99ECE768A70732, 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE ] D:\Programme\Gemeinsame Dateien\LightScribe\msvcr71.dll
19:00:54.0156 0x05c8 D:\Programme\Gemeinsame Dateien\LightScribe\msvcr71.dll - ok
19:00:54.0156 0x05c8 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
19:00:54.0156 0x05c8 D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
19:00:54.0156 0x05c8 [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C, 8FB19E57429EA5C35C43DADC9C37088A9AD6D039067DA7920DD6A3C9287D0FED ] D:\WINDOWS\system32\es.dll
19:00:54.0156 0x05c8 D:\WINDOWS\system32\es.dll - ok
19:00:54.0156 0x05c8 [ 1B07F9455F2354120B5E0F7FD0DE21E7, 03E88E4499188CE01646BD16D14A15BAD1F4BEB04D5AF55C3331E28FF14E5B16 ] D:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL
19:00:54.0156 0x05c8 D:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL - ok
19:00:54.0171 0x05c8 [ E7BB3BF2DFDF4483DFF8A4AB05805416, 596CC4D6E8D3253D29EA0BE7FD01F44BD585910EBBD5D8B49C8911C7BC068470 ] D:\WINDOWS\system32\usbmon.dll
19:00:54.0171 0x05c8 D:\WINDOWS\system32\usbmon.dll - ok
19:00:54.0171 0x05c8 [ 8E1714FC6103F585F00CF2FA883EB33A, A50446B68792AAE4409F4CF150052835D86760FFE49E9D27B5BB719339C1E223 ] D:\WINDOWS\system32\hid.dll
19:00:54.0171 0x05c8 D:\WINDOWS\system32\hid.dll - ok
19:00:54.0171 0x05c8 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] D:\WINDOWS\system32\hidserv.dll
19:00:54.0171 0x05c8 D:\WINDOWS\system32\hidserv.dll - ok
19:00:54.0171 0x05c8 [ D6EB4916B203CBE525F8EFF5FD5AB16C, 93C0F25E7D018B85FE8725EF39F25AED80698D39356FA8FC9CA534F68C430EE8 ] D:\WINDOWS\system32\srvsvc.dll
19:00:54.0171 0x05c8 D:\WINDOWS\system32\srvsvc.dll - ok
19:00:54.0171 0x05c8 [ 561FA2ABB31DFA8FAB762145F81667C2, DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B ] D:\Programme\Gemeinsame Dateien\LightScribe\msvcp71.dll
19:00:54.0171 0x05c8 D:\Programme\Gemeinsame Dateien\LightScribe\msvcp71.dll - ok
19:00:54.0187 0x05c8 [ A3962F4BBFE699B7EFFBBADE608E314F, C25CC5F546BE13C4632009C4D30522AC7EA4AAA76D88C70E11B336BBD2FE48B4 ] D:\WINDOWS\system32\netmsg.dll
19:00:54.0187 0x05c8 D:\WINDOWS\system32\netmsg.dll - ok
19:00:54.0187 0x05c8 [ 4333010681772735474A64D984F175AB, 8A5795DEDD12B91562984AEB6F0A0D692A113ECAB66CC0365DC1FB0258E87802 ] D:\WINDOWS\system32\win32spl.dll
19:00:54.0187 0x05c8 D:\WINDOWS\system32\win32spl.dll - ok
19:00:54.0187 0x05c8 [ 0E892525F035A10857E33153CF65CE6C, D3C18126CCC1B59A90E28CDCAEA2CE3129081E5511C2F3428A39F2168EE9D3F9 ] D:\WINDOWS\system32\netrap.dll
19:00:54.0187 0x05c8 D:\WINDOWS\system32\netrap.dll - ok
19:00:54.0187 0x05c8 [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] D:\WINDOWS\system32\drivers\srv.sys
19:00:54.0187 0x05c8 D:\WINDOWS\system32\drivers\srv.sys - ok
19:00:54.0187 0x05c8 [ 4BAB096EE0673DE722536F0274DA2373, FFAC271F8E690695C65000204816D78D6E152B3E46091D9643FC6693AE5981E2 ] D:\WINDOWS\system32\inetpp.dll
19:00:54.0187 0x05c8 D:\WINDOWS\system32\inetpp.dll - ok
19:00:54.0203 0x05c8 [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] D:\Programme\Malwarebam\mbamscheduler.exe
19:00:54.0203 0x05c8 D:\Programme\Malwarebam\mbamscheduler.exe - ok
19:00:54.0203 0x05c8 [ A422816A15CFAC50567FD0F6582FD2CF, 0AA6588C63F53962E2D3665159BAE7402F43BEC0136A48DE39FE977430CA7B5A ] D:\Programme\Malwarebam\mbamsrv.dll
19:00:54.0203 0x05c8 D:\Programme\Malwarebam\mbamsrv.dll - ok
19:00:54.0203 0x05c8 [ 61AF7614418BA5B9E8B4EB82E459BE53, 828ABEF68681C061E93FA61E7D12AEAB6D67ABBE597BC207DF0E6DB185C95C72 ] D:\Programme\Malwarebam\QtCore4.dll
19:00:54.0203 0x05c8 D:\Programme\Malwarebam\QtCore4.dll - ok
19:00:54.0203 0x05c8 [ CA55500E2E0515FCC888C4A5E01E64B7, 053910D883931A776F71AF8CF3A15837524B65B933C09038E51F40FCB7B959D2 ] D:\Programme\Malwarebam\msvcp100.dll
19:00:54.0203 0x05c8 D:\Programme\Malwarebam\msvcp100.dll - ok
19:00:54.0218 0x05c8 [ 4C539E592E50633B21AB1E1FDA40A32A, F07F846E1BFA7AE1B5FE835BCB34CCD2FA671B865415EF2A9C6EB8972D3A0E0C ] D:\Programme\Malwarebam\msvcr100.dll
19:00:54.0218 0x05c8 D:\Programme\Malwarebam\msvcr100.dll - ok
19:00:54.0218 0x05c8 [ 72DC0AFC9BDCFEB18F390B937A24E32C, 7E0396569EB37E1520F01B99EDE0B906BD032C8410B2F02DD6F2B0C2F07E0D46 ] D:\WINDOWS\system32\ipsecsvc.dll
19:00:54.0218 0x05c8 D:\WINDOWS\system32\ipsecsvc.dll - ok
19:00:54.0218 0x05c8 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] D:\WINDOWS\system32\netman.dll
19:00:54.0218 0x05c8 D:\WINDOWS\system32\netman.dll - ok
19:00:54.0218 0x05c8 [ 121E5C473F0AD53BCFDB6E8181C44F81, 82E8036DD29249E826582D8933B04571AAE7B17EDD945B7928C8878DF3D0E454 ] D:\WINDOWS\system32\netshell.dll
19:00:54.0218 0x05c8 D:\WINDOWS\system32\netshell.dll - ok
19:00:54.0218 0x05c8 [ A3101C65133F0E3FCFF3ABA073BBA89C, 3041B0031E6834248DE5CD7766E8897DA65099D684F508878768212F17ED537D ] D:\WINDOWS\system32\oakley.dll
19:00:54.0218 0x05c8 D:\WINDOWS\system32\oakley.dll - ok
19:00:54.0234 0x05c8 [ 1F975474A91306BEFF9A2314A88DB3BF, 9A839FF98353AADA54D66EF57D7AF168E27E845C203C83087EA8CB12A8871430 ] D:\WINDOWS\system32\pstorsvc.dll
19:00:54.0234 0x05c8 D:\WINDOWS\system32\pstorsvc.dll - ok
19:00:54.0234 0x05c8 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] D:\WINDOWS\system32\regsvc.dll
19:00:54.0234 0x05c8 D:\WINDOWS\system32\regsvc.dll - ok
19:00:54.0234 0x05c8 [ C6D9B9487143C455C26BFA3D8BE7C445, 073F10A6216F517710167813B0D0ADD8A261FAC033F8C8948BA5BCACD32D9E57 ] D:\WINDOWS\system32\winipsec.dll
19:00:54.0234 0x05c8 D:\WINDOWS\system32\winipsec.dll - ok
19:00:54.0234 0x05c8 [ AB0B97A27AA94AB681F0B0DD7C1B5E89, F0CA25154DABE472ADB4D9A21EEC715E5D91D076CE079D2191E5D0AC1EB90BEE ] D:\WINDOWS\system32\psbase.dll
19:00:54.0234 0x05c8 D:\WINDOWS\system32\psbase.dll - ok
19:00:54.0234 0x05c8 [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] D:\WINDOWS\system32\dssenh.dll
19:00:54.0234 0x05c8 D:\WINDOWS\system32\dssenh.dll - ok
19:00:54.0250 0x05c8 [ AFF1657382B09291DCB40ECFD2B673F2, F565C41416E13F6C73A063EC7FC393F6E8D0F3F4B3C0F04EEBA3D36220836537 ] D:\WINDOWS\system32\credui.dll
19:00:54.0250 0x05c8 D:\WINDOWS\system32\credui.dll - ok
19:00:54.0250 0x05c8 [ AE1BFF56A081E11208AFFCC7209BF5CE, 800E32D54181A1001780B8FC84ACF4646C02FEFBD32D12B8881FA1CDD0C3D20F ] D:\WINDOWS\system32\dot3dlg.dll
19:00:54.0250 0x05c8 D:\WINDOWS\system32\dot3dlg.dll - ok
19:00:54.0250 0x05c8 [ 14FA15EF89423FBFE55F55BB892C5CF2, F002C5A226FE14956752CA49822FC785639CD4B8F9C7687392062E0CE44D1EA7 ] D:\WINDOWS\system32\eappcfg.dll
19:00:54.0250 0x05c8 D:\WINDOWS\system32\eappcfg.dll - ok
19:00:54.0250 0x05c8 [ D6633FC7D1FCE7DCD7A1FE2564DC4FA6, EE96500063A6114F0EBC56026A39ABA62A83D3E12509E6F3187B9BC9426661DF ] D:\WINDOWS\system32\eappprxy.dll
19:00:54.0250 0x05c8 D:\WINDOWS\system32\eappprxy.dll - ok
19:00:54.0265 0x05c8 [ 4BAC361B11D8C5F3B38EC668ADD95D60, 7F5719C1D04576B7FF51902C4ED0D10B5824935C18D3D98016E59102EB449A47 ] D:\WINDOWS\system32\onex.dll
19:00:54.0265 0x05c8 D:\WINDOWS\system32\onex.dll - ok
19:00:54.0265 0x05c8 [ 41696F6200C7151CC0A4A26816E3F577, 66B97C2CF41A6DB28A5118C09A63B95EA8C954698B52A19D457E20D90F85F353 ] D:\WINDOWS\system32\wzcsapi.dll
19:00:54.0265 0x05c8 D:\WINDOWS\system32\wzcsapi.dll - ok
19:00:54.0265 0x05c8 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] D:\WINDOWS\system32\wiaservc.dll
19:00:54.0265 0x05c8 D:\WINDOWS\system32\wiaservc.dll - ok
19:00:54.0265 0x05c8 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] D:\WINDOWS\system32\seclogon.dll
19:00:54.0265 0x05c8 D:\WINDOWS\system32\seclogon.dll - ok
19:00:54.0265 0x05c8 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] D:\WINDOWS\system32\sens.dll
19:00:54.0265 0x05c8 D:\WINDOWS\system32\sens.dll - ok
19:00:54.0281 0x05c8 [ C30D8C61884413FB35E241A2D98BD08F, E269FFAA5DC6E25F58D185C495F9B8EC054B1923963A0FF05D472392463FB3E3 ] D:\WINDOWS\system32\mscms.dll
19:00:54.0281 0x05c8 D:\WINDOWS\system32\mscms.dll - ok
19:00:54.0281 0x05c8 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] D:\WINDOWS\system32\srsvc.dll
19:00:54.0281 0x05c8 D:\WINDOWS\system32\srsvc.dll - ok
19:00:54.0281 0x05c8 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] D:\WINDOWS\system32\trkwks.dll
19:00:54.0281 0x05c8 D:\WINDOWS\system32\trkwks.dll - ok
19:00:54.0281 0x05c8 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] D:\WINDOWS\system32\wbem\wmisvc.dll
19:00:54.0281 0x05c8 D:\WINDOWS\system32\wbem\wmisvc.dll - ok
19:00:54.0281 0x05c8 [ 6E3FFF4A95EA978E333E53FE7F47E7F6, A71185F0B786691058FFBDA6540BAEE6D95618CF678E26B26C2F522E695C2E70 ] D:\WINDOWS\system32\vssapi.dll
19:00:54.0281 0x05c8 D:\WINDOWS\system32\vssapi.dll - ok
19:00:54.0296 0x05c8 [ B42057F06BBB98B31876C0B3F2B54E33, 779AF28378E8D37E784BEDBEE23DCFFC6C9C9068180F2A9058C91047E33ED078 ] D:\WINDOWS\system32\browser.dll
19:00:54.0296 0x05c8 D:\WINDOWS\system32\browser.dll - ok
19:00:54.0296 0x05c8 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] D:\WINDOWS\system32\wscsvc.dll
19:00:54.0296 0x05c8 D:\WINDOWS\system32\wscsvc.dll - ok
19:00:54.0296 0x05c8 [ 8C22083ED515DC94D575438662F0BE6A, 67DC2A393AE31764C090BE2AEFAD3E20220538152157BAEBF366112166FEAB23 ] D:\WINDOWS\system32\msi.dll
19:00:54.0296 0x05c8 D:\WINDOWS\system32\msi.dll - ok
19:00:54.0296 0x05c8 [ 18D926CD5F5BE2AA73EAD99C02BC719D, A4FC9EDCB1DA7AFDAB498BDD6245C035F19E478FA1C7F51192608B63F10D6DB8 ] D:\WINDOWS\system32\actxprxy.dll
19:00:54.0296 0x05c8 D:\WINDOWS\system32\actxprxy.dll - ok
19:00:54.0296 0x05c8 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] D:\WINDOWS\system32\ipnathlp.dll
19:00:54.0296 0x05c8 D:\WINDOWS\system32\ipnathlp.dll - ok
19:00:54.0312 0x05c8 [ 8747DA0A28057B6EF2366E4C951A23F5, 96AC4AFEB8D2EB706A5AA58B2B3803F88E8B74774F8FC2C4F7D59A3A961AA70D ] D:\WINDOWS\system32\wbem\wbemcomn.dll
19:00:54.0312 0x05c8 D:\WINDOWS\system32\wbem\wbemcomn.dll - ok
19:00:54.0312 0x05c8 [ 8B42C14DA903681760079C1E12D8B4DA, 2527D3FEE00D645620AABC36D2701216FE7C72BCE5C4E6F2BF1EA4C04B26461B ] D:\WINDOWS\system32\wbem\wbemcore.dll
19:00:54.0312 0x05c8 D:\WINDOWS\system32\wbem\wbemcore.dll - ok
19:00:54.0312 0x05c8 [ 517A94B722F607B904061447939D7924, B705E2012BA66A257B91DD933238E5A9056BAAB5502DDC9F779F142A9A42772A ] D:\WINDOWS\system32\wbem\wbemprox.dll
19:00:54.0312 0x05c8 D:\WINDOWS\system32\wbem\wbemprox.dll - ok
19:00:54.0312 0x05c8 [ 5F07EDF60DC19981238A0D8A9622535D, 35CCC1B21968CA652A8882694895660BF862C72DFB561853D6EBA131B396F8FD ] D:\WINDOWS\system32\wbem\esscli.dll
19:00:54.0312 0x05c8 D:\WINDOWS\system32\wbem\esscli.dll - ok
19:00:54.0328 0x05c8 [ 3F2A4A47A2BCE0269B252550D1A2B471, E672F6A19563B715A96A1B9D13C521C865447DD2CEA65CED87A1A943C74FE8CA ] D:\WINDOWS\system32\wbem\fastprox.dll
19:00:54.0328 0x05c8 D:\WINDOWS\system32\wbem\fastprox.dll - ok
19:00:54.0328 0x05c8 [ 90075AE5778A16AD07A030377E2E95CD, 90039F8CC696B71B0D88A266B0234A1D8525843344280F55F35204DDE298BC0D ] D:\WINDOWS\system32\comsvcs.dll
19:00:54.0328 0x05c8 D:\WINDOWS\system32\comsvcs.dll - ok
19:00:54.0328 0x05c8 [ 17E6FA7A7EBE1864DD5DDCD66D2735DF, D32882B2CA1503C62A2A65594D95D951EA291726600658A453C4B65C69ABD391 ] D:\WINDOWS\system32\colbact.dll
19:00:54.0328 0x05c8 D:\WINDOWS\system32\colbact.dll - ok
19:00:54.0328 0x05c8 [ 89546F0070588D78EA7357583A4C04CB, 3A0912E1B20A1A5A48EDE869C3C9A8EB606CA72DEA9288751DDD0582B8A29E8A ] D:\WINDOWS\system32\mtxclu.dll
19:00:54.0328 0x05c8 D:\WINDOWS\system32\mtxclu.dll - ok
19:00:54.0328 0x05c8 [ B601A34A1BC3FFF07B005BC91FF58500, D0DBB43DA277BAA4ED116B873C27EC6CE37607683E427C3A854FDFDA151295A6 ] D:\WINDOWS\system32\clusapi.dll
19:00:54.0328 0x05c8 D:\WINDOWS\system32\clusapi.dll - ok
19:00:54.0343 0x05c8 [ 241F738F1F3F67297066898C6322E794, 4DD9A20D2EC7F7EC65529D6F53C54C98F7A3AB1A1C662ACBE46ECF3DA5589FF0 ] D:\WINDOWS\system32\resutils.dll
19:00:54.0343 0x05c8 D:\WINDOWS\system32\resutils.dll - ok
19:00:54.0343 0x05c8 [ F4E0C344DDBD3F1DD43B438009A06B77, 452BA14451E599B255A56793E30A096CA1F16C4A5F65C4CBDC2F54ECA21DAC51 ] D:\WINDOWS\system32\wbem\wbemsvc.dll
19:00:54.0343 0x05c8 D:\WINDOWS\system32\wbem\wbemsvc.dll - ok
19:00:54.0343 0x05c8 [ BBF69BCF56B41E590B3F52719D002DB3, 8C6DA6C5B19C3A2A8FF998120FFEFAEE0C82522BCFA4274CD1775DF98572200B ] D:\WINDOWS\system32\wbem\wmiutils.dll
19:00:54.0343 0x05c8 D:\WINDOWS\system32\wbem\wmiutils.dll - ok
19:00:54.0343 0x05c8 [ 61E5A4949B77DFF8A776C3C45383AF2E, E2CD4C4EC1868AB4AA133AC13272ACA65E09AF979447723975BEC514F3E9D629 ] D:\WINDOWS\system32\wbem\repdrvfs.dll
19:00:54.0343 0x05c8 D:\WINDOWS\system32\wbem\repdrvfs.dll - ok
19:00:54.0343 0x05c8 [ A7F9E133160AFC926AC272EB80C47C58, D383EBA825C1245391F1D91AAC3FD62C81CB31B4AF7FC79E374DC6AF0F245FF3 ] D:\WINDOWS\system32\wbem\wmiprvsd.dll
19:00:54.0343 0x05c8 D:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
19:00:54.0359 0x05c8 [ 885CE91BDCDECEDCA6DB0E59D48FB43D, D4725D4F00DA4142505F124BA987475E98D276F891A868D4B2477857F700A448 ] D:\WINDOWS\system32\wbem\wbemess.dll
19:00:54.0359 0x05c8 D:\WINDOWS\system32\wbem\wbemess.dll - ok
19:00:54.0359 0x05c8 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] D:\WINDOWS\system32\alg.exe
19:00:54.0359 0x05c8 D:\WINDOWS\system32\alg.exe - ok
19:00:54.0359 0x05c8 [ F49D9D59B38311C3A2F6D1FC1C297BE4, D1555A774396AF2718D5278F4967BB6977BD62C495B824EF6F0B1379730B43FC ] D:\WINDOWS\system32\wuapi.dll
19:00:54.0359 0x05c8 D:\WINDOWS\system32\wuapi.dll - ok
19:00:54.0359 0x05c8 [ 755A529EF5EA3960835507A727FABE56, 3FAD58A7BFCD92F101EE44368562110A87FC5BCBDABAE85AFB98147BAB502A00 ] D:\WINDOWS\system32\wbem\ncprov.dll
19:00:54.0359 0x05c8 D:\WINDOWS\system32\wbem\ncprov.dll - ok
19:00:54.0375 0x05c8 [ B9E1B91828711D12BBF27C3A29255127, 947BD601908DBB4EDEF93D2EBD2603614895D4D34BF36DA1B8D7FBC91319F316 ] D:\WINDOWS\system32\netcfgx.dll
19:00:54.0375 0x05c8 D:\WINDOWS\system32\netcfgx.dll - ok
19:00:54.0375 0x05c8 [ C7636BA48F5BA08AD427E6FBECC32679, 5C11B849BC7758C96687A492A1BA48DAE5410A043BB2B333B29B6F82578A15A3 ] D:\WINDOWS\system32\wbem\wbemcons.dll
19:00:54.0375 0x05c8 D:\WINDOWS\system32\wbem\wbemcons.dll - ok
19:00:54.0375 0x05c8 [ 27EB9D671497EA236E6B59EB9EDE3607, 1AF79A10F1F3D67BF8826A92D9BA523499F2946009DB2619B0988CCAD8C44A63 ] D:\WINDOWS\system32\cscui.dll
19:00:54.0375 0x05c8 D:\WINDOWS\system32\cscui.dll - ok
19:00:54.0375 0x05c8 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] D:\WINDOWS\system32\termsrv.dll
19:00:54.0375 0x05c8 D:\WINDOWS\system32\termsrv.dll - ok
19:00:54.0375 0x05c8 [ 39E63B4B76CB20E20949FCC6DE1BC630, F8A80D853B445E43C37BF5EC35CB9D789B2F8F0A09E1CA50368A547EC8BFD060 ] D:\WINDOWS\system32\icaapi.dll
19:00:54.0375 0x05c8 D:\WINDOWS\system32\icaapi.dll - ok
19:00:54.0390 0x05c8 [ F0D12C9FA5F8C3ED9329418FFDC4FE4C, 49BAD9620B6671470ADF7F114F241DDD7E6CB28AFCB2F563BAC5DAD520A5B9EB ] D:\WINDOWS\system32\mstlsapi.dll
19:00:54.0390 0x05c8 D:\WINDOWS\system32\mstlsapi.dll - ok
19:00:54.0390 0x05c8 [ 5A023A0A96A198A667A9FB42ACFA0D7F, 51C51D1F593D7B3EA68CF636D965B2E121984A7C72C650A52E01B2D100CDAE77 ] D:\WINDOWS\system32\dpcdll.dll
19:00:54.0390 0x05c8 D:\WINDOWS\system32\dpcdll.dll - ok
19:00:54.0390 0x05c8 [ BE2C8BD5F596535D534C785B04A3B741, 45873CE1C437B25CBF44C977569C30561830D0993C4116C6EBF400471DED0BB1 ] D:\WINDOWS\system32\wdmaud.drv
19:00:54.0390 0x05c8 D:\WINDOWS\system32\wdmaud.drv - ok
19:00:54.0390 0x05c8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] D:\WINDOWS\system32\drivers\wdmaud.sys
19:00:54.0390 0x05c8 D:\WINDOWS\system32\drivers\wdmaud.sys - ok
19:00:54.0390 0x05c8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] D:\WINDOWS\system32\drivers\sysaudio.sys
19:00:54.0390 0x05c8 D:\WINDOWS\system32\drivers\sysaudio.sys - ok
19:00:54.0406 0x05c8 [ 788F95312E26389D596C0FA55834E106, F7090C739CFC4AA6280BFEDC1551118F05A098B0AD71BB9541E21E6FDFED3040 ] D:\WINDOWS\system32\userinit.exe
19:00:54.0406 0x05c8 D:\WINDOWS\system32\userinit.exe - ok
19:00:54.0406 0x05c8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] D:\WINDOWS\system32\drivers\aec.sys
19:00:54.0406 0x05c8 D:\WINDOWS\system32\drivers\aec.sys - ok
19:00:54.0406 0x05c8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] D:\WINDOWS\system32\drivers\splitter.sys
19:00:54.0406 0x05c8 D:\WINDOWS\system32\drivers\splitter.sys - ok
19:00:54.0406 0x05c8 [ 418045A93CD87A352098AB7DABE1B53E, 81419093CCB985DA284931FA3DF41C4CFE25350DB1C366792903411819371664 ] D:\WINDOWS\explorer.exe
19:00:54.0406 0x05c8 D:\WINDOWS\explorer.exe - ok
19:00:54.0421 0x05c8 [ 62982E7EF025B5D8FB31467265C43918, 50763ED3A1524110A4E1327877C1D6495F135FC462E48D99423AAEC39C139492 ] D:\WINDOWS\system32\browseui.dll
19:00:54.0421 0x05c8 D:\WINDOWS\system32\browseui.dll - ok
19:00:54.0421 0x05c8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] D:\WINDOWS\system32\drivers\swmidi.sys
19:00:54.0421 0x05c8 D:\WINDOWS\system32\drivers\swmidi.sys - ok
19:00:54.0421 0x05c8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] D:\WINDOWS\system32\drivers\dmusic.sys
19:00:54.0421 0x05c8 D:\WINDOWS\system32\drivers\dmusic.sys - ok
19:00:54.0421 0x05c8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] D:\WINDOWS\system32\drivers\kmixer.sys
19:00:54.0421 0x05c8 D:\WINDOWS\system32\drivers\kmixer.sys - ok
19:00:54.0421 0x05c8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] D:\WINDOWS\system32\drivers\drmkaud.sys
19:00:54.0421 0x05c8 D:\WINDOWS\system32\drivers\drmkaud.sys - ok
19:00:54.0437 0x05c8 [ 5F62AE472DDEC02CB3C635FAD6F3A632, ED777A976B6F75A20EF7D92972B26D5DF8AC2471412D6CB34E0DE74ABB7DBD44 ] D:\WINDOWS\system32\shdocvw.dll
19:00:54.0437 0x05c8 D:\WINDOWS\system32\shdocvw.dll - ok
19:00:54.0437 0x05c8 [ 2CF969B9BF1EF069075DCDCE309FAAE1, 04CD664171AC3BD147CB5FA5CE86F42454D595A73988DFA870410172AC33373A ] D:\WINDOWS\system32\midimap.dll
19:00:54.0437 0x05c8 D:\WINDOWS\system32\midimap.dll - ok
19:00:54.0437 0x05c8 [ 84BDD3C4FADB534BD843D949CFCDE53C, 5773B9D7A417935D298AFB2D0FCA9FCFCBD9192F9AC0DE3CFBDE0477D819E348 ] D:\WINDOWS\system32\msacm32.drv
19:00:54.0437 0x05c8 D:\WINDOWS\system32\msacm32.drv - ok
19:00:54.0437 0x05c8 [ 4B0451C5A07470A3722171E354ABDADE, A7A1F52BA1A20330FEEBF285A62784475E74C95C76B875DF50B71721E412AA5F ] D:\WINDOWS\system32\desk.cpl
19:00:54.0437 0x05c8 D:\WINDOWS\system32\desk.cpl - ok
19:00:54.0437 0x05c8 [ 78898165CF0E27AFBD8653EF6D2FDA07, 0DBE48641D23FBF823E100861428F73ABCE067B78D5FC97B472806A02D12F36A ] D:\WINDOWS\system32\themeui.dll
19:00:54.0437 0x05c8 D:\WINDOWS\system32\themeui.dll - ok
19:00:54.0453 0x05c8 [ 65660A5C5C56DEFBA2F0F417D1B4A82C, A55940A35993B24CE3EE420F2C3C5D5EB62207711096E1F690FB0563DAF21B2E ] D:\WINDOWS\system32\urlmon.dll
19:00:54.0453 0x05c8 D:\WINDOWS\system32\urlmon.dll - ok
19:00:54.0453 0x05c8 [ EDAFBE25FB6480CE68F688BA691890DC, F21610B3FC4FE3C18334F2B204E9E7E77F7AC3DD7357171AAD2A65B64AC653E0 ] D:\WINDOWS\system32\wscntfy.exe
19:00:54.0453 0x05c8 D:\WINDOWS\system32\wscntfy.exe - ok
19:00:54.0453 0x05c8 [ 9B890F756D087991322464912FE68E75, 57BF326C1AFC57803F6E5E77458080FE5A1C1413C6F9BD3CC37ADD07008E6812 ] D:\WINDOWS\system32\cmd.exe
19:00:54.0453 0x05c8 D:\WINDOWS\system32\cmd.exe - ok
19:00:54.0453 0x05c8 [ 2AD9820E4B17E78110A6AA06BF5C1CE2, 330A62FC255D24FCF7904B11CD533A9A06C1EBDBD90491A11960317759E7F4D0 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{A3707573-378C-4F1A-BC0D-911A3B6224BC}.exe
19:00:54.0453 0x05c8 D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{A3707573-378C-4F1A-BC0D-911A3B6224BC}.exe - ok
19:00:54.0468 0x05c8 [ 65657A27D1487BAAFE446ED3E20D2209, F0A1D344E38B9D60F6149E0BDCCB06EF53A298E76B1682A5F573CFD3B8F49CAF ] D:\WINDOWS\system32\msutb.dll
19:00:54.0468 0x05c8 D:\WINDOWS\system32\msutb.dll - ok
19:00:54.0468 0x05c8 [ A4472EA73BFB27132483F86BAFCD7783, 04DABF76F91D8F3EE43837591C33516E2C644AB3F2C8E75FE5256258C1632046 ] D:\WINDOWS\system32\msctf.dll
19:00:54.0468 0x05c8 D:\WINDOWS\system32\msctf.dll - ok
19:00:54.0468 0x05c8 [ F6B34CD47CAF6D68106B9F8055F35C50, AEB641391D0186C2A6C2ED97FE87EDF6D0289818FD2CBB98AAD0CDA3504B23B0 ] D:\WINDOWS\system32\rundll32.exe
19:00:54.0468 0x05c8 D:\WINDOWS\system32\rundll32.exe - ok
19:00:54.0468 0x05c8 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] D:\WINDOWS\system32\ctfmon.exe
19:00:54.0468 0x05c8 D:\WINDOWS\system32\ctfmon.exe - ok
19:00:54.0468 0x05c8 [ 6106C285CCBAA90AABE190C7F9E25558, 955D34F12EF4A3B4531DF821ACA31762DAE3E7868719F1FFBDDC85637F4E18E8 ] D:\WINDOWS\system32\bthprops.cpl
19:00:54.0468 0x05c8 D:\WINDOWS\system32\bthprops.cpl - ok
19:00:54.0484 0x05c8 [ 456DFE2E9E04CAD282E19DE078DCF85B, 1236F50D225F331F0583D5203E58B2CE631008832071F8FDAF103D0BF47D49AD ] D:\WINDOWS\ime\sptip.dll
19:00:54.0484 0x05c8 D:\WINDOWS\ime\sptip.dll - ok
19:00:54.0484 0x05c8 [ E5A0609A36161F9CA277F3E4EEE339F7, E8E300F5535DBDE4682A2263CD3AF12C5CF778412AA97A8D124B3130ED2B7BEF ] D:\WINDOWS\system32\devmgr.dll
19:00:54.0484 0x05c8 D:\WINDOWS\system32\devmgr.dll - ok
19:00:54.0484 0x05c8 [ 5543A9D4A1D0F9F84092482A9373A024, 6A400462579D71046074FA49A34E0F909C43DCBFA05D1875084FA7FF260949E4 ] D:\WINDOWS\system32\linkinfo.dll
19:00:54.0484 0x05c8 D:\WINDOWS\system32\linkinfo.dll - ok
19:00:54.0484 0x05c8 [ 6AD81A33FE1E1DBB7A1E332C20160D05, 128AA71D3E4CEF642F9C1568349ADFA2AD2A5C4F5E5AA2702380C02783129DE1 ] D:\WINDOWS\system32\ntshrui.dll
19:00:54.0484 0x05c8 D:\WINDOWS\system32\ntshrui.dll - ok
19:00:54.0484 0x05c8 [ A7A221F7ED230E24A3186A5234751A08, D22B3BE8690FB6BA0586640C67212D5C6105B437086C96572BF3FB01CF308582 ] D:\WINDOWS\system32\winhttp.dll
19:00:54.0484 0x05c8 D:\WINDOWS\system32\winhttp.dll - ok
19:00:54.0500 0x05c8 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{3FD7D3B1-7E4B-4753-83FB-C0E0704BA945}.tmp
19:00:54.0500 0x05c8 D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{3FD7D3B1-7E4B-4753-83FB-C0E0704BA945}.tmp - ok
19:00:54.0500 0x05c8 [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{0010087B-C20C-4D16-984D-AE8E8171396F}.tmp
19:00:54.0500 0x05c8 D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{0010087B-C20C-4D16-984D-AE8E8171396F}.tmp - ok
19:00:54.0500 0x05c8 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{A7770DBC-62AC-4EB0-95AA-1B5E0DEDBD3C}.tmp
19:00:54.0500 0x05c8 D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{A7770DBC-62AC-4EB0-95AA-1B5E0DEDBD3C}.tmp - ok
19:00:54.0500 0x05c8 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{1351E434-CDFE-49B2-AAC2-1CAE86A08046}.tmp
19:00:54.0500 0x05c8 D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{1351E434-CDFE-49B2-AAC2-1CAE86A08046}.tmp - ok
19:00:54.0515 0x05c8 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{1D6D9C62-7611-4858-BE54-79392DBA0D5B}.tmp
19:00:54.0515 0x05c8 D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{1D6D9C62-7611-4858-BE54-79392DBA0D5B}.tmp - ok
19:00:54.0515 0x05c8 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{5CF0DCA3-F141-4559-BBDC-A303E821DA2B}.tmp
19:00:54.0515 0x05c8 D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{5CF0DCA3-F141-4559-BBDC-A303E821DA2B}.tmp - ok
19:00:54.0515 0x05c8 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{52E86C98-3C39-464D-8AAD-CFCF392C500C}.tmp
19:00:54.0515 0x05c8 D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{52E86C98-3C39-464D-8AAD-CFCF392C500C}.tmp - ok
19:00:54.0515 0x05c8 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{DC2CAAE1-A2C2-4EAF-B470-680493993AFD}.tmp
19:00:54.0515 0x05c8 D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{DC2CAAE1-A2C2-4EAF-B470-680493993AFD}.tmp - ok
19:00:54.0515 0x05c8 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{CF4F0EDD-537B-4CAC-AAAB-70AF6E29EF2E}.tmp
19:00:54.0515 0x05c8 D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{CF4F0EDD-537B-4CAC-AAAB-70AF6E29EF2E}.tmp - ok
19:00:54.0531 0x05c8 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{9F458773-C585-465D-B055-57334463312A}.tmp
19:00:54.0531 0x05c8 D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{9F458773-C585-465D-B055-57334463312A}.tmp - ok
19:00:54.0531 0x05c8 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] D:\WINDOWS\system32\imapi.exe
19:00:54.0531 0x05c8 D:\WINDOWS\system32\imapi.exe - ok
19:00:54.0531 0x05c8 [ C1DA9CCE6295AA435877CFBF0C61005D, 63B6B70CF3E535F7863DAA3A2DC904E2FA8470E2E35A4C1368468F4015B80F81 ] D:\WINDOWS\system32\webcheck.dll
19:00:54.0531 0x05c8 D:\WINDOWS\system32\webcheck.dll - ok
19:00:54.0531 0x05c8 [ F84AC3459F5ED9B77BC38C481F744729, 14DB981F2256858F144183C0C66ACF1100D65CBEF73ADD31E1B41D6F648DAF56 ] D:\WINDOWS\system32\batmeter.dll
19:00:54.0531 0x05c8 D:\WINDOWS\system32\batmeter.dll - ok
19:00:54.0531 0x05c8 [ DE2CD737BB7C6B2F391D54A06C1B80A1, 364E8F5088E0B9B7A7672D752BB1CED92DC2FFEEE4F9A1F16C46839462CB48A6 ] D:\WINDOWS\system32\stobject.dll
19:00:54.0531 0x05c8 D:\WINDOWS\system32\stobject.dll - ok
19:00:54.0546 0x05c8 [ 3F541BFA1043223844EBBFEBE3ED1AD8, 7A78013B9DC714FEF40B445653E1B901E3476C38724F43AEFC5715F26448D063 ] D:\WINDOWS\system32\ssdpapi.dll
19:00:54.0546 0x05c8 D:\WINDOWS\system32\ssdpapi.dll - ok
19:00:54.0546 0x05c8 [ 24ABEFFDE26EDD53F33187FB46068876, 988157B737163DEAAFDB8157DBC3D37C05DADC4433A864D7C811CF23087E86F2 ] D:\WINDOWS\system32\upnp.dll
19:00:54.0546 0x05c8 D:\WINDOWS\system32\upnp.dll - ok
19:00:54.0546 0x05c8 [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] D:\WINDOWS\system32\drivers\http.sys
19:00:54.0546 0x05c8 D:\WINDOWS\system32\drivers\http.sys - ok
19:00:54.0546 0x05c8 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] D:\WINDOWS\system32\ssdpsrv.dll
19:00:54.0546 0x05c8 D:\WINDOWS\system32\ssdpsrv.dll - ok
19:00:54.0562 0x05c8 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] D:\WINDOWS\system32\rasmans.dll
19:00:54.0562 0x05c8 D:\WINDOWS\system32\rasmans.dll - ok
19:00:54.0562 0x05c8 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] D:\WINDOWS\system32\tapisrv.dll
19:00:54.0562 0x05c8 D:\WINDOWS\system32\tapisrv.dll - ok
19:00:54.0562 0x05c8 [ 67F2A1E0D4EF9F276346E9FE5007C6A2, 8790C9560BEF428634D3824E129B57CC70DCE59FD27CBE86BD1DE36FBCD1CED1 ] D:\WINDOWS\system32\rastapi.dll
19:00:54.0562 0x05c8 D:\WINDOWS\system32\rastapi.dll - ok
19:00:54.0562 0x05c8 [ A0D8D3E40071A2D46A174F358E579FF9, 2AEFE14B4B789878A067686056D35A09B8C7D2FE10833FF4526ABE4B0FAF7CC5 ] D:\WINDOWS\system32\unimdm.tsp
19:00:54.0562 0x05c8 D:\WINDOWS\system32\unimdm.tsp - ok
19:00:54.0562 0x05c8 [ 6880D17F2120260DED52864711FD5D40, 5B2AF29DD885F58B6137D6F0D9CF2F4417388E2C6A7D0E823844238E64352DF9 ] D:\WINDOWS\system32\uniplat.dll
19:00:54.0562 0x05c8 D:\WINDOWS\system32\uniplat.dll - ok
19:00:54.0578 0x05c8 [ E1A725D3FAC63C1D61EDA9D01D52018E, E6C43143A63FB8D168D50D90BDD7E0228D5C4CEB44F51FC6D80E5ABAF83850AD ] D:\WINDOWS\system32\modemui.dll
19:00:54.0578 0x05c8 D:\WINDOWS\system32\modemui.dll - ok
19:00:54.0578 0x05c8 [ F7F6B41973142FACBCB0227051B8758C, E9068499EFDE0BBAF7F3AC2A28858FD4D4D7D68BF0F11625C2F35FE3A81F4DDF ] D:\WINDOWS\system32\unimdmat.dll
19:00:54.0578 0x05c8 D:\WINDOWS\system32\unimdmat.dll - ok
19:00:54.0578 0x05c8 [ A46C35D2222289E11498E63DC255D9EE, 52E4AE39EE6E7026F7C5E9698773A7C6AB98DBBF298BD6C7482033DB5ED7DA70 ] D:\WINDOWS\system32\h323.tsp
19:00:54.0578 0x05c8 D:\WINDOWS\system32\h323.tsp - ok
19:00:54.0578 0x05c8 [ FAB9161D01BAFED0FBA37B7EDC2E6C3E, 4FC6445C53AB9ABA555ACD77A46725ADD25185ECAB775A65981B931758BF1781 ] D:\WINDOWS\system32\ipconf.tsp
19:00:54.0578 0x05c8 D:\WINDOWS\system32\ipconf.tsp - ok
19:00:54.0578 0x05c8 [ B88E7C1BECF19CB7DF5D14C139E1B129, A0AFE18EE94B3A5621639B99766289339780470077FCCBD4D8592EC11D6BAF83 ] D:\WINDOWS\system32\kmddsp.tsp
19:00:54.0578 0x05c8 D:\WINDOWS\system32\kmddsp.tsp - ok
19:00:54.0593 0x05c8 [ B6368A01066D60B47927E70C3FCC4F4E, 2BAA8A00B3CDC2559360D83E53981404E8945D25A21BA411D96630B80FB0879F ] D:\WINDOWS\system32\ndptsp.tsp
19:00:54.0593 0x05c8 D:\WINDOWS\system32\ndptsp.tsp - ok
19:00:54.0593 0x05c8 [ B469B24EB3B6A5FA2E9AD4679F209A5A, 057467DE813719DA55E8A763E7DB54CB078EA248FCE1964A7DE48E74791BE115 ] D:\WINDOWS\system32\hidphone.tsp
19:00:54.0593 0x05c8 D:\WINDOWS\system32\hidphone.tsp - ok
19:00:54.0593 0x05c8 [ 784CE11452CEE7FA71BE94ACABC8D241, 8808A42B819D17921C417AFE4EF8653D6D63E62E86E26994CF1D6DF7A878646C ] D:\WINDOWS\system32\rasppp.dll
19:00:54.0593 0x05c8 D:\WINDOWS\system32\rasppp.dll - ok
19:00:54.0593 0x05c8 [ 41AA6EB6D03E14F64CAE4E661C45F5FC, F3B6FE36CBD517D05EF6E78585D612583C99237B3A1C4F12EC5533111E9C39CB ] D:\WINDOWS\system32\ntlsapi.dll
19:00:54.0593 0x05c8 D:\WINDOWS\system32\ntlsapi.dll - ok
19:00:54.0609 0x05c8 [ 1F869848291EFDBE3883B101EDD39025, F2771C370D1BE7AEDBC88140CAD704A96906F6ACC5F2D67F87909B8BF209F5A8 ] D:\WINDOWS\system32\rasqec.dll
19:00:54.0609 0x05c8 D:\WINDOWS\system32\rasqec.dll - ok
19:00:54.0609 0x05c8 [ 31940D74AE890495C73E37482F150DC3, B557CF9608AB3F31980EE36587F66CFF19017FD28398306590A783CBEDB9A58C ] D:\WINDOWS\system32\rasdlg.dll
19:00:54.0609 0x05c8 D:\WINDOWS\system32\rasdlg.dll - ok
19:00:54.0609 0x05c8 ================ Scan generic autorun ======================
19:00:54.0609 0x05c8 BluetoothAuthenticationAgent - ok
19:00:54.0656 0x05c8 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] D:\WINDOWS\system32\CTFMON.EXE
19:00:54.0734 0x05c8 CTFMON.EXE - ok
19:00:54.0859 0x05c8 [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] D:\Programme\Spy\TeaTimer.exe
19:00:55.0000 0x05c8 SpybotSD TeaTimer - detected UnsignedFile.Multi.Generic ( 1 )
19:00:55.0000 0x05c8 SpybotSD TeaTimer ( UnsignedFile.Multi.Generic ) - warning
19:00:55.0015 0x05c8 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] D:\WINDOWS\system32\ctfmon.exe
19:00:55.0093 0x05c8 CTFMON.EXE - ok
19:00:55.0203 0x05c8 Win FW state via NFM: enabled
19:00:55.0203 0x05c8 ============================================================
19:00:55.0203 0x05c8 Scan finished
19:00:55.0203 0x05c8 ============================================================
19:00:55.0203 0x0328 Detected object count: 3
19:00:55.0203 0x0328 Actual detected object count: 3
19:01:13.0750 0x0328 D:\WINDOWS\System32\Drivers\41d78ef79c384a09.sys - copied to quarantine
19:01:13.0750 0x0328 HKLM\SYSTEM\ControlSet001\services\41d78ef79c384a09 - will be deleted on reboot
19:01:13.0765 0x0328 HKLM\SYSTEM\ControlSet004\services\41d78ef79c384a09 - will be deleted on reboot
19:01:13.0765 0x0328 D:\WINDOWS\System32\Drivers\41d78ef79c384a09.sys - will be deleted on reboot
19:01:13.0765 0x0328 41d78ef79c384a09 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
19:01:13.0765 0x0328 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:01:13.0765 0x0328 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:01:13.0765 0x0328 SpybotSD TeaTimer ( UnsignedFile.Multi.Generic ) - skipped by user
19:01:13.0765 0x0328 SpybotSD TeaTimer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:01:15.0265 0x0328 KLMD registered as D:\WINDOWS\system32\drivers\89806009.sys
19:01:18.0765 0x0200 Deinitialize success
Code:
ATTFilter 19:07:23.0562 0x0634 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
19:07:25.0453 0x0634 ============================================================
19:07:25.0453 0x0634 Current date / time: 2014/11/30 19:07:25.0453
19:07:25.0453 0x0634 SystemInfo:
19:07:25.0453 0x0634
19:07:25.0453 0x0634 OS Version: 5.1.2600 ServicePack: 3.0
19:07:25.0453 0x0634 Product type: Workstation
19:07:25.0453 0x0634 ComputerName: INTRNET
19:07:25.0453 0x0634 UserName: Arbeit
19:07:25.0453 0x0634 Windows directory: D:\WINDOWS
19:07:25.0453 0x0634 System windows directory: D:\WINDOWS
19:07:25.0453 0x0634 Processor architecture: Intel x86
19:07:25.0453 0x0634 Number of processors: 2
19:07:25.0453 0x0634 Page size: 0x1000
19:07:25.0453 0x0634 Boot type: Normal boot
19:07:25.0453 0x0634 ============================================================
19:07:25.0453 0x0634 BG loaded
19:07:25.0593 0x0634 System UUID: {78DF7FD0-1D0E-3939-D90F-C6BA596866FA}
19:07:26.0125 0x0634 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
19:07:26.0125 0x0634 Drive \Device\Harddisk1\DR3 - Size: 0x7A800000 ( 1.91 Gb ), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:07:26.0140 0x0634 ============================================================
19:07:26.0140 0x0634 \Device\Harddisk0\DR0:
19:07:26.0140 0x0634 MBR partitions:
19:07:26.0140 0x0634 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C25FE
19:07:26.0140 0x0634 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C267C, BlocksNum 0x1C7FE044
19:07:26.0140 0x0634 \Device\Harddisk1\DR3:
19:07:26.0140 0x0634 MBR partitions:
19:07:26.0140 0x0634 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x5F0, BlocksNum 0x3D3A10
19:07:26.0140 0x0634 ============================================================
19:07:26.0156 0x0634 C: <-> \Device\Harddisk0\DR0\Partition1
19:07:26.0187 0x0634 D: <-> \Device\Harddisk0\DR0\Partition2
19:07:26.0187 0x0634 ============================================================
19:07:26.0187 0x0634 Initialize success
19:07:26.0187 0x0634 ============================================================
Combofix Logfile: [CODE]ComboFix 14-11-25.01 - Arbeit 30.11.2014 19:39:17.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1918.1443 [GMT 1:00] ausgeführt von:: d:\dokumente und einstellungen\Arbeit\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . d:\dokumente und einstellungen\Internet volker\WINDOWS d:\dokumente und einstellungen\internet\WINDOWS d:\dokumente und einstellungen\ve\WINDOWS d:\windows\IsUn0407.exe d:\windows\system32\DC120fc7_32.dll d:\windows\unin0407.exe . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SYSHOST32 -------\Service_SYSHOST32 . . ((((((((((((((((((((((( Dateien erstellt von 2014-10-28 bis 2014-11-30 )))))))))))))))))))))))))))))) . . 2014-11-30 18:01 . 2014-11-30 18:01 -------- d-----w- D:\TDSSKiller_Quarantine 2014-11-30 10:31 . 2014-11-30 10:31 114904 ----a-w- d:\windows\system32\drivers\6EDC00ED.sys 2014-11-29 21:18 . 2014-11-29 21:19 -------- d-----w- D:\FRST 2014-11-29 19:29 . 2014-11-29 19:29 114904 ----a-w- d:\windows\system32\drivers\06AF4E76.sys 2014-11-29 18:50 . 2014-11-29 18:50 -------- d-----w- d:\windows\system32\CatRoot_bak 2014-11-29 17:31 . 2014-11-29 17:31 114904 ----a-w- d:\windows\system32\drivers\29F57440.sys 2014-11-29 13:14 . 2014-11-29 13:14 114904 ----a-w- d:\windows\system32\drivers\20342FBD.sys 2014-11-29 13:12 . 2014-11-29 13:12 114904 ----a-w- d:\windows\system32\drivers\49F22E28.sys 2014-11-29 13:12 . 2014-11-29 13:12 -------- d-----w- d:\programme\Malwarebam 2014-11-29 13:12 . 2014-10-01 10:11 54360 ----a-w- d:\windows\system32\drivers\mbamchameleon.sys 2014-11-29 13:12 . 2014-10-01 10:11 23256 ----a-w- d:\windows\system32\drivers\mbam.sys 2014-11-29 10:41 . 2014-11-29 10:41 114904 ----a-w- d:\windows\system32\drivers\113D3A7C.sys 2014-11-29 10:39 . 2014-11-29 10:39 114904 ----a-w- d:\windows\system32\drivers\2CAF392C.sys 2014-11-29 09:52 . 2014-11-29 10:04 114904 ----a-w- d:\windows\system32\drivers\241A155A.sys 2014-11-29 09:49 . 2014-11-29 17:29 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Package Cache 2014-11-27 19:19 . 2014-11-27 19:19 110296 ----a-w- d:\windows\system32\drivers\48230029.sys 2014-11-26 18:54 . 2014-11-26 18:54 -------- d-----w- d:\dokumente und einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files 2014-11-26 18:34 . 2014-11-26 18:35 -------- d-----w- D:\AdwCleaner 2014-11-13 20:06 . 2014-11-26 18:28 -------- d-----w- D:\Bewerbung 2014-11-13 19:53 . 2014-11-13 19:53 -------- d-----w- d:\dokumente und einstellungen\internet\Lokale Einstellungen\Anwendungsdaten\PDF24 . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-13 04:49 . 2014-09-13 04:49 1409 ----a-w- d:\windows\system32\tmpE80A8.FOT 2014-09-13 04:49 . 2014-09-13 04:49 1409 ----a-w- d:\windows\system32\tmp120A8.FOT 2007-03-12 17:59 . 2007-03-12 17:59 299008 ----a-w- d:\programme\navigram_register.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 06:52 15360 ----a-w- d:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] 2014-05-14 08:34 191016 ----a-w- d:\programme\PDF24\pdf24.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHIWebOnDiskManager] 2014-05-15 14:46 245760 ------r- d:\programme\SHIWebOnDiskManager\SHIWebOnDiskManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MSIServer"=3 (0x3) "MozillaMaintenance"=3 (0x3) "mnmsrvc"=3 (0x3) "CiSvc"=3 (0x3) "ACDaemon"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\Programme\\Windows Media Player\\wmplayer.exe"= "d:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "d:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "d:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\Programme\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*  isabled:@xpsp2res.dll,-22009. R0 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\49F22E28.sys [29.11.2014 14:12 114904] R2 MBAMScheduler;MBAMScheduler;d:\programme\Malwarebam\mbamscheduler.exe [29.11.2014 14:12 1871160] R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [29.11.2014 14:12 23256] S2 MBAMService;MBAMService;d:\programme\Malwarebam\mbamservice.exe [29.11.2014 14:12 968504] S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [29.12.2009 21:54 1684736] S4 Norton Internet Security;Norton Internet Security;"d:\programme\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "d:\programme\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> d:\programme\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?] . . ------- Zusätzlicher Suchlauf ------- . FF - ProfilePath - d:\dokumente und einstellungen\Arbeit\Anwendungsdaten\Mozilla\Firefox\Profiles\2t452zou.default\ FF - prefs.js: browser.startup.homepage - www.google.de . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-53460251.sys SafeBoot-70922823.sys SafeBoot-72734582.sys AddRemove-ArCon - d:\windows\unin0407.exe AddRemove-Frhed - d:\programme\Frhed\uninst.exe AddRemove-Loewe2 - d:\windows\IsUn0407.exe AddRemove-Loewe4 - d:\windows\IsUn0407.exe AddRemove-MozillaMaintenanceService - d:\programme\Mozilla Maintenance Service\uninstall.exe AddRemove-QuickTime 3.0 - d:\windows\unin0407.exe AddRemove-S3 - d:\windows\IsUn0407.exe AddRemove-Secret Of Six Seas - d:\progra~1\SECRET~1\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2014-11-30 20:00 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"d:\programme\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"d:\programme\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(580) d:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2040) d:\windows\system32\msi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . d:\windows\system32\Ati2evxx.exe d:\windows\system32\Ati2evxx.exe d:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe d:\windows\system32\wscntfy.exe d:\windows\system32\rundll32.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-11-30 20:01:39 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-11-30 19:01 . Vor Suchlauf: 32 Verzeichnis(se), 140.248.481.792 Bytes frei Nach Suchlauf: 35 Verzeichnis(se), 140.675.706.880 Bytes frei . - - End Of File - - 659632314552B1CFE387B372BED0F767 72B8CE41AF0DE751C946802B3ED844B4 /CODE] Kann ich die Lssrvc.exe beim nächsten Lauf TDSS abschießen lassen oder ist es besser, diese irgendwie zu deinstallieren? Was mache ich falsch mit dem Code-Tag? Mal klappts, mal nicht... Danke. |
|
01.12.2014, 20:37
| #10 | |
| /// the machine /// TB-Ausbilder | Trojan.Agent in syshost.exeZitat:
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.12.2014, 22:49
| #11 |
| | Trojan.Agent in syshost.exe Hauptsächlich, weil ich die Lssrvc gar nicht brauche (hab jetzt erst mal nachgeschaut, was das eigentlich ist). Die läuft dauernd im Taskmanager. Also weg damit. Logs folgen. Mbam und adwcleaner habe ich schon, soll ich das alte mbam Log von letzter Woche auch mal posten? (adwcleaner hatte nichts gefunden). Aber ich lade mir alles noch mal neu und frisch runter und mache die Läufe gleich. Hey, diesmal hab ich nur eine Stunde gebraucht  mbam (frisch) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 01.12.2014 Suchlauf-Zeit: 21:48:31 Logdatei: Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.09.19.05 Rootkit Datenbank: v2014.09.18.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows XP Service Pack 3 CPU: x86 Dateisystem: NTFS Benutzer: Arbeit Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 400950 Verstrichene Zeit: 14 Min, 54 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.103 - Bericht erstellt am 01/12/2014 um 22:09:48
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-01.1 [Local]
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Arbeit - INTRNET
# Gestartet von : D:\Dokumente und Einstellungen\Arbeit\Desktop\AdwCleaner_4.103.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v6.0.2900.5512
-\\ Mozilla Firefox v12.0 (de)
[4316qnym.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[4316qnym.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
[fv1votu1.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[fv1votu1.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
[fv1votu1.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
[fv1votu1.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
*************************
AdwCleaner[R0].txt - [1188 octets] - [26/11/2014 19:34:48]
AdwCleaner[R1].txt - [1466 octets] - [01/12/2014 22:06:06]
AdwCleaner[S0].txt - [1249 octets] - [26/11/2014 19:35:27]
AdwCleaner[S1].txt - [1441 octets] - [01/12/2014 22:09:48]
########## EOF - D:\AdwCleaner\AdwCleaner[S1].txt - [1501 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Microsoft Windows XP x86
Ran by Arbeit on 01.12.2014 at 22:13:56,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.12.2014 at 22:15:07,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[CODE] FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Arbeit (administrator) on INTRNET on 01-12-2014 22:24:26
Running from D:\Dokumente und Einstellungen\Arbeit\Desktop
Loaded Profile: Arbeit (Available profiles: ve & internet & Internet ***** & Arbeit)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(Hewlett-Packard Company) D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes\mbamscheduler.exe
(Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Winlogon\Notify\AtiExtEvent: D:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-789336058-879983540-839522115-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-789336058-879983540-839522115-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
URLSearchHook: HKU\S-1-5-21-789336058-879983540-839522115-1006 - Microsoft Url Sucheingriff - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
HKU\S-1-5-21-789336058-879983540-839522115-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Programme\Spy\SDHelper.dll (Safer Networking Limited)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
FireFox:
========
FF ProfilePath: D:\Dokumente und Einstellungen\Arbeit\Anwendungsdaten\Mozilla\Firefox\Profiles\2t452zou.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\Programme\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> D:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 LightScribeService; D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [73728 2005-12-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; D:\Programme\Malwarebytes\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebytes\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 ose; D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 ACDaemon; D:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 MozillaMaintenance; D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [X]
S4 Norton Internet Security; "D:\Programme\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "D:\Programme\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; D:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Ambfilt; D:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 AmdPPM; D:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 BlueletAudio; D:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; D:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
S3 BT; D:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; D:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; D:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; D:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 BTNetFilter; D:\Programme\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.)
R3 MBAMProtector; D:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
S3 Monfilt; D:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 RTHDMIAzAudService; D:\WINDOWS\System32\drivers\RtKHDMI.sys [3733760 2009-05-21] (Realtek Semiconductor Corp.)
R3 VComm; D:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; D:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
S3 catchme; \??\D:\ComboFix\catchme.sys [X]
S3 gdrv; \??\D:\WINDOWS\gdrv.sys [X]
S4 IntelIde; No ImagePath
S3 NAVENG; \??\D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
U5 ScsiPort; D:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SRTSP; \??\D:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\D:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-01 22:15 - 2014-12-01 22:15 - 00000582 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\JRT11214.txt
2014-12-01 22:13 - 2014-12-01 22:13 - 00000000 ____D () D:\WINDOWS\ERUNT
2014-12-01 22:12 - 2014-12-01 22:12 - 00001581 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\AdwCleaner11214.txt
2014-12-01 22:04 - 2014-12-01 22:04 - 00001193 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam011214.txt
2014-12-01 21:48 - 2014-12-01 21:48 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 21:47 - 2014-12-01 21:47 - 00000000 ____D () D:\Programme\Malwarebytes
2014-12-01 21:47 - 2014-12-01 21:47 - 00000000 ____D () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes
2014-12-01 21:47 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-01 21:47 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys
2014-12-01 21:46 - 2014-12-01 21:39 - 01707646 _____ (Thisisu) D:\Dokumente und Einstellungen\Arbeit\Desktop\JRT.exe
2014-12-01 21:46 - 2014-12-01 21:38 - 02154496 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\AdwCleaner_4.103.exe
2014-12-01 21:46 - 2014-12-01 21:37 - 19828376 _____ (Malwarebytes Corporation ) D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-30 20:01 - 2014-12-01 22:24 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00008391 _____ () D:\ComboFix.txt
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\ve\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\temp
2014-11-30 19:42 - 2014-11-30 19:42 - 00008192 ____H () D:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\system.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\software.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\SAM.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\default.tmp.LOG
2014-11-30 19:38 - 2014-11-30 19:30 - 04614888 _____ (Microsoft Corporation) D:\Dokumente und Einstellungen\Arbeit\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
2014-11-30 19:15 - 2014-11-30 20:01 - 00000000 ____D () D:\WINDOWS\erdnt
2014-11-30 19:15 - 2014-11-30 20:01 - 00000000 ____D () D:\Qoobox
2014-11-30 19:15 - 2014-11-30 19:15 - 00000000 ___RD () D:\Dokumente und Einstellungen\Arbeit\Startmenü\Programme\Verwaltung
2014-11-30 19:15 - 2011-06-26 07:45 - 00256000 _____ () D:\WINDOWS\PEV.exe
2014-11-30 19:15 - 2010-11-07 18:20 - 00208896 _____ () D:\WINDOWS\MBR.exe
2014-11-30 19:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) D:\WINDOWS\NIRCMD.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) D:\WINDOWS\SWREG.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) D:\WINDOWS\SWSC.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) D:\WINDOWS\SWXCACLS.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00098816 _____ () D:\WINDOWS\sed.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00080412 _____ () D:\WINDOWS\grep.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00068096 _____ () D:\WINDOWS\zip.exe
2014-11-30 19:14 - 2014-11-30 18:52 - 05599228 ____R (Swearware) D:\Dokumente und Einstellungen\Arbeit\Desktop\ComboFix.exe
2014-11-30 19:01 - 2014-11-30 19:01 - 00000000 ____D () D:\TDSSKiller_Quarantine
2014-11-30 11:31 - 2014-11-30 11:31 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\6EDC00ED.sys
2014-11-30 10:57 - 2014-12-01 22:24 - 00008580 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST.txt
2014-11-30 10:57 - 2014-11-30 10:47 - 04184008 _____ (Kaspersky Lab ZAO) D:\Dokumente und Einstellungen\Arbeit\Desktop\tdsskiller.exe
2014-11-30 10:57 - 2014-11-29 23:12 - 00013418 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\Addition.txt
2014-11-30 10:57 - 2014-11-29 21:52 - 01109504 _____ (Farbar) D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST.exe
2014-11-29 22:18 - 2014-12-01 22:24 - 00000000 ____D () D:\FRST
2014-11-29 20:29 - 2014-11-29 20:29 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\06AF4E76.sys
2014-11-29 19:51 - 2014-11-29 19:51 - 00001014 _____ () D:\WINDOWS\UpdateRollupPack.log
2014-11-29 19:50 - 2014-11-29 19:50 - 00000000 ____D () D:\WINDOWS\system32\CatRoot_bak
2014-11-29 18:31 - 2014-11-29 18:31 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\29F57440.sys
2014-11-29 14:14 - 2014-11-29 14:14 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\20342FBD.sys
2014-11-29 14:12 - 2014-11-29 14:12 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\49F22E28.sys
2014-11-29 11:41 - 2014-11-29 11:41 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\113D3A7C.sys
2014-11-29 11:39 - 2014-11-29 11:39 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\2CAF392C.sys
2014-11-29 10:58 - 2014-11-29 10:58 - 00001693 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam2711.txt
2014-11-29 10:52 - 2014-11-29 11:04 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\241A155A.sys
2014-11-29 10:49 - 2014-11-29 18:29 - 00000000 ____D () D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
2014-11-27 20:19 - 2014-11-27 20:19 - 00110296 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\48230029.sys
2014-11-26 19:54 - 2014-11-26 19:54 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files
2014-11-26 19:54 - 2011-07-10 08:19 - 00000590 _____ () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2014-11-26 19:34 - 2014-12-01 22:09 - 00000000 ____D () D:\AdwCleaner
2014-11-26 19:15 - 2014-11-26 19:15 - 00002104 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\hijackthis.log
2014-11-24 18:09 - 2014-11-24 18:11 - 00001228 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\Arbeit.lnk
2014-11-23 17:16 - 2014-11-23 17:16 - 00040888 _____ () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2014-11-14 18:00 - 2014-11-14 18:00 - 00000393 _____ () D:\Dokumente und Einstellungen\Internet *****\Desktop\Verknüpfung mit Bewerbung.lnk
2014-11-13 21:06 - 2014-11-26 19:28 - 00000000 ____D () D:\Bewerbung
2014-11-13 20:53 - 2014-11-13 20:53 - 00000000 ____D () D:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Anwendungsdaten\PDF24
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-01 22:17 - 2009-12-29 21:01 - 00337416 _____ () D:\WINDOWS\WindowsUpdate.log
2014-12-01 22:11 - 2009-12-29 21:06 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-12-01 22:11 - 2009-12-29 19:40 - 00000159 _____ () D:\WINDOWS\wiadebug.log
2014-12-01 22:11 - 2009-12-29 19:40 - 00000050 _____ () D:\WINDOWS\wiaservc.log
2014-12-01 22:10 - 2014-09-23 20:55 - 00000190 ___SH () D:\Dokumente und Einstellungen\Arbeit\ntuser.ini
2014-12-01 22:10 - 2009-12-29 21:06 - 00032622 _____ () D:\WINDOWS\SchedLgU.Txt
2014-12-01 21:47 - 2009-12-29 19:38 - 00000000 ___RD () D:\Programme
2014-12-01 21:47 - 2009-12-29 19:38 - 00000000 ___RD () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-12-01 21:43 - 2004-08-05 13:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2014-11-30 20:01 - 2009-12-29 21:05 - 00000000 __SHD () D:\Dokumente und Einstellungen\NetworkService
2014-11-30 20:00 - 2004-08-05 13:00 - 00000227 _____ () D:\WINDOWS\system.ini
2014-11-30 19:42 - 2009-12-29 20:36 - 19431424 _____ () D:\WINDOWS\system32\config\software.bak
2014-11-30 19:42 - 2009-12-29 20:36 - 05505024 _____ () D:\WINDOWS\system32\config\system.bak
2014-11-30 19:42 - 2009-12-29 20:36 - 04124672 _____ () D:\WINDOWS\system32\config\default.bak
2014-11-30 19:42 - 2009-12-29 19:37 - 00049152 _____ () D:\WINDOWS\system32\config\SECURITY.bak
2014-11-30 19:42 - 2009-12-29 19:37 - 00028672 _____ () D:\WINDOWS\system32\config\SAM.bak
2014-11-30 19:15 - 2014-09-23 20:55 - 00000000 ___RD () D:\Dokumente und Einstellungen\Arbeit\Startmenü\Programme
2014-11-29 20:26 - 2009-12-29 20:32 - 00000000 ____D () D:\WINDOWS\security
2014-11-29 20:25 - 2009-12-29 19:37 - 00652795 _____ () D:\WINDOWS\setupapi.log
2014-11-29 19:51 - 2012-01-29 17:25 - 00509760 _____ () D:\WINDOWS\svcpack.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00399028 _____ () D:\WINDOWS\iis6.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00173443 _____ () D:\WINDOWS\ocgen.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00171810 _____ () D:\WINDOWS\FaxSetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00106383 _____ () D:\WINDOWS\tsoc.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00071997 _____ () D:\WINDOWS\comsetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00051834 _____ () D:\WINDOWS\ntdtcsetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00018238 _____ () D:\WINDOWS\MedCtrOC.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00012342 _____ () D:\WINDOWS\ocmsn.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00010726 _____ () D:\WINDOWS\msgsocm.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00007006 _____ () D:\WINDOWS\tabletoc.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00003788 _____ () D:\WINDOWS\imsins.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00110046 _____ () D:\WINDOWS\msmqinst.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00031938 _____ () D:\WINDOWS\netfxocm.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00003788 _____ () D:\WINDOWS\imsins.BAK
2014-11-29 18:32 - 2012-03-29 17:10 - 00000000 ____D () D:\ebayneu
2014-11-27 22:07 - 2014-02-24 09:54 - 00000000 ____D () D:\Arbeit
2014-11-27 21:34 - 2009-12-29 21:00 - 00000000 ____D () D:\WINDOWS\system32\Restore
2014-11-26 00:01 - 2011-07-04 20:59 - 00000000 ____D () D:\*****
2014-11-26 00:00 - 2014-06-12 20:11 - 00000000 ____D () D:\Vodafone
2014-11-25 18:31 - 2010-01-10 16:37 - 00000116 _____ () D:\WINDOWS\NeroDigital.ini
2014-11-23 23:11 - 2014-09-23 20:55 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit
2014-11-21 14:44 - 2010-03-05 16:24 - 00000190 ___SH () D:\Dokumente und Einstellungen\Internet *****\ntuser.ini
2014-11-21 14:44 - 2010-03-05 16:24 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****
2014-11-20 11:46 - 2014-05-31 19:42 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Anwendungsdaten\vlc
2014-11-17 13:52 - 2010-01-09 18:12 - 00000000 ____D () D:\BJPrinter
2014-11-17 12:59 - 2010-01-08 23:50 - 00000190 ___SH () D:\Dokumente und Einstellungen\internet\ntuser.ini
2014-11-17 12:59 - 2010-01-08 23:50 - 00000000 ____D () D:\Dokumente und Einstellungen\internet
2014-11-17 11:21 - 2013-10-19 03:26 - 00000000 ____D () D:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Temp
2014-11-15 13:27 - 2009-12-29 22:57 - 00000000 ____D () D:\******
2014-11-14 19:31 - 2012-09-13 21:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Desktop\*****
2014-11-13 21:06 - 2013-09-01 12:53 - 00000000 ____D () D:\Bilder_Video
Some content of TEMP:
====================
D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\temp\Quarantine.exe
D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- --- --- --- --- |
|
02.12.2014, 20:40
| #12 |
| /// the machine /// TB-Ausbilder | Trojan.Agent in syshost.exe Dann deinstalliert man erstmal die Software bevor man einfach nen Dienst killt  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.12.2014, 21:43
| #13 | ||
| | Trojan.Agent in syshost.exeZitat:
Deinstallieren ist zuviel gesagt, ich hab den Task manuell beendet, die Lssrvc.exe (mehr war nicht da) jetzt erst mal in den Papierkorb geschoben (nachdem alle Scans durch waren). Sie kam wohl mit Nero mit, aber ich bezweifle stark, daß mein alter Brenner überhaupt Lightscribe-fähig ist. Nun zu den Logs: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d2d0c3912da8134b9a588359daab0b43
# engine=21401
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-04 07:54:02
# local_time=2014-12-04 08:54:02 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# scanned=89980
# found=1
# cleaned=0
# scan_time=2431
sh=9A7E8554E215D14BA92E96FFCEF40D233DBB7122 ft=1 fh=c19f3e448b4bf44f vn="Variante von Win32/Rootkit.Kryptik.ZL Trojaner" ac=I fn="D:\TDSSKiller_Quarantine\30.11.2014_19.00.05\necurs0000\svc0000\tsk0000.dta"
Code:
ATTFilter Results of screen317's Security Check version 0.99.91 Windows XP Service Pack 3 x86 Internet Explorer 6 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Warten Sie, w„hrend WMIC installiert wird. WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Spybot - Search & Destroy Malwarebytes Anti-Malware Version 2.0.3.1025 HijackThis 2.0.2 Adobe Flash Player 14.0.0.145 Flash Player out of Date! Adobe Reader XI Mozilla Firefox 12.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive D:: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Arbeit (administrator) on INTRNET on 04-12-2014 21:13:35
Running from D:\Dokumente und Einstellungen\Arbeit\Desktop
Loaded Profile: Arbeit (Available profiles: ve & internet & Internet ***** & Arbeit)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(Hewlett-Packard Company) D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes\mbamscheduler.exe
(Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes\mbam.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes\mbamservice.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Winlogon\Notify\AtiExtEvent: D:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-789336058-879983540-839522115-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-789336058-879983540-839522115-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
URLSearchHook: HKU\S-1-5-21-789336058-879983540-839522115-1006 - Microsoft Url Sucheingriff - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
HKU\S-1-5-21-789336058-879983540-839522115-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Programme\Spy\SDHelper.dll (Safer Networking Limited)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
FireFox:
========
FF ProfilePath: D:\Dokumente und Einstellungen\Arbeit\Anwendungsdaten\Mozilla\Firefox\Profiles\2t452zou.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\Programme\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> D:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 LightScribeService; D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [73728 2005-12-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; D:\Programme\Malwarebytes\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; D:\Programme\Malwarebytes\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 ose; D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 ACDaemon; D:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 MozillaMaintenance; D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [X]
S4 Norton Internet Security; "D:\Programme\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "D:\Programme\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; D:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Ambfilt; D:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 AmdPPM; D:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 BlueletAudio; D:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; D:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; D:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; D:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; D:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; D:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 BTNetFilter; D:\Programme\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.)
R3 MBAMProtector; D:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; D:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-04] (Malwarebytes Corporation)
S3 Monfilt; D:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 RTHDMIAzAudService; D:\WINDOWS\System32\drivers\RtKHDMI.sys [3733760 2009-05-21] (Realtek Semiconductor Corp.)
R3 VComm; D:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; D:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
S3 catchme; \??\D:\ComboFix\catchme.sys [X]
S3 gdrv; \??\D:\WINDOWS\gdrv.sys [X]
S4 IntelIde; No ImagePath
S3 NAVENG; \??\D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
U5 ScsiPort; D:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SRTSP; \??\D:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\D:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-04 21:13 - 2014-12-04 21:13 - 00008825 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST.txt
2014-12-04 21:11 - 2014-12-04 21:11 - 00001139 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\checkup.txt
2014-12-04 20:11 - 2014-12-04 20:11 - 00000000 ____D () D:\Programme\ESET
2014-12-02 21:34 - 2014-12-02 21:22 - 00852490 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\SecurityCheck.exe
2014-12-02 21:34 - 2014-12-02 21:20 - 02347384 _____ (ESET) D:\Dokumente und Einstellungen\Arbeit\Desktop\esetsmartinstaller_deu.exe
2014-12-01 22:36 - 2014-12-01 22:36 - 00021496 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST011214.txt
2014-12-01 22:28 - 2014-11-29 22:51 - 00017092 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST291114.txt
2014-12-01 22:15 - 2014-12-01 22:15 - 00000582 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\JRT11214.txt
2014-12-01 22:13 - 2014-12-01 22:13 - 00000000 ____D () D:\WINDOWS\ERUNT
2014-12-01 22:12 - 2014-12-01 22:12 - 00001581 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\AdwCleaner11214.txt
2014-12-01 22:04 - 2014-12-01 22:04 - 00001193 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam011214.txt
2014-12-01 21:48 - 2014-12-04 20:16 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 21:47 - 2014-12-01 21:47 - 00000000 ____D () D:\Programme\Malwarebytes
2014-12-01 21:47 - 2014-12-01 21:47 - 00000000 ____D () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes
2014-12-01 21:47 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-01 21:47 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys
2014-12-01 21:46 - 2014-12-01 21:39 - 01707646 _____ (Thisisu) D:\Dokumente und Einstellungen\Arbeit\Desktop\JRT.exe
2014-12-01 21:46 - 2014-12-01 21:38 - 02154496 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\AdwCleaner_4.103.exe
2014-12-01 21:46 - 2014-12-01 21:37 - 19828376 _____ (Malwarebytes Corporation ) D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-30 20:01 - 2014-12-04 21:13 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00008391 _____ () D:\ComboFix.txt
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\ve\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\temp
2014-11-30 19:42 - 2014-11-30 19:42 - 00008192 ____H () D:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\system.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\software.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\SAM.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\default.tmp.LOG
2014-11-30 19:38 - 2014-11-30 19:30 - 04614888 _____ (Microsoft Corporation) D:\Dokumente und Einstellungen\Arbeit\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
2014-11-30 19:15 - 2014-11-30 20:01 - 00000000 ____D () D:\WINDOWS\erdnt
2014-11-30 19:15 - 2014-11-30 20:01 - 00000000 ____D () D:\Qoobox
2014-11-30 19:15 - 2014-11-30 19:15 - 00000000 ___RD () D:\Dokumente und Einstellungen\Arbeit\Startmenü\Programme\Verwaltung
2014-11-30 19:15 - 2011-06-26 07:45 - 00256000 _____ () D:\WINDOWS\PEV.exe
2014-11-30 19:15 - 2010-11-07 18:20 - 00208896 _____ () D:\WINDOWS\MBR.exe
2014-11-30 19:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) D:\WINDOWS\NIRCMD.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) D:\WINDOWS\SWREG.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) D:\WINDOWS\SWSC.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) D:\WINDOWS\SWXCACLS.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00098816 _____ () D:\WINDOWS\sed.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00080412 _____ () D:\WINDOWS\grep.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00068096 _____ () D:\WINDOWS\zip.exe
2014-11-30 19:14 - 2014-11-30 18:52 - 05599228 ____R (Swearware) D:\Dokumente und Einstellungen\Arbeit\Desktop\ComboFix.exe
2014-11-30 19:01 - 2014-11-30 19:01 - 00000000 ____D () D:\TDSSKiller_Quarantine
2014-11-30 11:31 - 2014-11-30 11:31 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\6EDC00ED.sys
2014-11-30 10:57 - 2014-12-04 21:12 - 00022430 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST1.txt
2014-11-30 10:57 - 2014-11-30 10:47 - 04184008 _____ (Kaspersky Lab ZAO) D:\Dokumente und Einstellungen\Arbeit\Desktop\tdsskiller.exe
2014-11-30 10:57 - 2014-11-29 23:12 - 00013418 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\Addition.txt
2014-11-30 10:57 - 2014-11-29 21:52 - 01109504 _____ (Farbar) D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST.exe
2014-11-29 22:18 - 2014-12-04 21:13 - 00000000 ____D () D:\FRST
2014-11-29 20:29 - 2014-11-29 20:29 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\06AF4E76.sys
2014-11-29 19:51 - 2014-11-29 19:51 - 00001014 _____ () D:\WINDOWS\UpdateRollupPack.log
2014-11-29 19:50 - 2014-11-29 19:50 - 00000000 ____D () D:\WINDOWS\system32\CatRoot_bak
2014-11-29 18:31 - 2014-11-29 18:31 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\29F57440.sys
2014-11-29 14:14 - 2014-11-29 14:14 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\20342FBD.sys
2014-11-29 14:12 - 2014-11-29 14:12 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\49F22E28.sys
2014-11-29 11:41 - 2014-11-29 11:41 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\113D3A7C.sys
2014-11-29 11:39 - 2014-11-29 11:39 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\2CAF392C.sys
2014-11-29 10:58 - 2014-11-29 10:58 - 00001693 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam2711.txt
2014-11-29 10:52 - 2014-11-29 11:04 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\241A155A.sys
2014-11-29 10:49 - 2014-11-29 18:29 - 00000000 ____D () D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
2014-11-27 20:19 - 2014-11-27 20:19 - 00110296 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\48230029.sys
2014-11-26 19:54 - 2014-11-26 19:54 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files
2014-11-26 19:54 - 2011-07-10 08:19 - 00000590 _____ () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2014-11-26 19:34 - 2014-12-01 22:09 - 00000000 ____D () D:\AdwCleaner
2014-11-26 19:15 - 2014-11-26 19:15 - 00002104 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\hijackthis.log
2014-11-24 18:09 - 2014-11-24 18:11 - 00001228 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\Arbeit.lnk
2014-11-23 17:16 - 2014-11-23 17:16 - 00040888 _____ () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2014-11-14 18:00 - 2014-11-14 18:00 - 00000393 _____ () D:\Dokumente und Einstellungen\Internet *****\Desktop\Verknüpfung mit Bewerbung.lnk
2014-11-13 21:06 - 2014-11-26 19:28 - 00000000 ____D () D:\Bewerbung
2014-11-13 20:53 - 2014-11-13 20:53 - 00000000 ____D () D:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Anwendungsdaten\PDF24
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-04 20:56 - 2009-12-29 19:37 - 00655135 _____ () D:\WINDOWS\setupapi.log
2014-12-04 20:11 - 2009-12-29 19:38 - 00000000 ___RD () D:\Programme
2014-12-04 18:57 - 2009-12-29 21:01 - 00346669 _____ () D:\WINDOWS\WindowsUpdate.log
2014-12-04 18:51 - 2009-12-29 21:06 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-12-04 18:51 - 2009-12-29 19:40 - 00000159 _____ () D:\WINDOWS\wiadebug.log
2014-12-04 18:51 - 2009-12-29 19:40 - 00000050 _____ () D:\WINDOWS\wiaservc.log
2014-12-03 22:46 - 2010-01-08 23:50 - 00000190 ___SH () D:\Dokumente und Einstellungen\internet\ntuser.ini
2014-12-03 22:46 - 2009-12-29 21:06 - 00032622 _____ () D:\WINDOWS\SchedLgU.Txt
2014-12-02 21:59 - 2014-09-23 20:55 - 00000190 ___SH () D:\Dokumente und Einstellungen\Arbeit\ntuser.ini
2014-12-01 21:47 - 2009-12-29 19:38 - 00000000 ___RD () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-12-01 21:43 - 2004-08-05 13:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2014-11-30 20:01 - 2009-12-29 21:05 - 00000000 __SHD () D:\Dokumente und Einstellungen\NetworkService
2014-11-30 20:00 - 2004-08-05 13:00 - 00000227 _____ () D:\WINDOWS\system.ini
2014-11-30 19:42 - 2009-12-29 20:36 - 19431424 _____ () D:\WINDOWS\system32\config\software.bak
2014-11-30 19:42 - 2009-12-29 20:36 - 05505024 _____ () D:\WINDOWS\system32\config\system.bak
2014-11-30 19:42 - 2009-12-29 20:36 - 04124672 _____ () D:\WINDOWS\system32\config\default.bak
2014-11-30 19:42 - 2009-12-29 19:37 - 00049152 _____ () D:\WINDOWS\system32\config\SECURITY.bak
2014-11-30 19:42 - 2009-12-29 19:37 - 00028672 _____ () D:\WINDOWS\system32\config\SAM.bak
2014-11-30 19:15 - 2014-09-23 20:55 - 00000000 ___RD () D:\Dokumente und Einstellungen\Arbeit\Startmenü\Programme
2014-11-29 20:26 - 2009-12-29 20:32 - 00000000 ____D () D:\WINDOWS\security
2014-11-29 19:51 - 2012-01-29 17:25 - 00509760 _____ () D:\WINDOWS\svcpack.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00399028 _____ () D:\WINDOWS\iis6.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00173443 _____ () D:\WINDOWS\ocgen.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00171810 _____ () D:\WINDOWS\FaxSetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00106383 _____ () D:\WINDOWS\tsoc.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00071997 _____ () D:\WINDOWS\comsetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00051834 _____ () D:\WINDOWS\ntdtcsetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00018238 _____ () D:\WINDOWS\MedCtrOC.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00012342 _____ () D:\WINDOWS\ocmsn.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00010726 _____ () D:\WINDOWS\msgsocm.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00007006 _____ () D:\WINDOWS\tabletoc.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00003788 _____ () D:\WINDOWS\imsins.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00110046 _____ () D:\WINDOWS\msmqinst.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00031938 _____ () D:\WINDOWS\netfxocm.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00003788 _____ () D:\WINDOWS\imsins.BAK
2014-11-29 18:32 - 2012-03-29 17:10 - 00000000 ____D () D:\ebayneu
2014-11-27 22:07 - 2014-02-24 09:54 - 00000000 ____D () D:\Arbeit
2014-11-27 21:34 - 2009-12-29 21:00 - 00000000 ____D () D:\WINDOWS\system32\Restore
2014-11-26 00:01 - 2011-07-04 20:59 - 00000000 ____D () D:\*****
2014-11-26 00:00 - 2014-06-12 20:11 - 00000000 ____D () D:\Vodafone
2014-11-25 18:31 - 2010-01-10 16:37 - 00000116 _____ () D:\WINDOWS\NeroDigital.ini
2014-11-23 23:11 - 2014-09-23 20:55 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit
2014-11-21 14:44 - 2010-03-05 16:24 - 00000190 ___SH () D:\Dokumente und Einstellungen\Internet *****\ntuser.ini
2014-11-21 14:44 - 2010-03-05 16:24 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****
2014-11-20 11:46 - 2014-05-31 19:42 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Anwendungsdaten\vlc
2014-11-17 13:52 - 2010-01-09 18:12 - 00000000 ___HD () D:\BJPrinter
2014-11-17 12:59 - 2010-01-08 23:50 - 00000000 ____D () D:\Dokumente und Einstellungen\internet
2014-11-17 11:21 - 2013-10-19 03:26 - 00000000 ____D () D:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Temp
2014-11-15 13:27 - 2009-12-29 22:57 - 00000000 ____D () D:\******
2014-11-14 19:31 - 2012-09-13 21:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Desktop\******
2014-11-13 21:06 - 2013-09-01 12:53 - 00000000 ____D () D:\Bilder_Video
Some content of TEMP:
====================
D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\temp\Quarantine.exe
D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- --- --- --- --- Zitat:
|
|
05.12.2014, 17:12
| #14 |
| /// the machine /// TB-Ausbilder | Trojan.Agent in syshost.exe Flash und Firefox updaten. Und unbedingt über ein anderes WIndows nachdenken. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.12.2014, 11:55
| #15 |
| | Trojan.Agent in syshost.exe Moin moin, hier das Fixlog. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by Arbeit at 2014-12-06 11:29:29 Run:2
Running from D:\Dokumente und Einstellungen\Arbeit\Desktop
Loaded Profile: Arbeit (Available profiles: ve & internet & Internet ***** & Arbeit)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
==== End of Fixlog ====
|
|
| Themen zu Trojan.Agent in syshost.exe |
| bestimmte, fehlercode 0x3, fehlercode 22, firewall, funktioniert, hijackthis, hijackthis-log, malwarebytes, speicher, taskmanager, this device is disabled. (code 22), trojan.agent, trojan.agent syshost.exe, warnungen, win32/rootkit.kryptik.zl, windows firewall |
WARNUNG an die MITLESER: 
Linear-Darstellung
