Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojan.Agent in syshost.exe (https://www.trojaner-board.de/161338-trojan-agent-syshost-exe.html)

tymara 29.11.2014 21:46
Trojan.Agent in syshost.exe
 
Hallo!

Ich habe blöderweise auf eine nette Phishingmail (noch vorhanden, falls gewünscht) geklickt und mir einen Trojan.Agent eingefangen. Avira Echtzeitscanner und Updates waren seither deaktiviert. Eine nicht beendbare syshost.exe war im Taskmanager zu sehen.
- Möglicherweise ist/war noch etwas anderes Schädliches unterwegs, denn Windows meckerte schon seit 2 oder 3 Tagen, daß die Firewall deaktiviert sei. Hatte dann jeweils die Windows Firewall aktiviert, damit war die Sache vorerst erledigt. -

Habe Avira, Hijackthis, Adware und Malwarebytes drüberlaufen lassen. Avira hat nur ca. 260 Warnungen harausgegeben, daß bestimmte Dateien nicht zu öffnen sind, aber nichts gefunden. (Die Warnungen waren beim nächsten Lauf verschwunden.) Hijackthis zeigte auch die syshost.exe an (fixen war nicht möglich). Adware hat nichts gefunden, Mbam hat den Trojan.Agent gefunden, ist jetzt in Quarantäne.

Mbam-Log und Hijackthis-Log konnte ich speichern. (Welche soll ich posten?)

Avira habe ich deinstalliert und versucht neu zu installieren, funktioniert natürlich auch nicht. Bricht ohne Meldung ab.

Erbitte Hilfe, ich habe vermutlich nicht alles erwischt. Vielen Dank.

schrauber 29.11.2014 21:48
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


tymara 29.11.2014 23:16
Danke für die ultraschnelle Antwort.
Ich habe persönliche Namen aus den Logfiles ausgesternt.
Was mir noch einfiel, ich hatte vorher spybot auch noch drüberlaufen lassen, ohne Fund.

Was mir merkwürdig erscheint, daß avira als installiertes Programm gelistet wird, aber ich hab es heute deinstalliert?!
EDIT: War zu voreilig und habe Programm vom Stick gestartet. Das nächste Mal mach ichs dann richtig vom Desktop. Entschuldigung.


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Arbeit (administrator) on INTRNET on 29-11-2014 22:19:04
Running from J:\
Loaded Profile: Arbeit (Available profiles: ve & internet & Internet ***** & Arbeit)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(Hewlett-Packard Company) D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) D:\Programme\Malwarebam\mbamscheduler.exe
(Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe
(Malwarebytes Corporation) D:\Programme\Malwarebam\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Winlogon\Notify\AtiExtEvent: D:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-789336058-879983540-839522115-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-789336058-879983540-839522115-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
URLSearchHook: HKU\S-1-5-21-789336058-879983540-839522115-1006 - Microsoft Url Sucheingriff - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Programme\Spy\SDHelper.dll (Safer Networking Limited)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: D:\Dokumente und Einstellungen\Arbeit\Anwendungsdaten\Mozilla\Firefox\Profiles\2t452zou.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\Programme\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> D:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "41d78ef79c384a09" service could not be unlocked. <===== ATTENTION

R2 LightScribeService; D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [73728 2005-12-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; D:\Programme\Malwarebam\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebam\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 ose; D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 ACDaemon; D:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 MozillaMaintenance; D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [X]
S4 Norton Internet Security; "D:\Programme\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "D:\Programme\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; D:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Ambfilt; D:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 AmdPPM; D:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 BlueletAudio; D:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; D:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
S3 BT; D:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; D:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; D:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; D:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 BTNetFilter; D:\Programme\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.)
S3 MBAMProtector; D:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R0 MBAMSwissArmy; D:\WINDOWS\System32\drivers\49F22E28.sys [114904 2014-11-29] (Malwarebytes Corporation)
S3 Monfilt; D:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 RTHDMIAzAudService; D:\WINDOWS\System32\drivers\RtKHDMI.sys [3733760 2009-05-21] (Realtek Semiconductor Corp.)
R3 VComm; D:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; D:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
U5 41d78ef79c384a09; D:\Windows\System32\Drivers\41d78ef79c384a09.sys [72960 2014-11-23] () <===== ATTENTION Necurs Rootkit?
S3 gdrv; \??\D:\WINDOWS\gdrv.sys [X]
S4 IntelIde; No ImagePath
S3 NAVENG; \??\D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
U5 ScsiPort; D:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SRTSP; \??\D:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\D:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 22:18 - 2014-11-29 22:19 - 00000000 ____D () D:\FRST
2014-11-29 20:29 - 2014-11-29 20:29 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\06AF4E76.sys
2014-11-29 19:51 - 2014-11-29 19:51 - 00001014 _____ () D:\WINDOWS\UpdateRollupPack.log
2014-11-29 19:50 - 2014-11-29 19:50 - 00000000 ____D () D:\WINDOWS\system32\CatRoot_bak
2014-11-29 18:31 - 2014-11-29 18:31 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\29F57440.sys
2014-11-29 14:14 - 2014-11-29 14:14 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\20342FBD.sys
2014-11-29 14:12 - 2014-11-29 14:12 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\49F22E28.sys
2014-11-29 14:12 - 2014-11-29 14:12 - 00000000 ____D () D:\Programme\Malwarebam
2014-11-29 14:12 - 2014-11-29 14:12 - 00000000 ____D () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mbam
2014-11-29 14:12 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-29 14:12 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys
2014-11-29 11:41 - 2014-11-29 11:41 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\113D3A7C.sys
2014-11-29 11:39 - 2014-11-29 11:39 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\2CAF392C.sys
2014-11-29 10:58 - 2014-11-29 10:58 - 00001693 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam2711.txt
2014-11-29 10:52 - 2014-11-29 11:04 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\241A155A.sys
2014-11-29 10:49 - 2014-11-29 18:29 - 00000000 ____D () D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
2014-11-27 20:19 - 2014-11-27 20:19 - 00110296 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\48230029.sys
2014-11-26 19:54 - 2014-11-26 19:54 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files
2014-11-26 19:54 - 2011-07-10 08:19 - 00000590 _____ () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2014-11-26 19:34 - 2014-11-26 19:35 - 00000000 ____D () D:\AdwCleaner
2014-11-26 19:15 - 2014-11-26 19:15 - 00002104 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\hijackthis.log
2014-11-24 18:09 - 2014-11-24 18:11 - 00001228 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\Arbeit.lnk
2014-11-23 17:16 - 2014-11-23 17:16 - 00040888 _____ () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2014-11-23 13:43 - 2014-11-23 13:43 - 00072960 _____ () D:\WINDOWS\system32\Drivers\41d78ef79c384a09.sys
2014-11-14 18:00 - 2014-11-14 18:00 - 00000393 _____ () D:\Dokumente und Einstellungen\Internet *****\Desktop\Verknüpfung mit Bewerbung.lnk
2014-11-13 21:06 - 2014-11-26 19:28 - 00000000 ____D () D:\Bewerbung
2014-11-13 20:53 - 2014-11-13 20:53 - 00000000 ____D () D:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Anwendungsdaten\PDF24

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 22:19 - 2014-09-23 20:55 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Temp
2014-11-29 20:27 - 2009-12-29 21:06 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-11-29 20:27 - 2009-12-29 19:40 - 00000157 _____ () D:\WINDOWS\wiadebug.log
2014-11-29 20:27 - 2009-12-29 19:40 - 00000050 _____ () D:\WINDOWS\wiaservc.log
2014-11-29 20:26 - 2014-09-23 20:55 - 00000190 ___SH () D:\Dokumente und Einstellungen\Arbeit\ntuser.ini
2014-11-29 20:26 - 2009-12-29 21:06 - 00032622 _____ () D:\WINDOWS\SchedLgU.Txt
2014-11-29 20:26 - 2009-12-29 21:01 - 00328370 _____ () D:\WINDOWS\WindowsUpdate.log
2014-11-29 20:26 - 2009-12-29 20:32 - 00000000 ____D () D:\WINDOWS\security
2014-11-29 20:25 - 2009-12-29 19:37 - 00652795 _____ () D:\WINDOWS\setupapi.log
2014-11-29 19:51 - 2012-01-29 17:25 - 00509760 _____ () D:\WINDOWS\svcpack.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00399028 _____ () D:\WINDOWS\iis6.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00173443 _____ () D:\WINDOWS\ocgen.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00171810 _____ () D:\WINDOWS\FaxSetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00106383 _____ () D:\WINDOWS\tsoc.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00071997 _____ () D:\WINDOWS\comsetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00051834 _____ () D:\WINDOWS\ntdtcsetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00018238 _____ () D:\WINDOWS\MedCtrOC.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00012342 _____ () D:\WINDOWS\ocmsn.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00010726 _____ () D:\WINDOWS\msgsocm.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00007006 _____ () D:\WINDOWS\tabletoc.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00003788 _____ () D:\WINDOWS\imsins.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00110046 _____ () D:\WINDOWS\msmqinst.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00031938 _____ () D:\WINDOWS\netfxocm.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00003788 _____ () D:\WINDOWS\imsins.BAK
2014-11-29 18:32 - 2012-03-29 17:10 - 00000000 ____D () D:\ebayneu
2014-11-29 18:28 - 2009-12-29 19:38 - 00000000 ___RD () D:\Programme
2014-11-29 14:06 - 2009-12-29 19:38 - 00000000 ___RD () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-11-29 10:31 - 2004-08-05 13:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2014-11-27 22:07 - 2014-02-24 09:54 - 00000000 ____D () D:\Arbeit
2014-11-27 21:34 - 2009-12-29 21:00 - 00000000 ____D () D:\WINDOWS\system32\Restore
2014-11-26 00:01 - 2011-07-04 20:59 - 00000000 ____D () D:\*****
2014-11-26 00:00 - 2014-06-12 20:11 - 00000000 ____D () D:\Vodafone
2014-11-25 18:31 - 2010-01-10 16:37 - 00000116 _____ () D:\WINDOWS\NeroDigital.ini
2014-11-23 23:11 - 2014-09-23 20:55 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit
2014-11-21 14:44 - 2010-03-05 16:24 - 00000190 ___SH () D:\Dokumente und Einstellungen\Internet *****\ntuser.ini
2014-11-21 14:44 - 2010-03-05 16:24 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****
2014-11-21 14:43 - 2010-03-05 16:24 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Lokale Einstellungen\Temp
2014-11-20 11:46 - 2014-05-31 19:42 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Anwendungsdaten\vlc
2014-11-17 13:52 - 2010-01-09 18:12 - 00000000 ___HD () D:\BJPrinter
2014-11-17 12:59 - 2010-01-08 23:50 - 00000190 ___SH () D:\Dokumente und Einstellungen\internet\ntuser.ini
2014-11-17 12:59 - 2010-01-08 23:50 - 00000000 ____D () D:\Dokumente und Einstellungen\internet
2014-11-17 11:21 - 2013-10-19 03:26 - 00000000 ____D () D:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Temp
2014-11-15 13:27 - 2009-12-29 22:57 - 00000000 ____D () D:\*******
2014-11-14 19:31 - 2012-09-13 21:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Desktop\******
2014-11-13 21:06 - 2013-09-01 12:53 - 00000000 ____D () D:\Bilder_Video

Some content of TEMP:
====================
D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01
Ran by Arbeit at 2014-11-29 22:19:30
Running from J:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.561-081201a1-074335C - )
Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Bluesoleil2.6.0.8 Release 070517 (HKLM\...\{438BB9B4-65FE-4626-91D9-A8F57B18001D}) (Version: 2.6.0.8 Release 070517 - IVT Corporation)
Bubble Odyssey 1.0 (HKLM\...\Bubble Odyssey_is1) (Version:  - )
Die Siedler II - Die nächste Generation (HKLM\...\S2TNG) (Version:  - )
Die Siedler III Gold Edition (HKLM\...\S3) (Version:  - )
Frhed 1.7.1 (HKLM\...\Frhed) (Version: 1.7.1 - Raihan Kibria)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Hotfix für Windows XP (KB942288-v3) (HKLM\...\KB942288-v3) (Version: 3 - Microsoft Corporation)
Kaufland Foto (HKLM\...\Kaufland Foto) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
LightScribe  1.4.62.1 (Version: 1.4.62.1 - hxxp://www.lightscribe.com) Hidden
Löwenzahn 2 (HKLM\...\Loewe2) (Version:  - )
Löwenzahn 4 (HKLM\...\Loewe4) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
mb Software ArCon (HKLM\...\ArCon) (Version:  - )
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version:  - )
MGI PhotoSuite 4 (nur entfernen) (HKLM\...\MGI_PRISM_V4_0) (Version:  - MGI Software Corp.)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 de) (HKLM\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF24 Creator 6.4.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
QuickTime 3.0 (HKLM\...\QuickTime 3.0) (Version:  - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5864 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
Secret Of Six Seas (HKLM\...\Secret Of Six Seas) (Version:  - )
SilverFast Epson-SE 6.6.2r4 (HKLM\...\SilverFast Epson-SE) (Version:  - LaserSoft Imaging AG)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Sweet Home 3D version 3.7 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VDE VERLAG VDE-Vorschriftenwerk 9.0 (HKLM\...\VDE VERLAG VDE_VORSCHRIFTENWERK 9_0) (Version: 9.0 - VDE VERLAG)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031514 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-11-2014 20:34:19 Systemprüfpunkt
29-11-2014 13:34:05 Systemprüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-05 13:00 - 2010-01-06 22:50 - 00372299 ____A D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.100888290cs.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        www.10sek.com
127.0.0.1        10sek.com
127.0.0.1        www.123topsearch.com
127.0.0.1        123topsearch.com
127.0.0.1        www.132.com
127.0.0.1        132.com
127.0.0.1        www.136136.net
127.0.0.1        136136.net
127.0.0.1        www.163ns.com
127.0.0.1        163ns.com
127.0.0.1        171203.com
127.0.0.1        17-plus.com
127.0.0.1        www.1800searchonline.com
127.0.0.1        1800searchonline.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CTFMON.EXE => D:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: NeroFilterCheck => D:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: PDFPrint => D:\Programme\PDF24\pdf24.exe
MSCONFIG\startupreg: SHIWebOnDiskManager => "D:\Programme\SHIWebOnDiskManager\SHIWebOnDiskManager.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-789336058-879983540-839522115-500 - Administrator - Enabled)
Arbeit (S-1-5-21-789336058-879983540-839522115-1006 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Arbeit
Gast (S-1-5-21-789336058-879983540-839522115-501 - Limited - Enabled)
Hilfeassistent (S-1-5-21-789336058-879983540-839522115-1000 - Limited - Disabled)
internet (S-1-5-21-789336058-879983540-839522115-1004 - Limited - Enabled) => %SystemDrive%\Dokumente und Einstellungen\internet
Internet ***** (S-1-5-21-789336058-879983540-839522115-1005 - Limited - Enabled) => %SystemDrive%\Dokumente und Einstellungen\Internet *****
SUPPORT_388945a0 (S-1-5-21-789336058-879983540-839522115-1002 - Limited - Disabled)
ve (S-1-5-21-789336058-879983540-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Dokumente und Einstellungen\ve

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth PAN Network Adapter
Description: Bluetooth PAN Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: IVT Corporation
Service: BT
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2014 09:27:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.

Error: (07/19/2014 09:27:27 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 80070005 von Zeile 44 von f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Wenden Sie sich an den Microsoft-Produktsupport.

Error: (06/28/2014 00:09:16 PM) (Source: Avira Antivirus) (EventID: 4118) (User: )
Description: D:\WINDOWS\system32\drwtsn32.exeACCESS_VIOLATION0x1e7f9ebAVEPROC_TestFile()


System errors:
=============
Error: (11/29/2014 08:29:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (11/29/2014 08:29:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (11/29/2014 08:27:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
SRTSPX

Error: (11/29/2014 08:27:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (11/29/2014 08:27:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (11/29/2014 07:40:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
SRTSPX

Error: (11/29/2014 07:40:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (11/29/2014 07:40:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error: (11/29/2014 06:36:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/29/2014 06:36:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31


Microsoft Office Sessions:
=========================
Error: (07/19/2014 09:27:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80040206

Error: (07/19/2014 09:27:27 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070005


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 240 Processor
Percentage of memory in use: 19%
Total physical RAM: 1918.42 MB
Available physical RAM: 1552.79 MB
Total Pagefile: 3684.53 MB
Available Pagefile: 3472.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.97 MB

==================== Drives ================================

Drive c: (Mama) (Fixed) (Total:4.88 GB) (Free:1.73 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Daten) (Fixed) (Total:228 GB) (Free:130.67 GB) NTFS
Drive j: () (Removable) (Total:1.91 GB) (Free:1.89 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: BF1FCE0E)
Partition 1: (Active) - (Size=4.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=228 GB) - (Type=OF Extended)

========================================================
Disk: 5 (Size: 1.9 GB) (Disk ID: DC210922)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

==================== End Of Log ============================

schrauber 30.11.2014 09:01
hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

tymara 30.11.2014 11:22
Hallo,

hier das Log. Lssrvc.exe hab ich von Nero und kann weg. Daß er bei Teatimer anschlägt, könnte normal sein, oder?

Danke.

Code:
10:58:52.0421 0x012c  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
10:58:54.0359 0x012c  ============================================================
10:58:54.0359 0x012c  Current date / time: 2014/11/30 10:58:54.0359
10:58:54.0359 0x012c  SystemInfo:
10:58:54.0375 0x012c 
10:58:54.0375 0x012c  OS Version: 5.1.2600 ServicePack: 3.0
10:58:54.0375 0x012c  Product type: Workstation
10:58:54.0375 0x012c  ComputerName: INTRNET
10:58:54.0375 0x012c  UserName: Arbeit
10:58:54.0375 0x012c  Windows directory: D:\WINDOWS
10:58:54.0375 0x012c  System windows directory: D:\WINDOWS
10:58:54.0375 0x012c  Processor architecture: Intel x86
10:58:54.0375 0x012c  Number of processors: 2
10:58:54.0375 0x012c  Page size: 0x1000
10:58:54.0375 0x012c  Boot type: Normal boot
10:58:54.0375 0x012c  ============================================================
10:58:54.0375 0x012c  BG loaded
10:58:54.0578 0x012c  System UUID: {78DF7FD0-1D0E-3939-D90F-C6BA596866FA}
10:58:55.0078 0x012c  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
10:58:55.0078 0x012c  Drive \Device\Harddisk1\DR3 - Size: 0x7A800000 ( 1.91 Gb ), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:58:55.0093 0x012c  ============================================================
10:58:55.0093 0x012c  \Device\Harddisk0\DR0:
10:58:55.0093 0x012c  MBR partitions:
10:58:55.0093 0x012c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C25FE
10:58:55.0093 0x012c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C267C, BlocksNum 0x1C7FE044
10:58:55.0093 0x012c  \Device\Harddisk1\DR3:
10:58:55.0093 0x012c  MBR partitions:
10:58:55.0093 0x012c  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x5F0, BlocksNum 0x3D3A10
10:58:55.0093 0x012c  ============================================================
10:58:55.0109 0x012c  C: <-> \Device\Harddisk0\DR0\Partition1
10:58:55.0140 0x012c  D: <-> \Device\Harddisk0\DR0\Partition2
10:58:55.0140 0x012c  ============================================================
10:58:55.0140 0x012c  Initialize success
10:58:55.0140 0x012c  ============================================================
10:59:10.0953 0x047c  ============================================================
10:59:10.0953 0x047c  Scan started
10:59:10.0953 0x047c  Mode: Manual; SigCheck; TDLFS;
10:59:10.0953 0x047c  ============================================================
10:59:10.0953 0x047c  KSN ping started
10:59:11.0046 0x047c  KSN ping finished: false
10:59:11.0406 0x047c  ================ Scan system memory ========================
10:59:11.0406 0x047c  System memory - ok
10:59:11.0406 0x047c  ================ Scan services =============================
10:59:11.0406 0x047c  Suspicious service (NoAccess): 41d78ef79c384a09
10:59:11.0468 0x047c  [ B2234CF29BF7D128FA69510E0F2D11E2, 11C378B58C37C42365897250DE874E51E612137AC83B181E206571FD173AF4DA ] 41d78ef79c384a09 D:\WINDOWS\System32\Drivers\41d78ef79c384a09.sys
10:59:11.0468 0x047c  Suspicious file ( NoAccess ): D:\WINDOWS\System32\Drivers\41d78ef79c384a09.sys. md5: B2234CF29BF7D128FA69510E0F2D11E2, sha256: 11C378B58C37C42365897250DE874E51E612137AC83B181E206571FD173AF4DA
10:59:12.0250 0x047c  41d78ef79c384a09 - detected Rootkit.Win32.Necurs.gen ( 0 )
10:59:12.0531 0x047c  41d78ef79c384a09 ( Rootkit.Win32.Necurs.gen ) - infected
10:59:12.0531 0x047c  Force sending object to P2P due to detect: 41d78ef79c384a09
10:59:12.0546 0x047c  Object send P2P result: false
10:59:12.0546 0x047c  Abiosdsk - ok
10:59:12.0578 0x047c  abp480n5 - ok
10:59:12.0656 0x047c  ACDaemon - ok
10:59:12.0718 0x047c  [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI            D:\WINDOWS\system32\DRIVERS\ACPI.sys
10:59:13.0671 0x047c  ACPI - ok
10:59:13.0703 0x047c  [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC          D:\WINDOWS\system32\drivers\ACPIEC.sys
10:59:13.0796 0x047c  ACPIEC - ok
10:59:13.0796 0x047c  adpu160m - ok
10:59:13.0828 0x047c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec            D:\WINDOWS\system32\drivers\aec.sys
10:59:13.0906 0x047c  aec - ok
10:59:13.0921 0x047c  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc            D:\WINDOWS\system32\drivers\Afc.sys
10:59:14.0000 0x047c  Afc - ok
10:59:14.0062 0x047c  [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD            D:\WINDOWS\System32\drivers\afd.sys
10:59:14.0125 0x047c  AFD - ok
10:59:14.0140 0x047c  Aha154x - ok
10:59:14.0140 0x047c  aic78u2 - ok
10:59:14.0140 0x047c  aic78xx - ok
10:59:14.0187 0x047c  [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter        D:\WINDOWS\system32\alrsvc.dll
10:59:14.0265 0x047c  Alerter - ok
10:59:14.0281 0x047c  [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG            D:\WINDOWS\System32\alg.exe
10:59:14.0375 0x047c  ALG - ok
10:59:14.0375 0x047c  AliIde - ok
10:59:14.0468 0x047c  [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt        D:\WINDOWS\system32\drivers\Ambfilt.sys
10:59:14.0625 0x047c  Ambfilt - ok
10:59:14.0656 0x047c  [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] AmdPPM          D:\WINDOWS\system32\DRIVERS\AmdPPM.sys
10:59:14.0687 0x047c  AmdPPM - ok
10:59:14.0687 0x047c  amsint - ok
10:59:14.0734 0x047c  [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt        D:\WINDOWS\System32\appmgmts.dll
10:59:14.0828 0x047c  AppMgmt - ok
10:59:14.0828 0x047c  asc - ok
10:59:14.0828 0x047c  asc3350p - ok
10:59:14.0843 0x047c  asc3550 - ok
10:59:14.0890 0x047c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        D:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:59:14.0968 0x047c  AsyncMac - ok
10:59:14.0984 0x047c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi          D:\WINDOWS\system32\DRIVERS\atapi.sys
10:59:15.0062 0x047c  atapi - ok
10:59:15.0078 0x047c  Atdisk - ok
10:59:15.0140 0x047c  [ ECA673779ECD27D674953D692FE070F6, 6FBCAF6C347E06032C63B72261785109D0929BE1B23CA5465995803951954616 ] Ati HotKey Poller D:\WINDOWS\system32\Ati2evxx.exe
10:59:15.0203 0x047c  Ati HotKey Poller - ok
10:59:15.0312 0x047c  [ 15B2FE76E2ECEB98C49ED52311A6F26F, E917AEBD221BF2DB217C111F256033FDA2B28FE55C7E87DAD4A16B84E3FD9398 ] ati2mtag        D:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:59:15.0468 0x047c  ati2mtag - ok
10:59:15.0531 0x047c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc        D:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:59:15.0625 0x047c  Atmarpc - ok
10:59:15.0656 0x047c  [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv        D:\WINDOWS\System32\audiosrv.dll
10:59:15.0734 0x047c  AudioSrv - ok
10:59:15.0765 0x047c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub        D:\WINDOWS\system32\DRIVERS\audstub.sys
10:59:15.0843 0x047c  audstub - ok
10:59:15.0890 0x047c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            D:\WINDOWS\system32\drivers\Beep.sys
10:59:15.0968 0x047c  Beep - ok
10:59:16.0031 0x047c  [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS            D:\WINDOWS\system32\qmgr.dll
10:59:16.0140 0x047c  BITS - ok
10:59:16.0171 0x047c  [ 852A1BD08E7DFEB9E30B5440881C0501, 92D3F82A29D4466706DA0A30921B4AE5D67F08C2C4EF362EDB1A2D254A5AF068 ] BlueletAudio    D:\WINDOWS\system32\DRIVERS\blueletaudio.sys
10:59:16.0187 0x047c  BlueletAudio - ok
10:59:16.0203 0x047c  [ 8FC27B12A02B43947787F0EF1885DF9B, 1C0A44406FCD78BB6410140512B2165F974CD1837400A818529E4054A358E7BF ] BlueletSCOAudio D:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
10:59:16.0203 0x047c  BlueletSCOAudio - ok
10:59:16.0234 0x047c  [ B42057F06BBB98B31876C0B3F2B54E33, 779AF28378E8D37E784BEDBEE23DCFFC6C9C9068180F2A9058C91047E33ED078 ] Browser        D:\WINDOWS\System32\browser.dll
10:59:16.0312 0x047c  Browser - ok
10:59:16.0328 0x047c  [ C5CCE2B26F73F8CF7F3C82159E79AA08, 09FDCB702ADB4A58F061D314BD7FD4A2BD487EA877F89A5F31B86BE0BBC24360 ] BT              D:\WINDOWS\system32\DRIVERS\btnetdrv.sys
10:59:16.0328 0x047c  BT - ok
10:59:16.0343 0x047c  [ DA473D279420234170DA795F1CAD4479, A6958C700496695D9B24D570FDCCB47C114217426AACB3FABBBA1941C722008D ] Btcsrusb        D:\WINDOWS\system32\Drivers\btcusb.sys
10:59:16.0343 0x047c  Btcsrusb - ok
10:59:16.0375 0x047c  [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum        D:\WINDOWS\system32\DRIVERS\BthEnum.sys
10:59:16.0468 0x047c  BthEnum - ok
10:59:16.0484 0x047c  [ CE643D0918123D76A5CAAB008FCA9663, 045FA050D273C56AF13DC24A3E4AB14B236AC2CB4DD48D5B3180696096D3A931 ] BTHidEnum      D:\WINDOWS\system32\Drivers\vbtenum.sys
10:59:16.0484 0x047c  BTHidEnum - ok
10:59:16.0484 0x047c  [ DFCA4FE4C8AEC786B4D0F432EB730F48, 3D9731A50127E86280B93466A3CAA90607027341E04EA3A8AE89B373DFC0A5B8 ] BTHidMgr        D:\WINDOWS\system32\Drivers\BTHidMgr.sys
10:59:16.0500 0x047c  BTHidMgr - ok
10:59:16.0500 0x047c  [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM        D:\WINDOWS\system32\DRIVERS\bthmodem.sys
10:59:16.0578 0x047c  BTHMODEM - ok
10:59:16.0609 0x047c  [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan          D:\WINDOWS\system32\DRIVERS\bthpan.sys
10:59:16.0718 0x047c  BthPan - ok
10:59:16.0750 0x047c  [ 27D6108CFEBA7EF5AA976FC66EC77BBD, B0C3C61B3AF6358D9BE12DF56F741FE3CC5714950C74014EBED6804034D9D5DE ] BTHPORT        D:\WINDOWS\system32\Drivers\BTHport.sys
10:59:16.0843 0x047c  BTHPORT - ok
10:59:16.0875 0x047c  [ 26C601EF7525E31379744ABFC6F35A1B, 842626D3A00DDA959A4AB730C0D551244DCDA15AC291FD70CC7324571A6088EC ] BthServ        D:\WINDOWS\System32\bthserv.dll
10:59:16.0953 0x047c  BthServ - ok
10:59:16.0984 0x047c  [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB          D:\WINDOWS\system32\Drivers\BTHUSB.sys
10:59:17.0046 0x047c  BTHUSB - ok
10:59:17.0125 0x047c  [ 4F26303BECBB7CC5CA8FF39593124CF2, 2953C2F0F81230B97ABD517F68367A3B787A2F02E780062386EFFF2F22E159BF ] BTNetFilter    D:\Programme\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
10:59:17.0125 0x047c  BTNetFilter - ok
10:59:17.0156 0x047c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k        D:\WINDOWS\system32\drivers\cbidf2k.sys
10:59:17.0250 0x047c  cbidf2k - ok
10:59:17.0265 0x047c  cd20xrnt - ok
10:59:17.0265 0x047c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio        D:\WINDOWS\system32\drivers\Cdaudio.sys
10:59:17.0359 0x047c  Cdaudio - ok
10:59:17.0406 0x047c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            D:\WINDOWS\system32\drivers\Cdfs.sys
10:59:17.0468 0x047c  Cdfs - ok
10:59:17.0484 0x047c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom          D:\WINDOWS\system32\DRIVERS\cdrom.sys
10:59:17.0562 0x047c  Cdrom - ok
10:59:17.0562 0x047c  Changer - ok
10:59:17.0609 0x047c  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc          D:\WINDOWS\system32\cisvc.exe
10:59:17.0687 0x047c  CiSvc - ok
10:59:17.0687 0x047c  [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv        D:\WINDOWS\system32\clipsrv.exe
10:59:17.0781 0x047c  ClipSrv - ok
10:59:17.0781 0x047c  CmdIde - ok
10:59:17.0781 0x047c  COMSysApp - ok
10:59:17.0796 0x047c  Cpqarray - ok
10:59:17.0812 0x047c  [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc        D:\WINDOWS\System32\cryptsvc.dll
10:59:17.0890 0x047c  CryptSvc - ok
10:59:17.0890 0x047c  dac2w2k - ok
10:59:17.0890 0x047c  dac960nt - ok
10:59:17.0937 0x047c  [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] DcomLaunch      D:\WINDOWS\system32\rpcss.dll
10:59:18.0031 0x047c  DcomLaunch - ok
10:59:18.0093 0x047c  [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp            D:\WINDOWS\System32\dhcpcsvc.dll
10:59:18.0171 0x047c  Dhcp - ok
10:59:18.0218 0x047c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            D:\WINDOWS\system32\DRIVERS\disk.sys
10:59:18.0296 0x047c  Disk - ok
10:59:18.0296 0x047c  dmadmin - ok
10:59:18.0359 0x047c  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot          D:\WINDOWS\system32\drivers\dmboot.sys
10:59:18.0468 0x047c  dmboot - ok
10:59:18.0484 0x047c  [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio            D:\WINDOWS\system32\drivers\dmio.sys
10:59:18.0562 0x047c  dmio - ok
10:59:18.0578 0x047c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          D:\WINDOWS\system32\drivers\dmload.sys
10:59:18.0656 0x047c  dmload - ok
10:59:18.0687 0x047c  [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver        D:\WINDOWS\System32\dmserver.dll
10:59:18.0765 0x047c  dmserver - ok
10:59:18.0796 0x047c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          D:\WINDOWS\system32\drivers\DMusic.sys
10:59:18.0875 0x047c  DMusic - ok
10:59:18.0921 0x047c  [ 8C9ED3B2834AAE63081AB2DA831C6FE9, 87D2931A5CD3658A28072BEC3F28384B91CC3B19D072CE9C69F119B80671C163 ] Dnscache        D:\WINDOWS\System32\dnsrslvr.dll
10:59:19.0000 0x047c  Dnscache - ok
10:59:19.0046 0x047c  [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc        D:\WINDOWS\System32\dot3svc.dll
10:59:19.0140 0x047c  Dot3svc - ok
10:59:19.0140 0x047c  dpti2o - ok
10:59:19.0171 0x047c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud        D:\WINDOWS\system32\drivers\drmkaud.sys
10:59:19.0250 0x047c  drmkaud - ok
10:59:19.0281 0x047c  [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost        D:\WINDOWS\System32\eapsvc.dll
10:59:19.0359 0x047c  EapHost - ok
10:59:19.0406 0x047c  [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc          D:\WINDOWS\System32\ersvc.dll
10:59:19.0484 0x047c  ERSvc - ok
10:59:19.0515 0x047c  [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] Eventlog        D:\WINDOWS\system32\services.exe
10:59:19.0593 0x047c  Eventlog - ok
10:59:19.0609 0x047c  [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C, 8FB19E57429EA5C35C43DADC9C37088A9AD6D039067DA7920DD6A3C9287D0FED ] EventSystem    D:\WINDOWS\system32\es.dll
10:59:19.0703 0x047c  EventSystem - ok
10:59:19.0750 0x047c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat        D:\WINDOWS\system32\drivers\Fastfat.sys
10:59:19.0828 0x047c  Fastfat - ok
10:59:19.0859 0x047c  [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] FastUserSwitchingCompatibility D:\WINDOWS\System32\shsvcs.dll
10:59:19.0937 0x047c  FastUserSwitchingCompatibility - ok
10:59:19.0953 0x047c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc            D:\WINDOWS\system32\drivers\Fdc.sys
10:59:20.0031 0x047c  Fdc - ok
10:59:20.0031 0x047c  [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips            D:\WINDOWS\system32\drivers\Fips.sys
10:59:20.0109 0x047c  Fips - ok
10:59:20.0109 0x047c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        D:\WINDOWS\system32\drivers\Flpydisk.sys
10:59:20.0187 0x047c  Flpydisk - ok
10:59:20.0218 0x047c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          D:\WINDOWS\system32\drivers\fltmgr.sys
10:59:20.0296 0x047c  FltMgr - ok
10:59:20.0296 0x047c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          D:\WINDOWS\system32\drivers\Fs_Rec.sys
10:59:20.0390 0x047c  Fs_Rec - ok
10:59:20.0390 0x047c  [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk          D:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:59:20.0484 0x047c  Ftdisk - ok
10:59:20.0484 0x047c  gdrv - ok
10:59:20.0531 0x047c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc            D:\WINDOWS\system32\DRIVERS\msgpc.sys
10:59:20.0593 0x047c  Gpc - ok
10:59:20.0640 0x047c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:59:20.0718 0x047c  HDAudBus - ok
10:59:20.0796 0x047c  [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc        D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:59:20.0875 0x047c  helpsvc - ok
10:59:20.0890 0x047c  [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ        D:\WINDOWS\System32\hidserv.dll
10:59:20.0953 0x047c  HidServ - ok
10:59:20.0984 0x047c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          D:\WINDOWS\system32\DRIVERS\hidusb.sys
10:59:21.0062 0x047c  hidusb - ok
10:59:21.0093 0x047c  [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc          D:\WINDOWS\System32\kmsvc.dll
10:59:21.0171 0x047c  hkmsvc - ok
10:59:21.0171 0x047c  hpn - ok
10:59:21.0218 0x047c  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP            D:\WINDOWS\system32\Drivers\HTTP.sys
10:59:21.0296 0x047c  HTTP - ok
10:59:21.0343 0x047c  [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter      D:\WINDOWS\System32\w3ssl.dll
10:59:21.0406 0x047c  HTTPFilter - ok
10:59:21.0406 0x047c  i2omgmt - ok
10:59:21.0406 0x047c  i2omp - ok
10:59:21.0453 0x047c  [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt        D:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:59:21.0531 0x047c  i8042prt - ok
10:59:21.0546 0x047c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi          D:\WINDOWS\system32\DRIVERS\imapi.sys
10:59:21.0609 0x047c  Imapi - ok
10:59:21.0640 0x047c  [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService    D:\WINDOWS\system32\imapi.exe
10:59:22.0203 0x047c  ImapiService - ok
10:59:22.0203 0x047c  ini910u - ok
10:59:22.0406 0x047c  [ 0C5A04F0FFAEBC25AC815EE14441A8CB, 1A140EFBAC42370180830543F765780508176CAD342541843F54F2B2BCFBD102 ] IntcAzAudAddService D:\WINDOWS\system32\drivers\RtkHDAud.sys
10:59:22.0640 0x047c  IntcAzAudAddService - ok
10:59:22.0640 0x047c  IntelIde - ok
10:59:22.0703 0x047c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw          D:\WINDOWS\system32\drivers\ip6fw.sys
10:59:22.0796 0x047c  Ip6Fw - ok
10:59:22.0843 0x047c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:59:22.0937 0x047c  IpFilterDriver - ok
10:59:22.0984 0x047c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          D:\WINDOWS\system32\DRIVERS\ipinip.sys
10:59:23.0046 0x047c  IpInIp - ok
10:59:23.0062 0x047c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat          D:\WINDOWS\system32\DRIVERS\ipnat.sys
10:59:23.0156 0x047c  IpNat - ok
10:59:23.0171 0x047c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec          D:\WINDOWS\system32\DRIVERS\ipsec.sys
10:59:23.0250 0x047c  IPSec - ok
10:59:23.0250 0x047c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          D:\WINDOWS\system32\DRIVERS\irenum.sys
10:59:23.0328 0x047c  IRENUM - ok
10:59:23.0343 0x047c  [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp          D:\WINDOWS\system32\DRIVERS\isapnp.sys
10:59:23.0406 0x047c  isapnp - ok
10:59:23.0421 0x047c  [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass        D:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:59:23.0500 0x047c  Kbdclass - ok
10:59:23.0515 0x047c  [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid          D:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:59:23.0593 0x047c  kbdhid - ok
10:59:23.0625 0x047c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          D:\WINDOWS\system32\drivers\kmixer.sys
10:59:23.0703 0x047c  kmixer - ok
10:59:23.0718 0x047c  [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD          D:\WINDOWS\system32\drivers\KSecDD.sys
10:59:23.0812 0x047c  KSecDD - ok
10:59:23.0843 0x047c  [ D6EB4916B203CBE525F8EFF5FD5AB16C, 93C0F25E7D018B85FE8725EF39F25AED80698D39356FA8FC9CA534F68C430EE8 ] lanmanserver    D:\WINDOWS\System32\srvsvc.dll
10:59:23.0921 0x047c  lanmanserver - ok
10:59:23.0968 0x047c  [ C0DB1E9367681ECD7ECCA9615C1D0F9B, 0CB18C35032E39163645C1761A9488639D2EF0643D856FDAA013BFF8A69DC744 ] lanmanworkstation D:\WINDOWS\System32\wkssvc.dll
10:59:24.0062 0x047c  lanmanworkstation - ok
10:59:24.0062 0x047c  lbrtfdc - ok
10:59:24.0125 0x047c  [ 9696786759C4B43FA5C894747E893EA2, 4E68CD3A109EF892F09E2A2E7805A53969B512E7F427A09880E2C2082513929F ] LightScribeService D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
10:59:24.0125 0x047c  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
10:59:24.0125 0x047c  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:59:24.0125 0x047c  Force sending object to P2P due to detect: LightScribeService
10:59:24.0125 0x047c  Object send P2P result: false
10:59:24.0171 0x047c  [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts        D:\WINDOWS\System32\lmhsvc.dll
10:59:24.0250 0x047c  LmHosts - ok
10:59:24.0296 0x047c  [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] MBAMProtector  D:\WINDOWS\system32\drivers\mbam.sys
10:59:24.0296 0x047c  MBAMProtector - ok
10:59:24.0390 0x047c  [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler  D:\Programme\Malwarebam\mbamscheduler.exe
10:59:24.0453 0x047c  MBAMScheduler - ok
10:59:24.0546 0x047c  [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService    D:\Programme\Malwarebam\mbamservice.exe
10:59:24.0609 0x047c  MBAMService - ok
10:59:24.0671 0x047c  [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy  D:\WINDOWS\system32\drivers\49F22E28.sys
10:59:24.0687 0x047c  MBAMSwissArmy - ok
10:59:24.0718 0x047c  [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger      D:\WINDOWS\System32\msgsvc.dll
10:59:24.0796 0x047c  Messenger - ok
10:59:24.0828 0x047c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd          D:\WINDOWS\system32\drivers\mnmdd.sys
10:59:24.0921 0x047c  mnmdd - ok
10:59:24.0968 0x047c  [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc        D:\WINDOWS\system32\mnmsrvc.exe
10:59:25.0031 0x047c  mnmsrvc - ok
10:59:25.0078 0x047c  [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem          D:\WINDOWS\system32\drivers\Modem.sys
10:59:25.0156 0x047c  Modem - ok
10:59:25.0234 0x047c  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt        D:\WINDOWS\system32\drivers\Monfilt.sys
10:59:25.0328 0x047c  Monfilt - ok
10:59:25.0390 0x047c  [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass        D:\WINDOWS\system32\DRIVERS\mouclass.sys
10:59:25.0468 0x047c  Mouclass - ok
10:59:25.0500 0x047c  [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid          D:\WINDOWS\system32\DRIVERS\mouhid.sys
10:59:25.0593 0x047c  mouhid - ok
10:59:25.0609 0x047c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        D:\WINDOWS\system32\drivers\MountMgr.sys
10:59:25.0687 0x047c  MountMgr - ok
10:59:25.0687 0x047c  MozillaMaintenance - ok
10:59:25.0687 0x047c  mraid35x - ok
10:59:25.0703 0x047c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          D:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:59:25.0765 0x047c  MRxDAV - ok
10:59:25.0796 0x047c  [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb          D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:59:25.0890 0x047c  MRxSmb - ok
10:59:25.0921 0x047c  [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC          D:\WINDOWS\system32\msdtc.exe
10:59:26.0000 0x047c  MSDTC - ok
10:59:26.0000 0x047c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            D:\WINDOWS\system32\drivers\Msfs.sys
10:59:26.0078 0x047c  Msfs - ok
10:59:26.0078 0x047c  MSIServer - ok
10:59:26.0125 0x047c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV        D:\WINDOWS\system32\drivers\MSKSSRV.sys
10:59:26.0203 0x047c  MSKSSRV - ok
10:59:26.0203 0x047c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        D:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:59:26.0265 0x047c  MSPCLOCK - ok
10:59:26.0281 0x047c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM          D:\WINDOWS\system32\drivers\MSPQM.sys
10:59:26.0359 0x047c  MSPQM - ok
10:59:26.0375 0x047c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        D:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:59:26.0437 0x047c  mssmbios - ok
10:59:26.0453 0x047c  [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup            D:\WINDOWS\system32\drivers\Mup.sys
10:59:26.0515 0x047c  Mup - ok
10:59:26.0562 0x047c  [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent        D:\WINDOWS\System32\qagentrt.dll
10:59:26.0656 0x047c  napagent - ok
10:59:26.0703 0x047c  NAVENG - ok
10:59:26.0703 0x047c  NAVEX15 - ok
10:59:26.0734 0x047c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            D:\WINDOWS\system32\drivers\NDIS.sys
10:59:26.0812 0x047c  NDIS - ok
10:59:26.0828 0x047c  [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi        D:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:59:26.0906 0x047c  NdisTapi - ok
10:59:26.0921 0x047c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio        D:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:59:26.0984 0x047c  Ndisuio - ok
10:59:27.0000 0x047c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan        D:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:59:27.0062 0x047c  NdisWan - ok
10:59:27.0078 0x047c  [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy        D:\WINDOWS\system32\drivers\NDProxy.sys
10:59:27.0156 0x047c  NDProxy - ok
10:59:27.0171 0x047c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS        D:\WINDOWS\system32\DRIVERS\netbios.sys
10:59:27.0250 0x047c  NetBIOS - ok
10:59:27.0265 0x047c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT          D:\WINDOWS\system32\DRIVERS\netbt.sys
10:59:27.0359 0x047c  NetBT - ok
10:59:27.0390 0x047c  [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE          D:\WINDOWS\system32\netdde.exe
10:59:27.0468 0x047c  NetDDE - ok
10:59:27.0484 0x047c  [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm      D:\WINDOWS\system32\netdde.exe
10:59:27.0546 0x047c  NetDDEdsdm - ok
10:59:27.0609 0x047c  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon        D:\WINDOWS\system32\lsass.exe
10:59:27.0687 0x047c  Netlogon - ok
10:59:27.0718 0x047c  [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman          D:\WINDOWS\System32\netman.dll
10:59:27.0812 0x047c  Netman - ok
10:59:27.0828 0x047c  [ F12B9D9A069331877D006CC81B4735F9, 28EEE4A21412174BE0CAF7B041DAAB8299AA59EA5F6E41B8AFDD1A4DA770C793 ] Nla            D:\WINDOWS\System32\mswsock.dll
10:59:27.0921 0x047c  Nla - ok
10:59:27.0921 0x047c  Norton Internet Security - ok
10:59:27.0953 0x047c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            D:\WINDOWS\system32\drivers\Npfs.sys
10:59:28.0031 0x047c  Npfs - ok
10:59:28.0046 0x047c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            D:\WINDOWS\system32\drivers\Ntfs.sys
10:59:28.0156 0x047c  Ntfs - ok
10:59:28.0171 0x047c  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp        D:\WINDOWS\system32\lsass.exe
10:59:28.0234 0x047c  NtLmSsp - ok
10:59:28.0296 0x047c  [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc        D:\WINDOWS\system32\ntmssvc.dll
10:59:28.0390 0x047c  NtmsSvc - ok
10:59:28.0406 0x047c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            D:\WINDOWS\system32\drivers\Null.sys
10:59:28.0484 0x047c  Null - ok
10:59:28.0531 0x047c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:59:28.0609 0x047c  NwlnkFlt - ok
10:59:28.0609 0x047c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:59:28.0703 0x047c  NwlnkFwd - ok
10:59:28.0781 0x047c  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose            D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
10:59:28.0781 0x047c  ose - ok
10:59:28.0828 0x047c  [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport        D:\WINDOWS\system32\DRIVERS\parport.sys
10:59:28.0906 0x047c  Parport - ok
10:59:28.0921 0x047c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr        D:\WINDOWS\system32\drivers\PartMgr.sys
10:59:29.0000 0x047c  PartMgr - ok
10:59:29.0046 0x047c  [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm          D:\WINDOWS\system32\drivers\ParVdm.sys
10:59:29.0125 0x047c  ParVdm - ok
10:59:29.0140 0x047c  [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI            D:\WINDOWS\system32\DRIVERS\pci.sys
10:59:29.0218 0x047c  PCI - ok
10:59:29.0218 0x047c  PCIDump - ok
10:59:29.0218 0x047c  [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde          D:\WINDOWS\system32\DRIVERS\pciide.sys
10:59:29.0312 0x047c  PCIIde - ok
10:59:29.0328 0x047c  [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia          D:\WINDOWS\system32\drivers\Pcmcia.sys
10:59:29.0421 0x047c  Pcmcia - ok
10:59:29.0421 0x047c  PDCOMP - ok
10:59:29.0421 0x047c  PDFRAME - ok
10:59:29.0437 0x047c  PDRELI - ok
10:59:29.0437 0x047c  PDRFRAME - ok
10:59:29.0437 0x047c  perc2 - ok
10:59:29.0437 0x047c  perc2hib - ok
10:59:29.0468 0x047c  [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] PlugPlay        D:\WINDOWS\system32\services.exe
10:59:29.0546 0x047c  PlugPlay - ok
10:59:29.0546 0x047c  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent    D:\WINDOWS\system32\lsass.exe
10:59:29.0609 0x047c  PolicyAgent - ok
10:59:29.0640 0x047c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    D:\WINDOWS\system32\DRIVERS\raspptp.sys
10:59:29.0718 0x047c  PptpMiniport - ok
10:59:29.0734 0x047c  [ 2CB55427C58679F49AD600FCCBA76360, 2B5242E9637FCB6A7C16F720C9D8D440AA88B61FB5F108B295A208886C01C4D1 ] Processor      D:\WINDOWS\system32\DRIVERS\processr.sys
10:59:29.0812 0x047c  Processor - ok
10:59:29.0812 0x047c  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage D:\WINDOWS\system32\lsass.exe
10:59:29.0890 0x047c  ProtectedStorage - ok
10:59:29.0890 0x047c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          D:\WINDOWS\system32\DRIVERS\psched.sys
10:59:29.0953 0x047c  PSched - ok
10:59:29.0984 0x047c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink        D:\WINDOWS\system32\DRIVERS\ptilink.sys
10:59:30.0078 0x047c  Ptilink - ok
10:59:30.0078 0x047c  ql1080 - ok
10:59:30.0078 0x047c  Ql10wnt - ok
10:59:30.0078 0x047c  ql12160 - ok
10:59:30.0078 0x047c  ql1240 - ok
10:59:30.0093 0x047c  ql1280 - ok
10:59:30.0109 0x047c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          D:\WINDOWS\system32\DRIVERS\rasacd.sys
10:59:30.0187 0x047c  RasAcd - ok
10:59:30.0218 0x047c  [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto        D:\WINDOWS\System32\rasauto.dll
10:59:30.0312 0x047c  RasAuto - ok
10:59:30.0343 0x047c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp        D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:59:30.0421 0x047c  Rasl2tp - ok
10:59:30.0468 0x047c  [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan          D:\WINDOWS\System32\rasmans.dll
10:59:30.0546 0x047c  RasMan - ok
10:59:30.0546 0x047c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        D:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:59:30.0640 0x047c  RasPppoe - ok
10:59:30.0656 0x047c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          D:\WINDOWS\system32\DRIVERS\raspti.sys
10:59:30.0734 0x047c  Raspti - ok
10:59:30.0765 0x047c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss          D:\WINDOWS\system32\DRIVERS\rdbss.sys
10:59:30.0843 0x047c  Rdbss - ok
10:59:30.0859 0x047c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:59:30.0937 0x047c  RDPCDD - ok
10:59:30.0953 0x047c  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr          D:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:59:31.0031 0x047c  rdpdr - ok
10:59:31.0093 0x047c  [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD          D:\WINDOWS\system32\drivers\RDPWD.sys
10:59:31.0156 0x047c  RDPWD - ok
10:59:31.0203 0x047c  [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr      D:\WINDOWS\system32\sessmgr.exe
10:59:31.0281 0x047c  RDSessMgr - ok
10:59:31.0296 0x047c  [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook        D:\WINDOWS\system32\DRIVERS\redbook.sys
10:59:31.0375 0x047c  redbook - ok
10:59:31.0406 0x047c  [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess    D:\WINDOWS\System32\mprdim.dll
10:59:31.0484 0x047c  RemoteAccess - ok
10:59:31.0531 0x047c  [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry  D:\WINDOWS\system32\regsvc.dll
10:59:31.0609 0x047c  RemoteRegistry - ok
10:59:31.0640 0x047c  [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM          D:\WINDOWS\system32\DRIVERS\rfcomm.sys
10:59:31.0703 0x047c  RFCOMM - ok
10:59:31.0750 0x047c  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM      D:\WINDOWS\system32\Drivers\RootMdm.sys
10:59:31.0812 0x047c  ROOTMODEM - ok
10:59:31.0859 0x047c  [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator      D:\WINDOWS\system32\locator.exe
10:59:31.0937 0x047c  RpcLocator - ok
10:59:31.0968 0x047c  [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] RpcSs          D:\WINDOWS\system32\rpcss.dll
10:59:32.0062 0x047c  RpcSs - ok
10:59:32.0078 0x047c  [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP            D:\WINDOWS\system32\rsvp.exe
10:59:32.0156 0x047c  RSVP - ok
10:59:32.0312 0x047c  [ 1674A34F0084BFFDEC2DCDB1625A87F0, 139F0F18779009EBDD72AEFCC8395B0F818A197E7B1D624896D88D7399026281 ] RTHDMIAzAudService D:\WINDOWS\system32\drivers\RtKHDMI.sys
10:59:32.0468 0x047c  RTHDMIAzAudService - ok
10:59:32.0484 0x047c  [ 00FD6811350E175585ABCF7D4A61DD90, 00B54CB6547E47E6A2B8AE4BB220E68BBFECF2188CB7DFE651B50F7FE6AC7E9D ] RTLE8023xp      D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:59:32.0515 0x047c  RTLE8023xp - ok
10:59:32.0546 0x047c  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs          D:\WINDOWS\system32\lsass.exe
10:59:32.0609 0x047c  SamSs - ok
10:59:32.0640 0x047c  [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr        D:\WINDOWS\System32\SCardSvr.exe
10:59:32.0718 0x047c  SCardSvr - ok
10:59:32.0765 0x047c  [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule        D:\WINDOWS\system32\schedsvc.dll
10:59:32.0859 0x047c  Schedule - ok
10:59:32.0890 0x047c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          D:\WINDOWS\system32\DRIVERS\secdrv.sys
10:59:32.0953 0x047c  Secdrv - ok
10:59:32.0984 0x047c  [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon        D:\WINDOWS\System32\seclogon.dll
10:59:33.0062 0x047c  seclogon - ok
10:59:33.0078 0x047c  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS            D:\WINDOWS\system32\sens.dll
10:59:33.0140 0x047c  SENS - ok
10:59:33.0187 0x047c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum        D:\WINDOWS\system32\DRIVERS\serenum.sys
10:59:33.0250 0x047c  serenum - ok
10:59:33.0265 0x047c  [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial          D:\WINDOWS\system32\DRIVERS\serial.sys
10:59:33.0359 0x047c  Serial - ok
10:59:33.0375 0x047c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy        D:\WINDOWS\system32\drivers\Sfloppy.sys
10:59:33.0437 0x047c  Sfloppy - ok
10:59:33.0484 0x047c  [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess    D:\WINDOWS\System32\ipnathlp.dll
10:59:33.0578 0x047c  SharedAccess - ok
10:59:33.0593 0x047c  [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] ShellHWDetection D:\WINDOWS\System32\shsvcs.dll
10:59:33.0671 0x047c  ShellHWDetection - ok
10:59:33.0687 0x047c  Simbad - ok
10:59:33.0687 0x047c  Sparrow - ok
10:59:33.0734 0x047c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        D:\WINDOWS\system32\drivers\splitter.sys
10:59:33.0812 0x047c  splitter - ok
10:59:33.0843 0x047c  [ 39356A9CDB6753A6D13A4072A9F5A4BB, 7E41478460B0FFE7606F245B74AD60244816F4523FD4355C26BADF724BCE6575 ] Spooler        D:\WINDOWS\system32\spoolsv.exe
10:59:33.0921 0x047c  Spooler - ok
10:59:33.0937 0x047c  [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr              D:\WINDOWS\system32\DRIVERS\sr.sys
10:59:34.0000 0x047c  sr - ok
10:59:34.0015 0x047c  [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice      D:\WINDOWS\system32\srsvc.dll
10:59:34.0093 0x047c  srservice - ok
10:59:34.0109 0x047c  SRTSP - ok
10:59:34.0109 0x047c  SRTSPX - ok
10:59:34.0156 0x047c  [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] Srv            D:\WINDOWS\system32\DRIVERS\srv.sys
10:59:34.0250 0x047c  Srv - ok
10:59:34.0281 0x047c  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV        D:\WINDOWS\System32\ssdpsrv.dll
10:59:34.0359 0x047c  SSDPSRV - ok
10:59:34.0390 0x047c  [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc          D:\WINDOWS\system32\wiaservc.dll
10:59:34.0484 0x047c  stisvc - ok
10:59:34.0515 0x047c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          D:\WINDOWS\system32\DRIVERS\swenum.sys
10:59:34.0593 0x047c  swenum - ok
10:59:34.0609 0x047c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          D:\WINDOWS\system32\drivers\swmidi.sys
10:59:34.0687 0x047c  swmidi - ok
10:59:34.0687 0x047c  SwPrv - ok
10:59:34.0703 0x047c  symc810 - ok
10:59:34.0703 0x047c  symc8xx - ok
10:59:34.0703 0x047c  sym_hi - ok
10:59:34.0703 0x047c  sym_u3 - ok
10:59:34.0718 0x047c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        D:\WINDOWS\system32\drivers\sysaudio.sys
10:59:34.0796 0x047c  sysaudio - ok
10:59:34.0843 0x047c  [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog      D:\WINDOWS\system32\smlogsvc.exe
10:59:34.0921 0x047c  SysmonLog - ok
10:59:34.0953 0x047c  [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv        D:\WINDOWS\System32\tapisrv.dll
10:59:35.0015 0x047c  TapiSrv - ok
10:59:35.0078 0x047c  [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] Tcpip          D:\WINDOWS\system32\DRIVERS\tcpip.sys
10:59:35.0156 0x047c  Tcpip - ok
10:59:35.0187 0x047c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          D:\WINDOWS\system32\drivers\TDPIPE.sys
10:59:35.0265 0x047c  TDPIPE - ok
10:59:35.0281 0x047c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP          D:\WINDOWS\system32\drivers\TDTCP.sys
10:59:35.0375 0x047c  TDTCP - ok
10:59:35.0390 0x047c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          D:\WINDOWS\system32\DRIVERS\termdd.sys
10:59:35.0453 0x047c  TermDD - ok
10:59:35.0500 0x047c  [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService    D:\WINDOWS\System32\termsrv.dll
10:59:35.0593 0x047c  TermService - ok
10:59:35.0609 0x047c  [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] Themes          D:\WINDOWS\System32\shsvcs.dll
10:59:35.0687 0x047c  Themes - ok
10:59:35.0703 0x047c  [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr        D:\WINDOWS\system32\tlntsvr.exe
10:59:35.0781 0x047c  TlntSvr - ok
10:59:35.0781 0x047c  TosIde - ok
10:59:35.0812 0x047c  [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks          D:\WINDOWS\system32\trkwks.dll
10:59:35.0906 0x047c  TrkWks - ok
10:59:35.0937 0x047c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            D:\WINDOWS\system32\drivers\Udfs.sys
10:59:36.0031 0x047c  Udfs - ok
10:59:36.0031 0x047c  ultra - ok
10:59:36.0078 0x047c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          D:\WINDOWS\system32\DRIVERS\update.sys
10:59:36.0171 0x047c  Update - ok
10:59:36.0187 0x047c  [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost        D:\WINDOWS\System32\upnphost.dll
10:59:36.0281 0x047c  upnphost - ok
10:59:36.0296 0x047c  [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS            D:\WINDOWS\System32\ups.exe
10:59:36.0375 0x047c  UPS - ok
10:59:36.0421 0x047c  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp        D:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:59:36.0500 0x047c  usbccgp - ok
10:59:36.0546 0x047c  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci        D:\WINDOWS\system32\DRIVERS\usbehci.sys
10:59:36.0625 0x047c  usbehci - ok
10:59:36.0640 0x047c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          D:\WINDOWS\system32\DRIVERS\usbhub.sys
10:59:36.0718 0x047c  usbhub - ok
10:59:36.0734 0x047c  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci        D:\WINDOWS\system32\DRIVERS\usbohci.sys
10:59:36.0812 0x047c  usbohci - ok
10:59:36.0859 0x047c  [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan        D:\WINDOWS\system32\DRIVERS\usbscan.sys
10:59:36.0921 0x047c  usbscan - ok
10:59:36.0968 0x047c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor        D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:59:37.0031 0x047c  usbstor - ok
10:59:37.0078 0x047c  [ 51750B0539986186C6931FC40D171521, 8288954D1393D8D3EEECDF79A73FB82E19B03B67022AFE9C20E99134E6E4C8BF ] VComm          D:\WINDOWS\system32\DRIVERS\VComm.sys
10:59:37.0078 0x047c  VComm - ok
10:59:37.0093 0x047c  [ 6D9C891C0A761AFED1F3609C2E56F2B9, 53A528AB64CE5567C05194D006F066E8ABA572DCF305A42A5915EFE66A127BDA ] VcommMgr        D:\WINDOWS\system32\Drivers\VcommMgr.sys
10:59:37.0109 0x047c  VcommMgr - ok
10:59:37.0109 0x047c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave        D:\WINDOWS\System32\drivers\vga.sys
10:59:37.0187 0x047c  VgaSave - ok
10:59:37.0187 0x047c  ViaIde - ok
10:59:37.0234 0x047c  [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap        D:\WINDOWS\system32\drivers\VolSnap.sys
10:59:37.0312 0x047c  VolSnap - ok
10:59:37.0359 0x047c  [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS            D:\WINDOWS\System32\vssvc.exe
10:59:37.0453 0x047c  VSS - ok
10:59:37.0468 0x047c  [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time        D:\WINDOWS\system32\w32time.dll
10:59:37.0546 0x047c  W32Time - ok
10:59:37.0593 0x047c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          D:\WINDOWS\system32\DRIVERS\wanarp.sys
10:59:37.0656 0x047c  Wanarp - ok
10:59:37.0656 0x047c  WDICA - ok
10:59:37.0687 0x047c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          D:\WINDOWS\system32\drivers\wdmaud.sys
10:59:37.0765 0x047c  wdmaud - ok
10:59:37.0812 0x047c  [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient      D:\WINDOWS\System32\webclnt.dll
10:59:37.0890 0x047c  WebClient - ok
10:59:37.0984 0x047c  [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt        D:\WINDOWS\system32\wbem\WMIsvc.dll
10:59:38.0062 0x047c  winmgmt - ok
10:59:38.0093 0x047c  [ 6E18978B749F0696A774DE3F2CB142DD, 4BBE31A78F6CF474A4CFDBB7C365DE058247F8BFA21F7E563111E84D8937BC26 ] WmdmPmSN        D:\WINDOWS\system32\mspmsnsv.dll
10:59:38.0187 0x047c  WmdmPmSN - ok
10:59:38.0234 0x047c  [ 53E1CCF332A2F40B5E08476921CD8B44, BBD472701811695EB8BD06CB3DFAF07D2632E1D271B387395455FE9B274CB470 ] Wmi            D:\WINDOWS\System32\advapi32.dll
10:59:38.0375 0x047c  Wmi - ok
10:59:38.0421 0x047c  [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv        D:\WINDOWS\system32\wbem\wmiapsrv.exe
10:59:38.0500 0x047c  WmiApSrv - ok
10:59:38.0546 0x047c  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL        D:\WINDOWS\System32\drivers\ws2ifsl.sys
10:59:38.0609 0x047c  WS2IFSL - ok
10:59:38.0640 0x047c  [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc          D:\WINDOWS\system32\wscsvc.dll
10:59:38.0734 0x047c  wscsvc - ok
10:59:38.0750 0x047c  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv        D:\WINDOWS\system32\wuauserv.dll
10:59:38.0843 0x047c  wuauserv - ok
10:59:38.0906 0x047c  [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC          D:\WINDOWS\System32\wzcsvc.dll
10:59:39.0000 0x047c  WZCSVC - ok
10:59:39.0031 0x047c  [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov        D:\WINDOWS\System32\xmlprov.dll
10:59:39.0140 0x047c  xmlprov - ok
10:59:39.0156 0x047c  ================ Scan global ===============================
10:59:39.0187 0x047c  [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] D:\WINDOWS\system32\basesrv.dll
10:59:39.0218 0x047c  [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] D:\WINDOWS\system32\winsrv.dll
10:59:39.0234 0x047c  [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] D:\WINDOWS\system32\winsrv.dll
10:59:39.0265 0x047c  [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] D:\WINDOWS\system32\services.exe
10:59:39.0265 0x047c  [ Global ] - ok
10:59:39.0265 0x047c  ================ Scan MBR ==================================
10:59:39.0281 0x047c  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
10:59:39.0468 0x047c  \Device\Harddisk0\DR0 - ok
10:59:39.0468 0x047c  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR3
10:59:39.0640 0x047c  \Device\Harddisk1\DR3 - ok
10:59:39.0640 0x047c  ================ Scan VBR ==================================
10:59:39.0640 0x047c  [ EEA1061F0EF31F4EDA64FCBE1BD45D45 ] \Device\Harddisk0\DR0\Partition1
10:59:39.0640 0x047c  \Device\Harddisk0\DR0\Partition1 - ok
10:59:39.0640 0x047c  [ B4F7B80D6A8D52769E63625C7E1C6299 ] \Device\Harddisk0\DR0\Partition2
10:59:39.0640 0x047c  \Device\Harddisk0\DR0\Partition2 - ok
10:59:39.0656 0x047c  [ 6DFADFDD660A63A9B2ED9DB87BF4ABC7 ] \Device\Harddisk1\DR3\Partition1
10:59:39.0656 0x047c  \Device\Harddisk1\DR3\Partition1 - ok
10:59:39.0656 0x047c  ================ Scan active images ========================
10:59:39.0656 0x047c  [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] D:\WINDOWS\system32\drivers\AmdPPM.sys
10:59:39.0656 0x047c  D:\WINDOWS\system32\drivers\AmdPPM.sys - ok
10:59:39.0656 0x047c  [ 15B2FE76E2ECEB98C49ED52311A6F26F, E917AEBD221BF2DB217C111F256033FDA2B28FE55C7E87DAD4A16B84E3FD9398 ] D:\WINDOWS\system32\drivers\ati2mtag.sys
10:59:39.0656 0x047c  D:\WINDOWS\system32\drivers\ati2mtag.sys - ok
10:59:39.0656 0x047c  [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] D:\WINDOWS\system32\drivers\videoprt.sys
10:59:39.0656 0x047c  D:\WINDOWS\system32\drivers\videoprt.sys - ok
10:59:39.0656 0x047c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] D:\WINDOWS\system32\drivers\hdaudbus.sys
10:59:39.0656 0x047c  D:\WINDOWS\system32\drivers\hdaudbus.sys - ok
10:59:39.0671 0x047c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] D:\WINDOWS\system32\drivers\imapi.sys
10:59:39.0671 0x047c  D:\WINDOWS\system32\drivers\imapi.sys - ok
10:59:39.0671 0x047c  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] D:\WINDOWS\system32\drivers\afc.sys
10:59:39.0671 0x047c  D:\WINDOWS\system32\drivers\afc.sys - ok
10:59:39.0671 0x047c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] D:\WINDOWS\system32\drivers\cdrom.sys
10:59:39.0671 0x047c  D:\WINDOWS\system32\drivers\cdrom.sys - ok
10:59:39.0671 0x047c  [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] D:\WINDOWS\system32\drivers\ks.sys
10:59:39.0671 0x047c  D:\WINDOWS\system32\drivers\ks.sys - ok
10:59:39.0671 0x047c  [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] D:\WINDOWS\system32\drivers\redbook.sys
10:59:39.0671 0x047c  D:\WINDOWS\system32\drivers\redbook.sys - ok
10:59:39.0687 0x047c  [ 791912E524CC2CC6F50B5F2B52D1EB71, 2B269372E5B39B03089F781CC69AE519D1C840A80ADBE15EA3787FBCDE97F1A8 ] D:\WINDOWS\system32\drivers\usbport.sys
10:59:39.0687 0x047c  D:\WINDOWS\system32\drivers\usbport.sys - ok
10:59:39.0687 0x047c  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] D:\WINDOWS\system32\drivers\usbehci.sys
10:59:39.0687 0x047c  D:\WINDOWS\system32\drivers\usbehci.sys - ok
10:59:39.0687 0x047c  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] D:\WINDOWS\system32\drivers\usbohci.sys
10:59:39.0687 0x047c  D:\WINDOWS\system32\drivers\usbohci.sys - ok
10:59:39.0687 0x047c  [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] D:\WINDOWS\system32\drivers\parport.sys
10:59:39.0687 0x047c  D:\WINDOWS\system32\drivers\parport.sys - ok
10:59:39.0687 0x047c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] D:\WINDOWS\system32\drivers\serenum.sys
10:59:39.0687 0x047c  D:\WINDOWS\system32\drivers\serenum.sys - ok
10:59:39.0703 0x047c  [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] D:\WINDOWS\system32\drivers\serial.sys
10:59:39.0703 0x047c  D:\WINDOWS\system32\drivers\serial.sys - ok
10:59:39.0703 0x047c  [ 6D9C891C0A761AFED1F3609C2E56F2B9, 53A528AB64CE5567C05194D006F066E8ABA572DCF305A42A5915EFE66A127BDA ] D:\WINDOWS\system32\drivers\VcommMgr.sys
10:59:39.0703 0x047c  D:\WINDOWS\system32\drivers\VcommMgr.sys - ok
10:59:39.0703 0x047c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] D:\WINDOWS\system32\drivers\audstub.sys
10:59:39.0703 0x047c  D:\WINDOWS\system32\drivers\audstub.sys - ok
10:59:39.0703 0x047c  [ 852A1BD08E7DFEB9E30B5440881C0501, 92D3F82A29D4466706DA0A30921B4AE5D67F08C2C4EF362EDB1A2D254A5AF068 ] D:\WINDOWS\system32\drivers\blueletaudio.sys
10:59:39.0703 0x047c  D:\WINDOWS\system32\drivers\blueletaudio.sys - ok
10:59:39.0703 0x047c  [ 8FC27B12A02B43947787F0EF1885DF9B, 1C0A44406FCD78BB6410140512B2165F974CD1837400A818529E4054A358E7BF ] D:\WINDOWS\system32\drivers\BlueletSCOAudio.sys
10:59:39.0703 0x047c  D:\WINDOWS\system32\drivers\BlueletSCOAudio.sys - ok
10:59:39.0718 0x047c  [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] D:\WINDOWS\system32\drivers\drmk.sys
10:59:39.0718 0x047c  D:\WINDOWS\system32\drivers\drmk.sys - ok
10:59:39.0718 0x047c  [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] D:\WINDOWS\system32\drivers\portcls.sys
10:59:39.0718 0x047c  D:\WINDOWS\system32\drivers\portcls.sys - ok
10:59:39.0718 0x047c  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] D:\WINDOWS\system32\drivers\rootmdm.sys
10:59:39.0718 0x047c  D:\WINDOWS\system32\drivers\rootmdm.sys - ok
10:59:39.0718 0x047c  [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] D:\WINDOWS\system32\drivers\modem.sys
10:59:39.0718 0x047c  D:\WINDOWS\system32\drivers\modem.sys - ok
10:59:39.0734 0x047c  [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] D:\WINDOWS\system32\drivers\ndistapi.sys
10:59:39.0734 0x047c  D:\WINDOWS\system32\drivers\ndistapi.sys - ok
10:59:39.0734 0x047c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] D:\WINDOWS\system32\drivers\ndiswan.sys
10:59:39.0734 0x047c  D:\WINDOWS\system32\drivers\ndiswan.sys - ok
10:59:39.0734 0x047c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] D:\WINDOWS\system32\drivers\rasl2tp.sys
10:59:39.0734 0x047c  D:\WINDOWS\system32\drivers\rasl2tp.sys - ok
10:59:39.0734 0x047c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] D:\WINDOWS\system32\drivers\raspppoe.sys
10:59:39.0734 0x047c  D:\WINDOWS\system32\drivers\raspppoe.sys - ok
10:59:39.0734 0x047c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] D:\WINDOWS\system32\drivers\msgpc.sys
10:59:39.0734 0x047c  D:\WINDOWS\system32\drivers\msgpc.sys - ok
10:59:39.0750 0x047c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] D:\WINDOWS\system32\drivers\psched.sys
10:59:39.0750 0x047c  D:\WINDOWS\system32\drivers\psched.sys - ok
10:59:39.0750 0x047c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] D:\WINDOWS\system32\drivers\raspptp.sys
10:59:39.0750 0x047c  D:\WINDOWS\system32\drivers\raspptp.sys - ok
10:59:39.0750 0x047c  [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] D:\WINDOWS\system32\drivers\tdi.sys
10:59:39.0750 0x047c  D:\WINDOWS\system32\drivers\tdi.sys - ok
10:59:39.0750 0x047c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] D:\WINDOWS\system32\drivers\ptilink.sys
10:59:39.0750 0x047c  D:\WINDOWS\system32\drivers\ptilink.sys - ok
10:59:39.0750 0x047c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] D:\WINDOWS\system32\drivers\raspti.sys
10:59:39.0750 0x047c  D:\WINDOWS\system32\drivers\raspti.sys - ok
10:59:39.0765 0x047c  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] D:\WINDOWS\system32\drivers\rdpdr.sys
10:59:39.0765 0x047c  D:\WINDOWS\system32\drivers\rdpdr.sys - ok
10:59:39.0765 0x047c  [ 51750B0539986186C6931FC40D171521, 8288954D1393D8D3EEECDF79A73FB82E19B03B67022AFE9C20E99134E6E4C8BF ] D:\WINDOWS\system32\drivers\VComm.sys
10:59:39.0765 0x047c  D:\WINDOWS\system32\drivers\VComm.sys - ok
10:59:39.0765 0x047c  [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] D:\WINDOWS\system32\drivers\kbdclass.sys
10:59:39.0765 0x047c  D:\WINDOWS\system32\drivers\kbdclass.sys - ok
10:59:39.0765 0x047c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] D:\WINDOWS\system32\drivers\termdd.sys
10:59:39.0765 0x047c  D:\WINDOWS\system32\drivers\termdd.sys - ok
10:59:39.0781 0x047c  [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] D:\WINDOWS\system32\drivers\mouclass.sys
10:59:39.0781 0x047c  D:\WINDOWS\system32\drivers\mouclass.sys - ok
10:59:39.0781 0x047c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] D:\WINDOWS\system32\drivers\swenum.sys
10:59:39.0781 0x047c  D:\WINDOWS\system32\drivers\swenum.sys - ok
10:59:39.0781 0x047c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] D:\WINDOWS\system32\drivers\mssmbios.sys
10:59:39.0781 0x047c  D:\WINDOWS\system32\drivers\mssmbios.sys - ok
10:59:39.0781 0x047c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] D:\WINDOWS\system32\drivers\update.sys
10:59:39.0781 0x047c  D:\WINDOWS\system32\drivers\update.sys - ok
10:59:39.0781 0x047c  [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] D:\WINDOWS\system32\drivers\ndproxy.sys
10:59:39.0781 0x047c  D:\WINDOWS\system32\drivers\ndproxy.sys - ok
10:59:39.0796 0x047c  [ 1674A34F0084BFFDEC2DCDB1625A87F0, 139F0F18779009EBDD72AEFCC8395B0F818A197E7B1D624896D88D7399026281 ] D:\WINDOWS\system32\drivers\RtKHDMI.sys
10:59:39.0796 0x047c  D:\WINDOWS\system32\drivers\RtKHDMI.sys - ok
10:59:39.0796 0x047c  [ 596EB39B50D6EBD9B734DC4AE0544693, EFCA2CFFFB8467BAC63F5174F125FEEFFA1F29491285C5BF99B3A2B2A6A25934 ] D:\WINDOWS\system32\drivers\usbd.sys
10:59:39.0796 0x047c  D:\WINDOWS\system32\drivers\usbd.sys - ok
10:59:39.0796 0x047c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] D:\WINDOWS\system32\drivers\usbhub.sys
10:59:39.0796 0x047c  D:\WINDOWS\system32\drivers\usbhub.sys - ok
10:59:39.0796 0x047c  [ 0C5A04F0FFAEBC25AC815EE14441A8CB, 1A140EFBAC42370180830543F765780508176CAD342541843F54F2B2BCFBD102 ] D:\WINDOWS\system32\drivers\RtkHDAud.sys
10:59:39.0796 0x047c  D:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
10:59:39.0812 0x047c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] D:\WINDOWS\system32\drivers\fdc.sys
10:59:39.0812 0x047c  D:\WINDOWS\system32\drivers\fdc.sys - ok
10:59:39.0812 0x047c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] D:\WINDOWS\system32\drivers\beep.sys
10:59:39.0812 0x047c  D:\WINDOWS\system32\drivers\beep.sys - ok
10:59:39.0812 0x047c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] D:\WINDOWS\system32\drivers\cdaudio.sys
10:59:39.0812 0x047c  D:\WINDOWS\system32\drivers\cdaudio.sys - ok
10:59:39.0812 0x047c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] D:\WINDOWS\system32\drivers\flpydisk.sys
10:59:39.0812 0x047c  D:\WINDOWS\system32\drivers\flpydisk.sys - ok
10:59:39.0812 0x047c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] D:\WINDOWS\system32\drivers\fs_rec.sys
10:59:39.0812 0x047c  D:\WINDOWS\system32\drivers\fs_rec.sys - ok
10:59:39.0828 0x047c  [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] D:\WINDOWS\system32\drivers\i8042prt.sys
10:59:39.0828 0x047c  D:\WINDOWS\system32\drivers\i8042prt.sys - ok
10:59:39.0828 0x047c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] D:\WINDOWS\system32\drivers\null.sys
10:59:39.0828 0x047c  D:\WINDOWS\system32\drivers\null.sys - ok
10:59:39.0828 0x047c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] D:\WINDOWS\system32\drivers\sfloppy.sys
10:59:39.0828 0x047c  D:\WINDOWS\system32\drivers\sfloppy.sys - ok
10:59:39.0828 0x047c  [ 96ECCF28FDBF1B2CC12725818A63628D, 0F25069EE8A44B6F4B18F82F384D404CC1776A2AFC5032D9ED19CE36FF2A61DC ] D:\WINDOWS\system32\drivers\hidparse.sys
10:59:39.0828 0x047c  D:\WINDOWS\system32\drivers\hidparse.sys - ok
10:59:39.0843 0x047c  [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] D:\WINDOWS\system32\drivers\kbdhid.sys
10:59:39.0843 0x047c  D:\WINDOWS\system32\drivers\kbdhid.sys - ok
10:59:39.0843 0x047c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] D:\WINDOWS\system32\drivers\mnmdd.sys
10:59:39.0843 0x047c  D:\WINDOWS\system32\drivers\mnmdd.sys - ok
10:59:39.0843 0x047c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] D:\WINDOWS\system32\drivers\vga.sys
10:59:39.0843 0x047c  D:\WINDOWS\system32\drivers\vga.sys - ok
10:59:39.0843 0x047c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] D:\WINDOWS\system32\drivers\msfs.sys
10:59:39.0843 0x047c  D:\WINDOWS\system32\drivers\msfs.sys - ok
10:59:39.0843 0x047c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] D:\WINDOWS\system32\drivers\rdpcdd.sys
10:59:39.0843 0x047c  D:\WINDOWS\system32\drivers\rdpcdd.sys - ok
10:59:39.0859 0x047c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] D:\WINDOWS\system32\drivers\ipsec.sys
10:59:39.0859 0x047c  D:\WINDOWS\system32\drivers\ipsec.sys - ok
10:59:39.0859 0x047c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] D:\WINDOWS\system32\drivers\npfs.sys
10:59:39.0859 0x047c  D:\WINDOWS\system32\drivers\npfs.sys - ok
10:59:39.0859 0x047c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] D:\WINDOWS\system32\drivers\rasacd.sys
10:59:39.0859 0x047c  D:\WINDOWS\system32\drivers\rasacd.sys - ok
10:59:39.0859 0x047c  [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] D:\WINDOWS\system32\drivers\tcpip.sys
10:59:39.0859 0x047c  D:\WINDOWS\system32\drivers\tcpip.sys - ok
10:59:39.0859 0x047c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] D:\WINDOWS\system32\drivers\netbt.sys
10:59:39.0859 0x047c  D:\WINDOWS\system32\drivers\netbt.sys - ok
10:59:39.0875 0x047c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] D:\WINDOWS\system32\drivers\ipnat.sys
10:59:39.0875 0x047c  D:\WINDOWS\system32\drivers\ipnat.sys - ok
10:59:39.0875 0x047c  [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] D:\WINDOWS\system32\drivers\afd.sys
10:59:39.0875 0x047c  D:\WINDOWS\system32\drivers\afd.sys - ok
10:59:39.0875 0x047c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] D:\WINDOWS\system32\drivers\netbios.sys
10:59:39.0875 0x047c  D:\WINDOWS\system32\drivers\netbios.sys - ok
10:59:39.0875 0x047c  [ 2CB55427C58679F49AD600FCCBA76360, 2B5242E9637FCB6A7C16F720C9D8D440AA88B61FB5F108B295A208886C01C4D1 ] D:\WINDOWS\system32\drivers\processr.sys
10:59:39.0875 0x047c  D:\WINDOWS\system32\drivers\processr.sys - ok
10:59:39.0875 0x047c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] D:\WINDOWS\system32\drivers\wanarp.sys
10:59:39.0875 0x047c  D:\WINDOWS\system32\drivers\wanarp.sys - ok
10:59:39.0890 0x047c  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] D:\WINDOWS\system32\drivers\ws2ifsl.sys
10:59:39.0890 0x047c  D:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
10:59:39.0890 0x047c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] D:\WINDOWS\system32\drivers\rdbss.sys
10:59:39.0890 0x047c  D:\WINDOWS\system32\drivers\rdbss.sys - ok
10:59:39.0890 0x047c  [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] D:\WINDOWS\system32\drivers\mrxsmb.sys
10:59:39.0890 0x047c  D:\WINDOWS\system32\drivers\mrxsmb.sys - ok
10:59:39.0890 0x047c  [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] D:\WINDOWS\system32\drivers\fips.sys
10:59:39.0890 0x047c  D:\WINDOWS\system32\drivers\fips.sys - ok
10:59:39.0906 0x047c  [ 95092EFBE367A108ECDD5D6E439754C3, 82B3041AFC520243B0D1E6DB5FF908771BB0DE86B8FCB1514B2C1E25ADCA95B1 ] D:\WINDOWS\system32\ntdll.dll
10:59:39.0906 0x047c  D:\WINDOWS\system32\ntdll.dll - ok
10:59:39.0906 0x047c  [ B3EFDE4B2CC3AC949BCDE7A89712AFCF, EE1A3E5F7324E0169F42683E698B74AA72459BE817E5512BD7319F488E39D3B8 ] D:\WINDOWS\system32\smss.exe
10:59:39.0906 0x047c  D:\WINDOWS\system32\smss.exe - ok
10:59:39.0906 0x047c  [ 813DB4805C6EF1D8A86EAF530597EAB7, 445E6ECBA0DB169B52B68CC05ACD3E5F2D69CE6F06FD31667247FC17D24C1EDF ] D:\WINDOWS\system32\autochk.exe
10:59:39.0906 0x047c  D:\WINDOWS\system32\autochk.exe - ok
10:59:39.0906 0x047c  [ 5251425B86EA4A3532B8BB8D14044E61, 3A5F57DA2C2B4C1BA5B5B356379D0B12C358EA76642856DD607422B656EF4985 ] D:\WINDOWS\system32\sfcfiles.dll
10:59:39.0906 0x047c  D:\WINDOWS\system32\sfcfiles.dll - ok
10:59:39.0906 0x047c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] D:\WINDOWS\system32\drivers\cdfs.sys
10:59:39.0906 0x047c  D:\WINDOWS\system32\drivers\cdfs.sys - ok
10:59:39.0921 0x047c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] D:\WINDOWS\system32\drivers\usbstor.sys
10:59:39.0921 0x047c  D:\WINDOWS\system32\drivers\usbstor.sys - ok
10:59:39.0921 0x047c  [ 1AF592532532A402ED7C060F6954004F, 84A55432A7FBBD1B84FF8DD1BD84266747E4A88297BDAA84AAD12F13B848BFF2 ] D:\WINDOWS\system32\drivers\hidclass.sys
10:59:39.0921 0x047c  D:\WINDOWS\system32\drivers\hidclass.sys - ok
10:59:39.0921 0x047c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] D:\WINDOWS\system32\drivers\hidusb.sys
10:59:39.0921 0x047c  D:\WINDOWS\system32\drivers\hidusb.sys - ok
10:59:39.0921 0x047c  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] D:\WINDOWS\system32\drivers\usbccgp.sys
10:59:39.0921 0x047c  D:\WINDOWS\system32\drivers\usbccgp.sys - ok
10:59:39.0921 0x047c  [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] D:\WINDOWS\system32\drivers\mouhid.sys
10:59:39.0921 0x047c  D:\WINDOWS\system32\drivers\mouhid.sys - ok
10:59:39.0937 0x047c  [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] D:\WINDOWS\system32\drivers\dxapi.sys
10:59:39.0937 0x047c  D:\WINDOWS\system32\drivers\dxapi.sys - ok
10:59:39.0937 0x047c  [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] D:\WINDOWS\system32\watchdog.sys
10:59:39.0937 0x047c  D:\WINDOWS\system32\watchdog.sys - ok
10:59:39.0937 0x047c  [ 261BC0644BEFEF7D3DB5E45D244866FA, 8A55EB0C9D849B41A7902BEF94BAD759654AE70ABD5D1A7CFF68AA9A831823B1 ] D:\WINDOWS\system32\win32k.sys
10:59:39.0937 0x047c  D:\WINDOWS\system32\win32k.sys - ok
10:59:39.0937 0x047c  [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] D:\WINDOWS\system32\basesrv.dll
10:59:39.0937 0x047c  D:\WINDOWS\system32\basesrv.dll - ok
10:59:39.0953 0x047c  [ D192E1ECA15213F90601FF4DF5683C15, 6AED1CFE6190A12171A97E1BC333E99ECEC891F0E86DE74C32A640025359AA8B ] D:\WINDOWS\system32\csrsrv.dll
10:59:39.0953 0x047c  D:\WINDOWS\system32\csrsrv.dll - ok
10:59:39.0953 0x047c  [ 9B22AAE3566AEFEE33CE498DBE0D2FD2, C2AD4DA8DB58BE4DB12FE93451F24D3070C591BB4E8D56FA1505A7CD3BAD6E4D ] D:\WINDOWS\system32\csrss.exe
10:59:39.0953 0x047c  D:\WINDOWS\system32\csrss.exe - ok
10:59:39.0953 0x047c  [ ADDA37626598A6F5ED786195EAC26A4F, 5484A37A3E5265DCE0D2AB4C6A3F0D6E7A3F8BD482BCF9E473DA414483AC7861 ] D:\WINDOWS\system32\gdi32.dll
10:59:39.0953 0x047c  D:\WINDOWS\system32\gdi32.dll - ok
10:59:39.0953 0x047c  [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] D:\WINDOWS\system32\winsrv.dll
10:59:39.0953 0x047c  D:\WINDOWS\system32\winsrv.dll - ok
10:59:39.0953 0x047c  [ 4C897C69754D88F496339B1A666907C1, 39C9F8330E87D81EC3955E8D41218CC0EB1799915A13F3ADCED5A0E4DA596949 ] D:\WINDOWS\system32\kernel32.dll
10:59:39.0953 0x047c  D:\WINDOWS\system32\kernel32.dll - ok
10:59:39.0968 0x047c  [ B0050CC5340E3A0760DD8B417FF7AEBD, 340C042C78E55824F2D84D83E03E6C5CA0F44B329245AC2F4C034F2CB4306F53 ] D:\WINDOWS\system32\user32.dll
10:59:39.0968 0x047c  D:\WINDOWS\system32\user32.dll - ok
10:59:39.0968 0x047c  [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] D:\WINDOWS\system32\drivers\dxg.sys
10:59:39.0968 0x047c  D:\WINDOWS\system32\drivers\dxg.sys - ok
10:59:39.0968 0x047c  [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] D:\WINDOWS\system32\drivers\dxgthk.sys
10:59:39.0968 0x047c  D:\WINDOWS\system32\drivers\dxgthk.sys - ok
10:59:39.0968 0x047c  [ A06014D0934F17FA5A567FAEB42118D9, 5F25A45975301B8E8012C8A665814A1D95BD4516E2AEBC8E6588B7264C702B35 ] D:\WINDOWS\system32\ati2dvag.dll
10:59:39.0968 0x047c  D:\WINDOWS\system32\ati2dvag.dll - ok
10:59:39.0968 0x047c  [ BEF558BEDEC2B5F2728D0AAE8EDBDC20, 9F14F75A3A0FA608E5CD0CBB98D86627E8287CC55E1F74BA9D0C0C5F9D7BC752 ] D:\WINDOWS\system32\ati2cqag.dll
10:59:39.0968 0x047c  D:\WINDOWS\system32\ati2cqag.dll - ok
10:59:39.0984 0x047c  [ 44F99CA575CEEBA6819578C4F170FCAC, 49B1223095F9DF3374C8A80C57D59D2C57F9877AD721259C058DE9233C00A7D0 ] D:\WINDOWS\system32\atikvmag.dll
10:59:39.0984 0x047c  D:\WINDOWS\system32\atikvmag.dll - ok
10:59:39.0984 0x047c  [ 95C6B8206B8A55D89CD517675583AA4B, 1ACD1B84C93DE18921AC6B5765FAA9B3577420FCA9047A7BEC6017D4208C3415 ] D:\WINDOWS\system32\vga.dll
10:59:39.0984 0x047c  D:\WINDOWS\system32\vga.dll - ok
10:59:39.0984 0x047c  [ E129E32C09F5B2F3A1C61C264691500E, 1B83CDB3243A5BEA468C7A680511EFF6F0D53CDC71151C202C456C002A4EAA58 ] D:\WINDOWS\system32\atiok3x2.dll
10:59:39.0984 0x047c  D:\WINDOWS\system32\atiok3x2.dll - ok
10:59:39.0984 0x047c  [ 167395C27BE91BCD950CED197FE7A5E4, D9CB7DE0AC5E4430F270AA3EABCD4BC76EFD521723534F1A19CD252A84C492B9 ] D:\WINDOWS\system32\ati3duag.dll
10:59:39.0984 0x047c  D:\WINDOWS\system32\ati3duag.dll - ok
10:59:40.0000 0x047c  [ BC3BBAEC284D360CD37E1E035929C6D8, A3E653103EAC08980A64116561D8A36D53953E69AF5359FFA30499F7C7D0C6E3 ] D:\WINDOWS\system32\ativvaxx.dll
10:59:40.0000 0x047c  D:\WINDOWS\system32\ativvaxx.dll - ok
10:59:40.0000 0x047c  [ F09A527B422E25C478E38CAA0E44417A, 8E4D860C5C753B657A1BCB42579556E582CBDAABF07EAE59F81519AC6997ACCB ] D:\WINDOWS\system32\winlogon.exe
10:59:40.0000 0x047c  D:\WINDOWS\system32\winlogon.exe - ok
10:59:40.0000 0x047c  [ 53E1CCF332A2F40B5E08476921CD8B44, BBD472701811695EB8BD06CB3DFAF07D2632E1D271B387395455FE9B274CB470 ] D:\WINDOWS\system32\advapi32.dll
10:59:40.0000 0x047c  D:\WINDOWS\system32\advapi32.dll - ok
10:59:40.0000 0x047c  [ E7E67C2EE5A306B2AF30D4B446248E34, 7A7818135AC2B4E3512A1488E7808DDCD8426C32024C7C2FBF0C6F0FE305AFF2 ] D:\WINDOWS\system32\rpcrt4.dll
10:59:40.0000 0x047c  D:\WINDOWS\system32\rpcrt4.dll - ok
10:59:40.0000 0x047c  [ 7CB4DF6D66F99E6C5E09ADFBE29E0275, 1FBE28BD0A6431DC294EE5EE373205CF858A8991A9FE43C9FB5A6B540EE1ECD7 ] D:\WINDOWS\system32\secur32.dll
10:59:40.0000 0x047c  D:\WINDOWS\system32\secur32.dll - ok
10:59:40.0015 0x047c  [ 8B171E51F5486FC0ACE108BE3E76B1E0, 5FF8172ACB26707FA6689CE6BDFAAA6DF0CEAE9818931496CF39DDE04FBA61FE ] D:\WINDOWS\system32\authz.dll
10:59:40.0015 0x047c  D:\WINDOWS\system32\authz.dll - ok
10:59:40.0015 0x047c  [ C6A6E53A0C34EC87883137A6CB87AE5E, AC2BA6B65390258D88B08252037AC77CE7CD0FD7E9CFCC6BB412FF07517A6F63 ] D:\WINDOWS\system32\msvcrt.dll
10:59:40.0015 0x047c  D:\WINDOWS\system32\msvcrt.dll - ok
10:59:40.0015 0x047c  [ 7727D9C5FFB84E103484D52F978D5DC6, B9E1A1C458B50738F5BEC4C2EEFFCB6E9F0085EA67584936303DCAA9B20C0938 ] D:\WINDOWS\system32\crypt32.dll
10:59:40.0015 0x047c  D:\WINDOWS\system32\crypt32.dll - ok
10:59:40.0015 0x047c  [ AE8ACAD9F6931ECC0BD9A3751A0AB0C4, 19E5920E1D98004C957759EE5E3E7E63D01F3696A48F7E6A27BA09E71EBF04E0 ] D:\WINDOWS\system32\msasn1.dll
10:59:40.0015 0x047c  D:\WINDOWS\system32\msasn1.dll - ok
10:59:40.0015 0x047c  [ E500CB5F6FE4C1AF388608A54B32E7F7, FF142DEDD4879F41437AC2999AB52F0274682EA3E60B1010D50087ED80E4A0BA ] D:\WINDOWS\system32\nddeapi.dll
10:59:40.0015 0x047c  D:\WINDOWS\system32\nddeapi.dll - ok
10:59:40.0031 0x047c  [ 7B40A9A5029111D94AB6B97AF0C9FA5E, C2C20AE04A32657F95AFB47D8F6475B0E471ED9E2172CBBF42D77A13DDAE995F ] D:\WINDOWS\system32\netapi32.dll
10:59:40.0031 0x047c  D:\WINDOWS\system32\netapi32.dll - ok
10:59:40.0031 0x047c  [ B50FBE927DA41AB4A151663F59664B82, CED5ECDDAC5A3CAE51543421F85E853DEAA1C519850F2BD5A1BA9C3A3AF849A8 ] D:\WINDOWS\system32\profmap.dll
10:59:40.0031 0x047c  D:\WINDOWS\system32\profmap.dll - ok
10:59:40.0031 0x047c  [ 8CB206B85C69B8FB0E7AD1E949BF3194, 8E0F48856A1E59CCFA2A520B8311EBA12299CE4E748F28E81DC2C0462785F2A3 ] D:\WINDOWS\system32\userenv.dll
10:59:40.0031 0x047c  D:\WINDOWS\system32\userenv.dll - ok
10:59:40.0031 0x047c  [ D0112D84372AB2C47DC9755696354CE6, 12A66C2C1C96DFD871579E19A318FD371191F4D65A1F3C61339CB9BC4C52656C ] D:\WINDOWS\system32\psapi.dll
10:59:40.0031 0x047c  D:\WINDOWS\system32\psapi.dll - ok
10:59:40.0031 0x047c  [ 06C0391672FB97E017B431076F455857, 6E09ABAD4442E294185D9CE215BAAFFA05174C4F5CC364D981C239EAEA9FA2CB ] D:\WINDOWS\system32\regapi.dll
10:59:40.0031 0x047c  D:\WINDOWS\system32\regapi.dll - ok
10:59:40.0046 0x047c  [ 5B04BC7C5AF0E2A0A8EC402B2FCBD9E5, 6F0654C8E490149005CCC910909D26167B49A3DBD2F7F551FBF2A94911CCFEA9 ] D:\WINDOWS\system32\setupapi.dll
10:59:40.0046 0x047c  D:\WINDOWS\system32\setupapi.dll - ok

tymara 30.11.2014 11:29
hier gehts weiter:


Code:
10:59:40.0046 0x047c  D:\WINDOWS\system32\setupapi.dll - ok
10:59:40.0046 0x047c  [ F86000634319F71535BCE6B06995EE99, E88CAA85659500DEE3234571267FFEB557A8FB5155EE7FDE8E0D4D84F62E6CCA ] D:\WINDOWS\system32\version.dll
10:59:40.0046 0x047c  D:\WINDOWS\system32\version.dll - ok
10:59:40.0046 0x047c  [ 24EEC6968BF76464609B2C96523976B8, 283E845CF4088C468F12088579277E93C6B35D2DD588A7C16EC1E19142D40FF9 ] D:\WINDOWS\system32\imagehlp.dll
10:59:40.0046 0x047c  D:\WINDOWS\system32\imagehlp.dll - ok
10:59:40.0046 0x047c  [ 455AEC2D466FB582D1CB0EF49CE8EDEC, A38530673546363DA970952DE80482DF739BC8EEFFA99D1EA61345C9A59D21DD ] D:\WINDOWS\system32\winsta.dll
10:59:40.0046 0x047c  D:\WINDOWS\system32\winsta.dll - ok
10:59:40.0062 0x047c  [ 493A290C0D641E22578129BE23F2CA82, 77C87A214C1F05DE856569A06AE977CC1AEF9647048E8CE185E49644C7E02622 ] D:\WINDOWS\system32\wintrust.dll
10:59:40.0062 0x047c  D:\WINDOWS\system32\wintrust.dll - ok
10:59:40.0062 0x047c  [ 3C1708C5C05910FE495D832C6536ED78, 81E86FB3590E786D129EE6F653B32D5114F432AD3321CE7FA60A89D979B89A7D ] D:\WINDOWS\system32\kbdgr.dll
10:59:40.0062 0x047c  D:\WINDOWS\system32\kbdgr.dll - ok
10:59:40.0062 0x047c  [ C7D8A0517CBF16B84F657DE87EBE9D4B, B69AAEE7E28375F16C0F2746AFD28C58C7968068C140A2C83838A74A4907F084 ] D:\WINDOWS\system32\ws2help.dll
10:59:40.0062 0x047c  D:\WINDOWS\system32\ws2help.dll - ok
10:59:40.0062 0x047c  [ 6A35E2D6F5F052C84EC2CEB296389439, 0349BA3243BC91149D6394F5CB3B114934DA5FBB953A8A59AFA90156029D1163 ] D:\WINDOWS\system32\ws2_32.dll
10:59:40.0062 0x047c  D:\WINDOWS\system32\ws2_32.dll - ok
10:59:40.0062 0x047c  [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] D:\WINDOWS\system32\kbdus.dll
10:59:40.0062 0x047c  D:\WINDOWS\system32\kbdus.dll - ok
10:59:40.0078 0x047c  [ BEEB23CAA0A08CBECB13D55C1922C86E, 30F8A3F4785757272E1B8598F0361C27BBE4572932B5DB0D931354C04400B907 ] D:\WINDOWS\system32\msgina.dll
10:59:40.0078 0x047c  D:\WINDOWS\system32\msgina.dll - ok
10:59:40.0078 0x047c  [ AD28671D1B83A386B070DC451A113C13, D906178EC646A26AA9B7E82371E6D7347866713A7071EBFEC18B3E04BF7DD570 ] D:\WINDOWS\system32\comctl32.dll
10:59:40.0078 0x047c  D:\WINDOWS\system32\comctl32.dll - ok
10:59:40.0078 0x047c  [ 96E31F7B305D0CD510950B945E2ED829, EC0896B347BD376CB00C52A2403B8227C7259E257E89548663EA8A0C48AA4635 ] D:\WINDOWS\system32\comdlg32.dll
10:59:40.0078 0x047c  D:\WINDOWS\system32\comdlg32.dll - ok
10:59:40.0078 0x047c  [ 220A7166831EE2B71F07010E70AFA34A, 30D15911013394AE769E645C89CDC5D38BF4C4ABDF88208DFDA96A66A9831C0D ] D:\WINDOWS\system32\odbc32.dll
10:59:40.0078 0x047c  D:\WINDOWS\system32\odbc32.dll - ok
10:59:40.0078 0x047c  [ 0721590C8C1E99FB4286F1EEA65731C2, 7B48BE620AA2BB9049C2EBEB06B123F5ED5ECED4E7B3AC84D780B17FDD68114F ] D:\WINDOWS\system32\shell32.dll
10:59:40.0078 0x047c  D:\WINDOWS\system32\shell32.dll - ok
10:59:40.0093 0x047c  [ 21F5F91A49CADC4AB873417F54D17D25, DFCC0AEB47DE305ECFCED6349624393ED9C0CA343AD25F3A7E37FA47B75B4F57 ] D:\WINDOWS\system32\shlwapi.dll
10:59:40.0093 0x047c  D:\WINDOWS\system32\shlwapi.dll - ok
10:59:40.0093 0x047c  [ 353FC7A3091E25F831439E94082C9B35, 2B40A7EC4BFB6DA4775C70192DD3113B9A87C22054BE3C1BDB2B394F01BE0310 ] D:\WINDOWS\system32\sxs.dll
10:59:40.0093 0x047c  D:\WINDOWS\system32\sxs.dll - ok
10:59:40.0093 0x047c  [ 3C93CE6C6985C55952B7BE6673E9FD15, 1F0D2D8F9739063FF5EAFEFB50D20C235E50CCBB924F6B473E8EBAA5C6BA7619 ] D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
10:59:40.0093 0x047c  D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - ok
10:59:40.0093 0x047c  [ 4E7F74CFC0DBB2DB988A8A460A603407, 30B439F2FDAFD3FC8F5AA3A987F4C2430486F674BFC0FECCA7DC3B6AE342A4E3 ] D:\WINDOWS\system32\odbcint.dll
10:59:40.0093 0x047c  D:\WINDOWS\system32\odbcint.dll - ok
10:59:40.0109 0x047c  [ 44161A59DC33AC2EA9C95438ADFFFB7F, 4287C019D707FB601D33779AFA360289EF7775B8E47D438AA3B7ECF68A0D127B ] D:\WINDOWS\system32\sfc.dll
10:59:40.0109 0x047c  D:\WINDOWS\system32\sfc.dll - ok
10:59:40.0109 0x047c  [ D110369E8D883029325B77D7E1B7B2AD, 81856C906386D11DAC8044477914FF3E4B79EC8CF5EF85DA4B41E230EF7A3749 ] D:\WINDOWS\system32\sfc_os.dll
10:59:40.0109 0x047c  D:\WINDOWS\system32\sfc_os.dll - ok
10:59:40.0109 0x047c  [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] D:\WINDOWS\system32\shsvcs.dll
10:59:40.0109 0x047c  D:\WINDOWS\system32\shsvcs.dll - ok
10:59:40.0109 0x047c  [ E08D638BA3D3DD6DF6E31216AB66AE0B, 4CD060A85D194173FA296A56D98D0EFF1C1873C0CE087EA724521D8D97C77BEE ] D:\WINDOWS\system32\ole32.dll
10:59:40.0109 0x047c  D:\WINDOWS\system32\ole32.dll - ok
10:59:40.0109 0x047c  [ 07CBC9E96C70214034E00136D5642492, 43C2E921044C11D7EBDC34F6AC1C0C05CA6767D3FB15EB11C6FD81C7B667F82A ] D:\WINDOWS\system32\apphelp.dll
10:59:40.0109 0x047c  D:\WINDOWS\system32\apphelp.dll - ok
10:59:40.0125 0x047c  [ CB28AF8C4F50DDD91D1DB253DF0C2679, 877CFD7E55CB4C92B81D10156467574DCA49928EC1369DBD0F65BC8A7C0E68A5 ] D:\WINDOWS\system32\lsasrv.dll
10:59:40.0125 0x047c  D:\WINDOWS\system32\lsasrv.dll - ok
10:59:40.0125 0x047c  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] D:\WINDOWS\system32\lsass.exe
10:59:40.0125 0x047c  D:\WINDOWS\system32\lsass.exe - ok
10:59:40.0125 0x047c  [ 243955BFA314C7D48D7A6D5BC4A9922A, 5DC34BE9D5670A59B10F36438000EB7A48F90E47CBE8EAC568CA0FB13761A2F0 ] D:\WINDOWS\system32\msvcp60.dll
10:59:40.0125 0x047c  D:\WINDOWS\system32\msvcp60.dll - ok
10:59:40.0125 0x047c  [ 2957CF1BDDCF21D3F5DB13AD5E406A7B, 78FA6082453DEFFB7CF22DA7783AA6DBBFD5989F48700E5BCF2BCCBA1AA100E7 ] D:\WINDOWS\system32\ncobjapi.dll
10:59:40.0125 0x047c  D:\WINDOWS\system32\ncobjapi.dll - ok
10:59:40.0125 0x047c  [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] D:\WINDOWS\system32\services.exe
10:59:40.0125 0x047c  D:\WINDOWS\system32\services.exe - ok
10:59:40.0140 0x047c  [ 7717633EB7A76FBD3FB09BACAB07124E, E65D4DCA692D6EB1EB861999C53B9C1334FAB90312CC540BDE6E6AD6AAD397ED ] D:\WINDOWS\system32\mpr.dll
10:59:40.0140 0x047c  D:\WINDOWS\system32\mpr.dll - ok
10:59:40.0140 0x047c  [ 37499389DEAE0FF44437AAB7A75DAB73, EB10EE5AA38C22B836EE0C26B55BB1D61024D52CB535218AEA2B21F30A7B307B ] D:\WINDOWS\system32\scesrv.dll
10:59:40.0140 0x047c  D:\WINDOWS\system32\scesrv.dll - ok
10:59:40.0140 0x047c  [ 292AEB6CBF02DC02445C61EB3F5DAC69, 7D694CF6032AEC7033925E916CDF9172CF8D5EB13798E4AF292922EBAECBD85A ] D:\WINDOWS\system32\dnsapi.dll
10:59:40.0140 0x047c  D:\WINDOWS\system32\dnsapi.dll - ok
10:59:40.0140 0x047c  [ 8007D5DC09EB8646C03B6D61AACC3B20, 13BB1E57B9202C3418BADFAEFBF420C513759986EB741E423EA76FE024DE8998 ] D:\WINDOWS\system32\ntdsapi.dll
10:59:40.0140 0x047c  D:\WINDOWS\system32\ntdsapi.dll - ok
10:59:40.0140 0x047c  [ 4B6C449D5AAC708E1BBFDF8BB603E4FA, B0002D30BD4DB250D103B271FF68270F457937C7ED3479B73D061C1E4DF1B94A ] D:\WINDOWS\AppPatch\acadproc.dll
10:59:40.0140 0x047c  D:\WINDOWS\AppPatch\acadproc.dll - ok
10:59:40.0156 0x047c  [ 6D526EF248128FCEEAD9D35B3744A10B, 3ED8D0CB764250B4B62F77FC27CDFA68043B2765A318A07293FD162307388164 ] D:\WINDOWS\system32\samlib.dll
10:59:40.0156 0x047c  D:\WINDOWS\system32\samlib.dll - ok
10:59:40.0156 0x047c  [ B5E7026D1CB7D9BCBA0083B9F69683F1, EC3D0746ADE4CA286B778D2A5CEBF4882BCE814F1C7399AE298FB4E1DC979416 ] D:\WINDOWS\system32\shimeng.dll
10:59:40.0156 0x047c  D:\WINDOWS\system32\shimeng.dll - ok
10:59:40.0156 0x047c  [ 327507F0FD1C410917AD951FE7CAAC2D, 079D71F5E1E0A7ADC31A97FB6F3EA0FD8E4AC49244C34BE058F61A2DD6C6958E ] D:\WINDOWS\system32\umpnpmgr.dll
10:59:40.0156 0x047c  D:\WINDOWS\system32\umpnpmgr.dll - ok
10:59:40.0156 0x047c  [ FEB0A547DF442F353E1FC83BC7D7AE73, 810563C9A1135AE918DC279DA9CE5FF22AF2C2A678A360A88AE6A033309C55AA ] D:\WINDOWS\system32\wldap32.dll
10:59:40.0156 0x047c  D:\WINDOWS\system32\wldap32.dll - ok
10:59:40.0171 0x047c  [ 434ADBB2F0875D881D73A9861220A7FD, 0A7AE31AD55A0DF48CDB4BAB82F96920894E2D9E1E9CFBA762CDF144BCC1AF9F ] D:\WINDOWS\system32\samsrv.dll
10:59:40.0171 0x047c  D:\WINDOWS\system32\samsrv.dll - ok
10:59:40.0171 0x047c  [ 447AF8FE53D79E4F59F9452743C3BB68, ADE7AE92F9360BEDC62A857B1556E72363AE87941F6E9BAB10E2A3A8D639A0A5 ] D:\WINDOWS\system32\cryptdll.dll
10:59:40.0171 0x047c  D:\WINDOWS\system32\cryptdll.dll - ok
10:59:40.0171 0x047c  [ AC6927F5C5B4A0478BE981E25C4BDDB6, 05381DFF02B6692E586EC8405BA22F4CBD0E64EF5CC73BA22C424FC175C9629E ] D:\WINDOWS\AppPatch\acgenral.dll
10:59:40.0171 0x047c  D:\WINDOWS\AppPatch\acgenral.dll - ok
10:59:40.0171 0x047c  [ FF452D340940822DF0A1D1BC1D734186, ACFA67E1406A251B7C039FA3D05729A4BFD40DE5049B496BF48D805CE95669C8 ] D:\WINDOWS\system32\winmm.dll
10:59:40.0171 0x047c  D:\WINDOWS\system32\winmm.dll - ok
10:59:40.0171 0x047c  [ 6AEA30E09213A468AE8F2F6071557246, CD65B04435CA4DBD4FAD9B1CCAB7FD2916A4D01046E7C430DF39C1F56FB376D8 ] D:\WINDOWS\system32\oleaut32.dll
10:59:40.0171 0x047c  D:\WINDOWS\system32\oleaut32.dll - ok
10:59:40.0187 0x047c  [ 56EB828638033E8DA33A720B22FBBA8A, 6536451650FCA42E0606D201876485D6CF2EB8E597D525076E60681FB4433641 ] D:\WINDOWS\system32\msacm32.dll
10:59:40.0187 0x047c  D:\WINDOWS\system32\msacm32.dll - ok
10:59:40.0187 0x047c  [ A00674B8ACB5F8726E5AD35202E091D4, CA18E3E5221FF898ACF5465EEF6FB1AAF3EC9ACFDB0E508824B9C6A0A4E64E25 ] D:\WINDOWS\system32\uxtheme.dll
10:59:40.0187 0x047c  D:\WINDOWS\system32\uxtheme.dll - ok
10:59:40.0187 0x047c  [ FEA07EF8DE796B6956ED23933675CBE8, EEBB4DEFD5C4CF75F92B3311DF8059737BC2B71BD6FE1A46826B8CA0DE150D6E ] D:\WINDOWS\system32\schannel.dll
10:59:40.0187 0x047c  D:\WINDOWS\system32\schannel.dll - ok
10:59:40.0187 0x047c  [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] D:\WINDOWS\system32\msprivs.dll
10:59:40.0187 0x047c  D:\WINDOWS\system32\msprivs.dll - ok
10:59:40.0187 0x047c  [ 394CCD355E86092FFDCCA41F8797861E, F4004B50EF25D92CE972EE18845CC91203FE78CC8BBC13EAA891CE2E1FF90B88 ] D:\WINDOWS\system32\kerberos.dll
10:59:40.0187 0x047c  D:\WINDOWS\system32\kerberos.dll - ok
10:59:40.0203 0x047c  [ 1579CF2100A10C85A4C0758DB66006EE, 85F7087683D5EA1C22E374B313CA9387702BB058BAACCF0A9ADE940497D1C41E ] D:\WINDOWS\system32\msv1_0.dll
10:59:40.0203 0x047c  D:\WINDOWS\system32\msv1_0.dll - ok
10:59:40.0203 0x047c  [ B65FA22811B17544F24A3E2520F087EF, F22E40A938374ADCCA334F4BA0E75AF517CF2397A27F8F8372D992FCBF100D54 ] D:\WINDOWS\system32\iphlpapi.dll
10:59:40.0203 0x047c  D:\WINDOWS\system32\iphlpapi.dll - ok
10:59:40.0203 0x047c  [ 0098D35F91DEAB9C127360A877F2CF84, F556E910CAF640CE892B8533B79F5D90F375D8C8C5322EBD153ED762F36A2796 ] D:\WINDOWS\system32\netlogon.dll
10:59:40.0203 0x047c  D:\WINDOWS\system32\netlogon.dll - ok
10:59:40.0203 0x047c  [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] D:\WINDOWS\system32\rsaenh.dll
10:59:40.0203 0x047c  D:\WINDOWS\system32\rsaenh.dll - ok
10:59:40.0203 0x047c  [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] D:\WINDOWS\system32\w32time.dll
10:59:40.0203 0x047c  D:\WINDOWS\system32\w32time.dll - ok
10:59:40.0218 0x047c  [ 22D7E027DD7B81EDAA0BCDCC02449B86, 39DBE05A8A391DE71AEF93956A720B4086CE58549074B2F0C322283472105352 ] D:\WINDOWS\system32\wdigest.dll
10:59:40.0218 0x047c  D:\WINDOWS\system32\wdigest.dll - ok
10:59:40.0218 0x047c  [ 798D5AE675FD3A9B7CB836112C0EEC78, A83BED504EA1E620A623C27BFEF19800D58E92A7DA55EFB5673F43D530188FD2 ] D:\WINDOWS\system32\winscard.dll
10:59:40.0218 0x047c  D:\WINDOWS\system32\winscard.dll - ok
10:59:40.0218 0x047c  [ 0752206793CCA5825C0F8E863D83D81E, 44DBF61778B46D4BF3F73A9E4467DD2AC2523CC31211BFBF1AFFEAA1E4D28F72 ] D:\WINDOWS\system32\wtsapi32.dll
10:59:40.0218 0x047c  D:\WINDOWS\system32\wtsapi32.dll - ok
10:59:40.0218 0x047c  [ 5132443DF6FC3771A17AB4AE55DCBC28, EA8E278FE638FA3ADA33983C2D4AFEB04298EEE87982EE2BA0804751D6BE0CD0 ] D:\WINDOWS\system32\scecli.dll
10:59:40.0218 0x047c  D:\WINDOWS\system32\scecli.dll - ok
10:59:40.0218 0x047c  [ ECA673779ECD27D674953D692FE070F6, 6FBCAF6C347E06032C63B72261785109D0929BE1B23CA5465995803951954616 ] D:\WINDOWS\system32\ati2evxx.exe
10:59:40.0218 0x047c  D:\WINDOWS\system32\ati2evxx.exe - ok
10:59:40.0234 0x047c  [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] D:\WINDOWS\system32\drivers\mbam.sys
10:59:40.0234 0x047c  D:\WINDOWS\system32\drivers\mbam.sys - ok
10:59:40.0234 0x047c  [ FB48C9B0B6382D5AEA6AEEDBDAEA55A3, EDCFB7CBEBCEA04AAF96C2DABD83B338CAB0F367F1E7274FDF973F6B3F0C771C ] D:\WINDOWS\system32\cfgmgr32.dll
10:59:40.0234 0x047c  D:\WINDOWS\system32\cfgmgr32.dll - ok
10:59:40.0234 0x047c  [ C8C0BDABC966B6C24D337DF0A0A399E1, 2A8376BC6EC1B2A8B632051C47A8A5106B984887774CFEBD2624F58D73BA8E66 ] D:\WINDOWS\system32\powrprof.dll
10:59:40.0234 0x047c  D:\WINDOWS\system32\powrprof.dll - ok
10:59:40.0234 0x047c  [ 4FBC75B74479C7A6F829E0CA19DF3366, A42568851B48FB9924B3FE18C8A0F3CEECD850254257CFE6C5F168C08F408EF0 ] D:\WINDOWS\system32\svchost.exe
10:59:40.0234 0x047c  D:\WINDOWS\system32\svchost.exe - ok
10:59:40.0250 0x047c  [ 65ABA37DE32716D6D1164216DB6263BA, DA2C2781F1D9080549CC1E7B0AA3EA1B4C982A96B845853C53B8485BE4A6433E ] D:\WINDOWS\system32\ntmarta.dll
10:59:40.0250 0x047c  D:\WINDOWS\system32\ntmarta.dll - ok
10:59:40.0250 0x047c  [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] D:\WINDOWS\system32\rpcss.dll
10:59:40.0250 0x047c  D:\WINDOWS\system32\rpcss.dll - ok
10:59:40.0250 0x047c  [ FDB5E2CA5763E37E1D19B7C4AFAE8055, 054F909CF48C9546F7F7A703AB66A50FE10A76CC384265551896854155A8366C ] D:\WINDOWS\system32\xpsp2res.dll
10:59:40.0250 0x047c  D:\WINDOWS\system32\xpsp2res.dll - ok
10:59:40.0250 0x047c  [ 04955AA695448C181B367D964AF158AA, 4C6A6FCB3D882D93E1643D8DA555D04625BEE5D6C279FF98879C2A7410635BF2 ] D:\WINDOWS\system32\eventlog.dll
10:59:40.0250 0x047c  D:\WINDOWS\system32\eventlog.dll - ok
10:59:40.0250 0x047c  [ 68169471FA71B327ED009B80CDDC82DE, 70FDB4F3E4EBA7D93B233D9BDDAAAADE998EE128174A11091AB3C5438C84DD6D ] D:\WINDOWS\system32\ati2edxx.dll
10:59:40.0250 0x047c  D:\WINDOWS\system32\ati2edxx.dll - ok
10:59:40.0265 0x047c  [ DF585DE3B2AE3CE0FB72EB562BB989A7, 599F391B640FA62AA2F81733791556BEFD4894E71C04C7C3031E184B334A905D ] D:\WINDOWS\system32\atipdlxx.dll
10:59:40.0265 0x047c  D:\WINDOWS\system32\atipdlxx.dll - ok
10:59:40.0265 0x047c  [ F12B9D9A069331877D006CC81B4735F9, 28EEE4A21412174BE0CAF7B041DAAB8299AA59EA5F6E41B8AFDD1A4DA770C793 ] D:\WINDOWS\system32\mswsock.dll
10:59:40.0265 0x047c  D:\WINDOWS\system32\mswsock.dll - ok
10:59:40.0265 0x047c  [ 0DAF0705D7B39C94E287913226688804, 6757E08E027B31740DC829F3EF498D45C4D6C1E74CEE7F9711235C15D43AC5A7 ] D:\WINDOWS\system32\hnetcfg.dll
10:59:40.0265 0x047c  D:\WINDOWS\system32\hnetcfg.dll - ok
10:59:40.0265 0x047c  [ 4934FF44C8B6AE7B4CA0118B3D2CF666, AD33FCDCE79EF82B00AD0B0D08F201C242FA809A110A70968B1D3FB4E7C5170F ] D:\WINDOWS\system32\winrnr.dll
10:59:40.0265 0x047c  D:\WINDOWS\system32\winrnr.dll - ok
10:59:40.0265 0x047c  [ 41CCC4CD535579D27AEAB485B36CEB9E, 5453E3056EE42579A612BD1A177E3C57A128803189AD8CB91EE2D228FC475D19 ] D:\WINDOWS\system32\wshbth.dll
10:59:40.0265 0x047c  D:\WINDOWS\system32\wshbth.dll - ok
10:59:40.0281 0x047c  [ 02AF8A799D173C2D0C71F399C03AC9E1, 2337951BAFD3BDCB0102BFAD672354D8C1C2DFDE23AC531F87CE0F0C8B55C851 ] D:\WINDOWS\system32\wshtcpip.dll
10:59:40.0281 0x047c  D:\WINDOWS\system32\wshtcpip.dll - ok
10:59:40.0281 0x047c  [ 469FED8597896DB77B49384BE90E2E0A, E811D47288AFEC01013A5D907107312A742175384B9BDAC0F9A710EFF70B120B ] D:\WINDOWS\system32\rasadhlp.dll
10:59:40.0281 0x047c  D:\WINDOWS\system32\rasadhlp.dll - ok
10:59:40.0281 0x047c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] D:\WINDOWS\system32\drivers\ndisuio.sys
10:59:40.0281 0x047c  D:\WINDOWS\system32\drivers\ndisuio.sys - ok
10:59:40.0281 0x047c  [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] D:\WINDOWS\system32\dhcpcsvc.dll
10:59:40.0281 0x047c  D:\WINDOWS\system32\dhcpcsvc.dll - ok
10:59:40.0296 0x047c  [ 8C9ED3B2834AAE63081AB2DA831C6FE9, 87D2931A5CD3658A28072BEC3F28384B91CC3B19D072CE9C69F119B80671C163 ] D:\WINDOWS\system32\dnsrslvr.dll
10:59:40.0296 0x047c  D:\WINDOWS\system32\dnsrslvr.dll - ok
10:59:40.0296 0x047c  [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] D:\WINDOWS\system32\lmhsvc.dll
10:59:40.0296 0x047c  D:\WINDOWS\system32\lmhsvc.dll - ok
10:59:40.0296 0x047c  [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] D:\WINDOWS\system32\wzcsvc.dll
10:59:40.0296 0x047c  D:\WINDOWS\system32\wzcsvc.dll - ok
10:59:40.0296 0x047c  [ 6F5ABF78CEB2A64DAC1CD8A8A04E30A5, 8524937F4B8CB1E3BA8737BA36952B2913A42BBCC4890664A616EEF591641FB0 ] D:\WINDOWS\system32\atl.dll
10:59:40.0296 0x047c  D:\WINDOWS\system32\atl.dll - ok
10:59:40.0296 0x047c  [ 6B08275230504D5112CE379A3D9DF8D9, 4E8342BDACA2A721FCB16F76DF0F3B5408F1AE4856CEA6F71A51E9DFDA15D0E0 ] D:\WINDOWS\system32\dot3api.dll
10:59:40.0296 0x047c  D:\WINDOWS\system32\dot3api.dll - ok
10:59:40.0312 0x047c  [ 27EE4C04D81A9B5658C819C43221598B, 51650B93D67732BFB5E1FA156A320607E233A36047064E9843E3E15498A22547 ] D:\WINDOWS\system32\eapolqec.dll
10:59:40.0312 0x047c  D:\WINDOWS\system32\eapolqec.dll - ok
10:59:40.0312 0x047c  [ EC9DB893C89020C2B95D301429535162, C08DD59C71C3ACEAA5491D1AC10237FBE64962DC66DA9BB981A09B62658EFBF7 ] D:\WINDOWS\system32\esent.dll
10:59:40.0312 0x047c  D:\WINDOWS\system32\esent.dll - ok
10:59:40.0312 0x047c  [ 06BE178035B554A7638CC45030DFB7A5, AEEDDA78470A951B742B04F9FD429006EFCB0E9097BE871037B3931F2D997745 ] D:\WINDOWS\system32\qutil.dll
10:59:40.0312 0x047c  D:\WINDOWS\system32\qutil.dll - ok
10:59:40.0312 0x047c  [ 7CC640E3B8D427752F1D5B1093609338, 1CB2CFBE00D6017736E2CA40E2A8B7344427C864BDAD2E936AD76D9B88360114 ] D:\WINDOWS\system32\rtutils.dll
10:59:40.0312 0x047c  D:\WINDOWS\system32\rtutils.dll - ok
10:59:40.0312 0x047c  [ 43AD9160D7AF6E7EAD00B485EBBAB6A5, BCC321C85162CA13482323B00028880854B7EC5B9BF53FE28B93EB01A73C43C8 ] D:\WINDOWS\system32\wmi.dll
10:59:40.0312 0x047c  D:\WINDOWS\system32\wmi.dll - ok
10:59:40.0328 0x047c  [ 78CC39AD817831F5BAD2B5D79A299F25, A5146E0FDD520AFA62F7A7B1C403E86DC2C6F7139BD9F1FD28B77473CF753117 ] D:\WINDOWS\system32\clbcatq.dll
10:59:40.0328 0x047c  D:\WINDOWS\system32\clbcatq.dll - ok
10:59:40.0328 0x047c  [ D0DE8A2EC95184E5193BB4B3112E29DF, 533EDAC06B30E3BA7BC65398D2C1067A0B6015E17A339439DECCD2B13EC1E9BB ] D:\WINDOWS\system32\comres.dll
10:59:40.0328 0x047c  D:\WINDOWS\system32\comres.dll - ok
10:59:40.0328 0x047c  [ B1CDCB462C2B50F0D66E755D2B285820, 51655195D017FEEF9AA4039D493C840BDDDC4258C8723C58C562A69355C9C2C2 ] D:\WINDOWS\system32\rastls.dll
10:59:40.0328 0x047c  D:\WINDOWS\system32\rastls.dll - ok
10:59:40.0328 0x047c  [ DB326A97E844964AF487D6FFDE28256B, 939E16FD9AD3D9D91DAA858802FD84045AD743B4126DB9A2E0930CC117547AEB ] D:\WINDOWS\system32\ati2evxx.dll
10:59:40.0328 0x047c  D:\WINDOWS\system32\ati2evxx.dll - ok
10:59:40.0328 0x047c  [ 8395FB1049CB49B2C14C3CACDF9B2B5A, 0253C0A8B38AECE84BC602EB626FF6D147EACEFB31BC6DA5FACDB1588C3645A4 ] D:\WINDOWS\system32\cryptui.dll
10:59:40.0328 0x047c  D:\WINDOWS\system32\cryptui.dll - ok
10:59:40.0343 0x047c  [ F2FBB810CEE3E25F8F923959C400E457, A63C42197D321B1BEB44C7BD28AD74BA27D7AD9D33387BEC5759E8AEB63E3D6E ] D:\WINDOWS\system32\logonui.exe
10:59:40.0343 0x047c  D:\WINDOWS\system32\logonui.exe - ok
10:59:40.0343 0x047c  [ BDB7897C7845025C085EA76B7210150E, F99F1B4ECED2094B622BD81FC7EA9D1EB283350A9AFEE5B56843ED8BA8C2E002 ] D:\WINDOWS\system32\duser.dll
10:59:40.0343 0x047c  D:\WINDOWS\system32\duser.dll - ok
10:59:40.0343 0x047c  [ D1A962D2DA4241977634365E33DB2417, D589D6D92FD916A06C8024CCD48B31045E66963D98263DFC53A055662CEA2737 ] D:\WINDOWS\system32\cscdll.dll
10:59:40.0343 0x047c  D:\WINDOWS\system32\cscdll.dll - ok
10:59:40.0343 0x047c  [ DC4E223F5813150073FB5CC63D13293B, 7420E02BD2C81B74E2F9CDFA7B43F087EFE0D086A85DED453B4B65A3280B1A8A ] D:\WINDOWS\system32\msimg32.dll
10:59:40.0343 0x047c  D:\WINDOWS\system32\msimg32.dll - ok
10:59:40.0359 0x047c  [ 2449D2A51EA2083FA05058F7CEF44714, 3291589AEC31C553C35B54B2D9082BB83035ADA5B68ABBB351E3AE3E0A9ED18B ] D:\WINDOWS\system32\dimsntfy.dll
10:59:40.0359 0x047c  D:\WINDOWS\system32\dimsntfy.dll - ok
10:59:40.0359 0x047c  [ DF2A4BD2F67F35D803F5342046BA07C6, 6F3E349F90AD65D8777ED6930838A67393892CA082511B211938009BD8E958E0 ] D:\WINDOWS\system32\oleacc.dll
10:59:40.0359 0x047c  D:\WINDOWS\system32\oleacc.dll - ok
10:59:40.0359 0x047c  [ B4AEE98A48917B274FACFB78BBE0BC84, D5E64C865B09B54212A5D80BE757E01FB8E8486CA2C95D3387CC2869E0A484D0 ] D:\WINDOWS\system32\wininet.dll
10:59:40.0359 0x047c  D:\WINDOWS\system32\wininet.dll - ok
10:59:40.0359 0x047c  [ C310CEAF283A8B5D4100E7C81E711F74, C9BE6CF66EE33FBF8295F66C6A5EA27D1FA503C950940A425E48DD0182DC77BD ] D:\WINDOWS\system32\mprapi.dll
10:59:40.0359 0x047c  D:\WINDOWS\system32\mprapi.dll - ok
10:59:40.0359 0x047c  [ E12D149442BBFEA6AA952327B2EA0079, FCCF3B9436632628DF34472DBE61B6DE5FE3C71280420DA23DF0769BEA2E3792 ] D:\WINDOWS\system32\winspool.drv
10:59:40.0359 0x047c  D:\WINDOWS\system32\winspool.drv - ok
10:59:40.0375 0x047c  [ 85D87ABB3889CE139BFFD7C7CBAC396B, 940BC0718EE819500A12F6F6D29CEE87C320CC37284DE591A3DC72545972A14C ] D:\WINDOWS\system32\wlnotify.dll
10:59:40.0375 0x047c  D:\WINDOWS\system32\wlnotify.dll - ok
10:59:40.0375 0x047c  [ 210199B7F3F632A95C29C916B040EABE, D535E25C508CD2CF2DB7C6FF9DE5E542590E152A90F9DD494B9D3AD358462B39 ] D:\WINDOWS\system32\activeds.dll
10:59:40.0375 0x047c  D:\WINDOWS\system32\activeds.dll - ok
10:59:40.0375 0x047c  [ DEF910C95F7C0C9B36C9A90EE25C924E, 3685026FC70CA6B0F40962C87D5A5B4B0B24EDDB68AA8CD5D4586EBD6C6B1238 ] D:\WINDOWS\system32\adsldpc.dll
10:59:40.0375 0x047c  D:\WINDOWS\system32\adsldpc.dll - ok
10:59:40.0375 0x047c  [ 8DD8B3F22B6E6E62D6D113AB319D1839, A807EC807945DB938D24A17152CBB939A612FF27D0377B8E29133B2CD3BB76DD ] D:\WINDOWS\system32\shgina.dll
10:59:40.0375 0x047c  D:\WINDOWS\system32\shgina.dll - ok
10:59:40.0375 0x047c  [ FC5F5F2EC1676C7CD898155B6546D2AE, 03590813360B76FD7B27D7FA19FA418FCA135ED4B31E205043F26673C9012795 ] D:\WINDOWS\system32\rasapi32.dll
10:59:40.0375 0x047c  D:\WINDOWS\system32\rasapi32.dll - ok
10:59:40.0390 0x047c  [ D4A61C9CFD998B132541C658E60C239D, 36A935942C1AF961EAEDE0D15DE889B9F4DAC36E24DD1666ABB685AE3691B71F ] D:\WINDOWS\system32\rasman.dll
10:59:40.0390 0x047c  D:\WINDOWS\system32\rasman.dll - ok
10:59:40.0390 0x047c  [ 995857A5138976FAEE6455F00033F607, 46EBA315DA3DC227A1173D9A6F1EA1242A8C20F54BEFF20BB83A2D09636B2458 ] D:\WINDOWS\system32\tapi32.dll
10:59:40.0390 0x047c  D:\WINDOWS\system32\tapi32.dll - ok
10:59:40.0390 0x047c  [ B4B91D8615D022B4143B9AED662008D1, EE719D9ACEBBC92D59E150423884E25343B1D6E0447555CF5588E2D1477BD2F7 ] D:\WINDOWS\system32\riched20.dll
10:59:40.0390 0x047c  D:\WINDOWS\system32\riched20.dll - ok
10:59:40.0390 0x047c  [ FED5D601190B0CCD6A625C92FACDDC74, 93BACE8F4895E7AE5420FCA94673975CE2A099A393B8410D9A7F2DEB806F123B ] D:\WINDOWS\system32\raschap.dll
10:59:40.0390 0x047c  D:\WINDOWS\system32\raschap.dll - ok
10:59:40.0406 0x047c  [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] D:\WINDOWS\system32\schedsvc.dll
10:59:40.0406 0x047c  D:\WINDOWS\system32\schedsvc.dll - ok
10:59:40.0406 0x047c  [ C52B07091AD6E6201FA535686E5642FA, 95E646E10B611BC6B63257AB84012543AD82CF2995B348E367116264E5FA475D ] D:\WINDOWS\system32\msidle.dll
10:59:40.0406 0x047c  D:\WINDOWS\system32\msidle.dll - ok
10:59:40.0406 0x047c  [ 39356A9CDB6753A6D13A4072A9F5A4BB, 7E41478460B0FFE7606F245B74AD60244816F4523FD4355C26BADF724BCE6575 ] D:\WINDOWS\system32\spoolsv.exe
10:59:40.0406 0x047c  D:\WINDOWS\system32\spoolsv.exe - ok
10:59:40.0406 0x047c  [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] D:\WINDOWS\system32\audiosrv.dll
10:59:40.0406 0x047c  D:\WINDOWS\system32\audiosrv.dll - ok
10:59:40.0406 0x047c  [ C0DB1E9367681ECD7ECCA9615C1D0F9B, 0CB18C35032E39163645C1761A9488639D2EF0643D856FDAA013BFF8A69DC744 ] D:\WINDOWS\system32\wkssvc.dll
10:59:40.0406 0x047c  D:\WINDOWS\system32\wkssvc.dll - ok
10:59:40.0421 0x047c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] D:\WINDOWS\system32\drivers\mrxdav.sys
10:59:40.0421 0x047c  D:\WINDOWS\system32\drivers\mrxdav.sys - ok
10:59:40.0421 0x047c  [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] D:\WINDOWS\system32\webclnt.dll
10:59:40.0421 0x047c  D:\WINDOWS\system32\webclnt.dll - ok
10:59:40.0421 0x047c  [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] D:\WINDOWS\system32\drivers\parvdm.sys
10:59:40.0421 0x047c  D:\WINDOWS\system32\drivers\parvdm.sys - ok
10:59:40.0421 0x047c  [ F0C803D84B89B2EA3CDB5580CECC15E3, 03E6A3261DDA5341B294CA1742E6569EB805038A31EA6C969318FB280A3CCBBA ] D:\WINDOWS\system32\wsock32.dll
10:59:40.0421 0x047c  D:\WINDOWS\system32\wsock32.dll - ok
10:59:40.0421 0x047c  [ 7E7D8DD0AFC6EFAA7F39CCF7B222D751, 244946BB067BBD573570417A3C042412A2CFC2AEED23411DB30A1223C2D733DD ] D:\WINDOWS\system32\certcli.dll
10:59:40.0421 0x047c  D:\WINDOWS\system32\certcli.dll - ok
10:59:40.0437 0x047c  [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] D:\WINDOWS\system32\cryptsvc.dll
10:59:40.0437 0x047c  D:\WINDOWS\system32\cryptsvc.dll - ok
10:59:40.0437 0x047c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] D:\WINDOWS\system32\drivers\fastfat.sys
10:59:40.0437 0x047c  D:\WINDOWS\system32\drivers\fastfat.sys - ok
10:59:40.0437 0x047c  [ 9696786759C4B43FA5C894747E893EA2, 4E68CD3A109EF892F09E2A2E7805A53969B512E7F427A09880E2C2082513929F ] D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
10:59:40.0437 0x047c  D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe - ok
10:59:40.0437 0x047c  [ 86F1895AE8C5E8B17D99ECE768A70732, 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE ] D:\Programme\Gemeinsame Dateien\LightScribe\msvcr71.dll
10:59:40.0437 0x047c  D:\Programme\Gemeinsame Dateien\LightScribe\msvcr71.dll - ok
10:59:40.0437 0x047c  [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] D:\WINDOWS\system32\dmserver.dll
10:59:40.0437 0x047c  D:\WINDOWS\system32\dmserver.dll - ok
10:59:40.0453 0x047c  [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] D:\WINDOWS\system32\ersvc.dll
10:59:40.0453 0x047c  D:\WINDOWS\system32\ersvc.dll - ok
10:59:40.0453 0x047c  [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C, 8FB19E57429EA5C35C43DADC9C37088A9AD6D039067DA7920DD6A3C9287D0FED ] D:\WINDOWS\system32\es.dll
10:59:40.0453 0x047c  D:\WINDOWS\system32\es.dll - ok
10:59:40.0453 0x047c  [ 561FA2ABB31DFA8FAB762145F81667C2, DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B ] D:\Programme\Gemeinsame Dateien\LightScribe\msvcp71.dll
10:59:40.0453 0x047c  D:\Programme\Gemeinsame Dateien\LightScribe\msvcp71.dll - ok
10:59:40.0453 0x047c  [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
10:59:40.0453 0x047c  D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
10:59:40.0453 0x047c  [ 8E1714FC6103F585F00CF2FA883EB33A, A50446B68792AAE4409F4CF150052835D86760FFE49E9D27B5BB719339C1E223 ] D:\WINDOWS\system32\hid.dll
10:59:40.0453 0x047c  D:\WINDOWS\system32\hid.dll - ok
10:59:40.0468 0x047c  [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] D:\WINDOWS\system32\hidserv.dll
10:59:40.0468 0x047c  D:\WINDOWS\system32\hidserv.dll - ok
10:59:40.0468 0x047c  [ A3962F4BBFE699B7EFFBBADE608E314F, C25CC5F546BE13C4632009C4D30522AC7EA4AAA76D88C70E11B336BBD2FE48B4 ] D:\WINDOWS\system32\netmsg.dll
10:59:40.0468 0x047c  D:\WINDOWS\system32\netmsg.dll - ok
10:59:40.0468 0x047c  [ D6EB4916B203CBE525F8EFF5FD5AB16C, 93C0F25E7D018B85FE8725EF39F25AED80698D39356FA8FC9CA534F68C430EE8 ] D:\WINDOWS\system32\srvsvc.dll
10:59:40.0468 0x047c  D:\WINDOWS\system32\srvsvc.dll - ok
10:59:40.0468 0x047c  [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] D:\Programme\Malwarebam\mbamscheduler.exe
10:59:40.0468 0x047c  D:\Programme\Malwarebam\mbamscheduler.exe - ok
10:59:40.0484 0x047c  [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] D:\WINDOWS\system32\drivers\srv.sys
10:59:40.0484 0x047c  D:\WINDOWS\system32\drivers\srv.sys - ok
10:59:40.0484 0x047c  [ A422816A15CFAC50567FD0F6582FD2CF, 0AA6588C63F53962E2D3665159BAE7402F43BEC0136A48DE39FE977430CA7B5A ] D:\Programme\Malwarebam\mbamsrv.dll
10:59:40.0484 0x047c  D:\Programme\Malwarebam\mbamsrv.dll - ok
10:59:40.0484 0x047c  [ 9621BE9F6EA24F3D7F09B07853CB5AC8, 289B6CF50AB088D474C84634A0469502153EED94BFBD11396E574451B0E8EF1C ] D:\WINDOWS\system32\spoolss.dll
10:59:40.0484 0x047c  D:\WINDOWS\system32\spoolss.dll - ok
10:59:40.0484 0x047c  [ 6582453D9A23287F6DCA15B82D339A48, 7FE6EE258F7017C8EEB36A2F8FF66B47C8662957A42EEE97BCDC46176EB014F0 ] D:\WINDOWS\system32\localspl.dll
10:59:40.0484 0x047c  D:\WINDOWS\system32\localspl.dll - ok
10:59:40.0484 0x047c  [ 61AF7614418BA5B9E8B4EB82E459BE53, 828ABEF68681C061E93FA61E7D12AEAB6D67ABBE597BC207DF0E6DB185C95C72 ] D:\Programme\Malwarebam\QtCore4.dll
10:59:40.0484 0x047c  D:\Programme\Malwarebam\QtCore4.dll - ok
10:59:40.0500 0x047c  [ CD1A323D787B738DDE0D62AA28214E16, 537C716DCC3F173580F6A34D31CBB099D0AFF57B5A31E737F4A41C8BCF041CB5 ] D:\WINDOWS\system32\cnbjmon.dll
10:59:40.0500 0x047c  D:\WINDOWS\system32\cnbjmon.dll - ok
10:59:40.0500 0x047c  [ 6CD9B4F273997E04EB548969C4AAEAA1, D3540729FDF61CCBB8CED7DFC3CAB4A1616409AD93F4663FD0C6B3EA42E3FDBA ] D:\WINDOWS\system32\CNMLM64.DLL
10:59:40.0500 0x047c  D:\WINDOWS\system32\CNMLM64.DLL - ok
10:59:40.0500 0x047c  [ 9B0B5DF56025F6E48C17C7BA75310D35, 11769BD4B25A6C139A347893E543935F85BD357B6EEEC65F174EA94531CD1D46 ] D:\WINDOWS\system32\pjlmon.dll
10:59:40.0500 0x047c  D:\WINDOWS\system32\pjlmon.dll - ok
10:59:40.0500 0x047c  [ CA8AA75C4DC6A48D65949A30CE46C970, 36315F9335ECECC839B6479A1B772F2B2CDC8CF8891E93507018ACBBF7231063 ] D:\WINDOWS\system32\tcpmon.dll
10:59:40.0500 0x047c  D:\WINDOWS\system32\tcpmon.dll - ok
10:59:40.0500 0x047c  [ CA55500E2E0515FCC888C4A5E01E64B7, 053910D883931A776F71AF8CF3A15837524B65B933C09038E51F40FCB7B959D2 ] D:\Programme\Malwarebam\msvcp100.dll
10:59:40.0500 0x047c  D:\Programme\Malwarebam\msvcp100.dll - ok
10:59:40.0515 0x047c  [ E7BB3BF2DFDF4483DFF8A4AB05805416, 596CC4D6E8D3253D29EA0BE7FD01F44BD585910EBBD5D8B49C8911C7BC068470 ] D:\WINDOWS\system32\usbmon.dll
10:59:40.0515 0x047c  D:\WINDOWS\system32\usbmon.dll - ok
10:59:40.0515 0x047c  [ 4C539E592E50633B21AB1E1FDA40A32A, F07F846E1BFA7AE1B5FE835BCB34CCD2FA671B865415EF2A9C6EB8972D3A0E0C ] D:\Programme\Malwarebam\msvcr100.dll
10:59:40.0515 0x047c  D:\Programme\Malwarebam\msvcr100.dll - ok
10:59:40.0515 0x047c  [ 1B07F9455F2354120B5E0F7FD0DE21E7, 03E88E4499188CE01646BD16D14A15BAD1F4BEB04D5AF55C3331E28FF14E5B16 ] D:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL
10:59:40.0515 0x047c  D:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL - ok
10:59:40.0515 0x047c  [ 4333010681772735474A64D984F175AB, 8A5795DEDD12B91562984AEB6F0A0D692A113ECAB66CC0365DC1FB0258E87802 ] D:\WINDOWS\system32\win32spl.dll
10:59:40.0515 0x047c  D:\WINDOWS\system32\win32spl.dll - ok
10:59:40.0531 0x047c  [ 4BAB096EE0673DE722536F0274DA2373, FFAC271F8E690695C65000204816D78D6E152B3E46091D9643FC6693AE5981E2 ] D:\WINDOWS\system32\inetpp.dll
10:59:40.0531 0x047c  D:\WINDOWS\system32\inetpp.dll - ok
10:59:40.0531 0x047c  [ 0E892525F035A10857E33153CF65CE6C, D3C18126CCC1B59A90E28CDCAEA2CE3129081E5511C2F3428A39F2168EE9D3F9 ] D:\WINDOWS\system32\netrap.dll
10:59:40.0531 0x047c  D:\WINDOWS\system32\netrap.dll - ok
10:59:40.0531 0x047c  [ 72DC0AFC9BDCFEB18F390B937A24E32C, 7E0396569EB37E1520F01B99EDE0B906BD032C8410B2F02DD6F2B0C2F07E0D46 ] D:\WINDOWS\system32\ipsecsvc.dll
10:59:40.0531 0x047c  D:\WINDOWS\system32\ipsecsvc.dll - ok
10:59:40.0531 0x047c  [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] D:\WINDOWS\system32\netman.dll
10:59:40.0531 0x047c  D:\WINDOWS\system32\netman.dll - ok
10:59:40.0531 0x047c  [ 121E5C473F0AD53BCFDB6E8181C44F81, 82E8036DD29249E826582D8933B04571AAE7B17EDD945B7928C8878DF3D0E454 ] D:\WINDOWS\system32\netshell.dll
10:59:40.0531 0x047c  D:\WINDOWS\system32\netshell.dll - ok
10:59:40.0546 0x047c  [ A3101C65133F0E3FCFF3ABA073BBA89C, 3041B0031E6834248DE5CD7766E8897DA65099D684F508878768212F17ED537D ] D:\WINDOWS\system32\oakley.dll
10:59:40.0546 0x047c  D:\WINDOWS\system32\oakley.dll - ok
10:59:40.0546 0x047c  [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] D:\WINDOWS\system32\regsvc.dll
10:59:40.0546 0x047c  D:\WINDOWS\system32\regsvc.dll - ok
10:59:40.0546 0x047c  [ AB0B97A27AA94AB681F0B0DD7C1B5E89, F0CA25154DABE472ADB4D9A21EEC715E5D91D076CE079D2191E5D0AC1EB90BEE ] D:\WINDOWS\system32\psbase.dll
10:59:40.0546 0x047c  D:\WINDOWS\system32\psbase.dll - ok
10:59:40.0546 0x047c  [ 1F975474A91306BEFF9A2314A88DB3BF, 9A839FF98353AADA54D66EF57D7AF168E27E845C203C83087EA8CB12A8871430 ] D:\WINDOWS\system32\pstorsvc.dll
10:59:40.0546 0x047c  D:\WINDOWS\system32\pstorsvc.dll - ok
10:59:40.0546 0x047c  [ C6D9B9487143C455C26BFA3D8BE7C445, 073F10A6216F517710167813B0D0ADD8A261FAC033F8C8948BA5BCACD32D9E57 ] D:\WINDOWS\system32\winipsec.dll
10:59:40.0546 0x047c  D:\WINDOWS\system32\winipsec.dll - ok
10:59:40.0562 0x047c  [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] D:\WINDOWS\system32\dssenh.dll
10:59:40.0562 0x047c  D:\WINDOWS\system32\dssenh.dll - ok
10:59:40.0562 0x047c  [ AFF1657382B09291DCB40ECFD2B673F2, F565C41416E13F6C73A063EC7FC393F6E8D0F3F4B3C0F04EEBA3D36220836537 ] D:\WINDOWS\system32\credui.dll
10:59:40.0562 0x047c  D:\WINDOWS\system32\credui.dll - ok
10:59:40.0562 0x047c  [ AE1BFF56A081E11208AFFCC7209BF5CE, 800E32D54181A1001780B8FC84ACF4646C02FEFBD32D12B8881FA1CDD0C3D20F ] D:\WINDOWS\system32\dot3dlg.dll
10:59:40.0562 0x047c  D:\WINDOWS\system32\dot3dlg.dll - ok
10:59:40.0562 0x047c  [ 4BAC361B11D8C5F3B38EC668ADD95D60, 7F5719C1D04576B7FF51902C4ED0D10B5824935C18D3D98016E59102EB449A47 ] D:\WINDOWS\system32\onex.dll
10:59:40.0562 0x047c  D:\WINDOWS\system32\onex.dll - ok
10:59:40.0578 0x047c  [ 14FA15EF89423FBFE55F55BB892C5CF2, F002C5A226FE14956752CA49822FC785639CD4B8F9C7687392062E0CE44D1EA7 ] D:\WINDOWS\system32\eappcfg.dll
10:59:40.0578 0x047c  D:\WINDOWS\system32\eappcfg.dll - ok
10:59:40.0578 0x047c  [ D6633FC7D1FCE7DCD7A1FE2564DC4FA6, EE96500063A6114F0EBC56026A39ABA62A83D3E12509E6F3187B9BC9426661DF ] D:\WINDOWS\system32\eappprxy.dll
10:59:40.0578 0x047c  D:\WINDOWS\system32\eappprxy.dll - ok
10:59:40.0578 0x047c  [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] D:\WINDOWS\system32\wiaservc.dll
10:59:40.0578 0x047c  D:\WINDOWS\system32\wiaservc.dll - ok
10:59:40.0578 0x047c  [ 41696F6200C7151CC0A4A26816E3F577, 66B97C2CF41A6DB28A5118C09A63B95EA8C954698B52A19D457E20D90F85F353 ] D:\WINDOWS\system32\wzcsapi.dll
10:59:40.0578 0x047c  D:\WINDOWS\system32\wzcsapi.dll - ok
10:59:40.0578 0x047c  [ C30D8C61884413FB35E241A2D98BD08F, E269FFAA5DC6E25F58D185C495F9B8EC054B1923963A0FF05D472392463FB3E3 ] D:\WINDOWS\system32\mscms.dll
10:59:40.0578 0x047c  D:\WINDOWS\system32\mscms.dll - ok
10:59:40.0593 0x047c  [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] D:\WINDOWS\system32\seclogon.dll
10:59:40.0593 0x047c  D:\WINDOWS\system32\seclogon.dll - ok
10:59:40.0593 0x047c  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] D:\WINDOWS\system32\sens.dll
10:59:40.0593 0x047c  D:\WINDOWS\system32\sens.dll - ok
10:59:40.0593 0x047c  [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] D:\WINDOWS\system32\srsvc.dll
10:59:40.0593 0x047c  D:\WINDOWS\system32\srsvc.dll - ok
10:59:40.0593 0x047c  [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] D:\WINDOWS\system32\trkwks.dll
10:59:40.0593 0x047c  D:\WINDOWS\system32\trkwks.dll - ok
10:59:40.0593 0x047c  [ B42057F06BBB98B31876C0B3F2B54E33, 779AF28378E8D37E784BEDBEE23DCFFC6C9C9068180F2A9058C91047E33ED078 ] D:\WINDOWS\system32\browser.dll
10:59:40.0593 0x047c  D:\WINDOWS\system32\browser.dll - ok
10:59:40.0609 0x047c  [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] D:\WINDOWS\system32\wbem\wmisvc.dll
10:59:40.0609 0x047c  D:\WINDOWS\system32\wbem\wmisvc.dll - ok
10:59:40.0609 0x047c  [ 6E3FFF4A95EA978E333E53FE7F47E7F6, A71185F0B786691058FFBDA6540BAEE6D95618CF678E26B26C2F522E695C2E70 ] D:\WINDOWS\system32\vssapi.dll
10:59:40.0609 0x047c  D:\WINDOWS\system32\vssapi.dll - ok
10:59:40.0609 0x047c  [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] D:\WINDOWS\system32\ipnathlp.dll
10:59:40.0609 0x047c  D:\WINDOWS\system32\ipnathlp.dll - ok
10:59:40.0609 0x047c  [ 18D926CD5F5BE2AA73EAD99C02BC719D, A4FC9EDCB1DA7AFDAB498BDD6245C035F19E478FA1C7F51192608B63F10D6DB8 ] D:\WINDOWS\system32\actxprxy.dll
10:59:40.0609 0x047c  D:\WINDOWS\system32\actxprxy.dll - ok
10:59:40.0625 0x047c  [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] D:\WINDOWS\system32\wscsvc.dll
10:59:40.0625 0x047c  D:\WINDOWS\system32\wscsvc.dll - ok
10:59:40.0625 0x047c  [ 8C22083ED515DC94D575438662F0BE6A, 67DC2A393AE31764C090BE2AEFAD3E20220538152157BAEBF366112166FEAB23 ] D:\WINDOWS\system32\msi.dll
10:59:40.0625 0x047c  D:\WINDOWS\system32\msi.dll - ok
10:59:40.0625 0x047c  [ 8747DA0A28057B6EF2366E4C951A23F5, 96AC4AFEB8D2EB706A5AA58B2B3803F88E8B74774F8FC2C4F7D59A3A961AA70D ] D:\WINDOWS\system32\wbem\wbemcomn.dll
10:59:40.0625 0x047c  D:\WINDOWS\system32\wbem\wbemcomn.dll - ok
10:59:40.0625 0x047c  [ 8B42C14DA903681760079C1E12D8B4DA, 2527D3FEE00D645620AABC36D2701216FE7C72BCE5C4E6F2BF1EA4C04B26461B ] D:\WINDOWS\system32\wbem\wbemcore.dll
10:59:40.0625 0x047c  D:\WINDOWS\system32\wbem\wbemcore.dll - ok
10:59:40.0625 0x047c  [ 517A94B722F607B904061447939D7924, B705E2012BA66A257B91DD933238E5A9056BAAB5502DDC9F779F142A9A42772A ] D:\WINDOWS\system32\wbem\wbemprox.dll
10:59:40.0625 0x047c  D:\WINDOWS\system32\wbem\wbemprox.dll - ok
10:59:40.0640 0x047c  [ 5F07EDF60DC19981238A0D8A9622535D, 35CCC1B21968CA652A8882694895660BF862C72DFB561853D6EBA131B396F8FD ] D:\WINDOWS\system32\wbem\esscli.dll
10:59:40.0640 0x047c  D:\WINDOWS\system32\wbem\esscli.dll - ok
10:59:40.0640 0x047c  [ 3F2A4A47A2BCE0269B252550D1A2B471, E672F6A19563B715A96A1B9D13C521C865447DD2CEA65CED87A1A943C74FE8CA ] D:\WINDOWS\system32\wbem\fastprox.dll
10:59:40.0640 0x047c  D:\WINDOWS\system32\wbem\fastprox.dll - ok
10:59:40.0640 0x047c  [ 90075AE5778A16AD07A030377E2E95CD, 90039F8CC696B71B0D88A266B0234A1D8525843344280F55F35204DDE298BC0D ] D:\WINDOWS\system32\comsvcs.dll
10:59:40.0640 0x047c  D:\WINDOWS\system32\comsvcs.dll - ok
10:59:40.0640 0x047c  [ B601A34A1BC3FFF07B005BC91FF58500, D0DBB43DA277BAA4ED116B873C27EC6CE37607683E427C3A854FDFDA151295A6 ] D:\WINDOWS\system32\clusapi.dll
10:59:40.0640 0x047c  D:\WINDOWS\system32\clusapi.dll - ok
10:59:40.0640 0x047c  [ 17E6FA7A7EBE1864DD5DDCD66D2735DF, D32882B2CA1503C62A2A65594D95D951EA291726600658A453C4B65C69ABD391 ] D:\WINDOWS\system32\colbact.dll
10:59:40.0640 0x047c  D:\WINDOWS\system32\colbact.dll - ok
10:59:40.0656 0x047c  [ 89546F0070588D78EA7357583A4C04CB, 3A0912E1B20A1A5A48EDE869C3C9A8EB606CA72DEA9288751DDD0582B8A29E8A ] D:\WINDOWS\system32\mtxclu.dll
10:59:40.0656 0x047c  D:\WINDOWS\system32\mtxclu.dll - ok
10:59:40.0656 0x047c  [ 241F738F1F3F67297066898C6322E794, 4DD9A20D2EC7F7EC65529D6F53C54C98F7A3AB1A1C662ACBE46ECF3DA5589FF0 ] D:\WINDOWS\system32\resutils.dll
10:59:40.0656 0x047c  D:\WINDOWS\system32\resutils.dll - ok
10:59:40.0656 0x047c  [ F4E0C344DDBD3F1DD43B438009A06B77, 452BA14451E599B255A56793E30A096CA1F16C4A5F65C4CBDC2F54ECA21DAC51 ] D:\WINDOWS\system32\wbem\wbemsvc.dll
10:59:40.0656 0x047c  D:\WINDOWS\system32\wbem\wbemsvc.dll - ok
10:59:40.0656 0x047c  [ 61E5A4949B77DFF8A776C3C45383AF2E, E2CD4C4EC1868AB4AA133AC13272ACA65E09AF979447723975BEC514F3E9D629 ] D:\WINDOWS\system32\wbem\repdrvfs.dll
10:59:40.0656 0x047c  D:\WINDOWS\system32\wbem\repdrvfs.dll - ok
10:59:40.0656 0x047c  [ BBF69BCF56B41E590B3F52719D002DB3, 8C6DA6C5B19C3A2A8FF998120FFEFAEE0C82522BCFA4274CD1775DF98572200B ] D:\WINDOWS\system32\wbem\wmiutils.dll
10:59:40.0656 0x047c  D:\WINDOWS\system32\wbem\wmiutils.dll - ok
10:59:40.0671 0x047c  [ A7F9E133160AFC926AC272EB80C47C58, D383EBA825C1245391F1D91AAC3FD62C81CB31B4AF7FC79E374DC6AF0F245FF3 ] D:\WINDOWS\system32\wbem\wmiprvsd.dll
10:59:40.0671 0x047c  D:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
10:59:40.0671 0x047c  [ 885CE91BDCDECEDCA6DB0E59D48FB43D, D4725D4F00DA4142505F124BA987475E98D276F891A868D4B2477857F700A448 ] D:\WINDOWS\system32\wbem\wbemess.dll
10:59:40.0671 0x047c  D:\WINDOWS\system32\wbem\wbemess.dll - ok
10:59:40.0671 0x047c  [ F49D9D59B38311C3A2F6D1FC1C297BE4, D1555A774396AF2718D5278F4967BB6977BD62C495B824EF6F0B1379730B43FC ] D:\WINDOWS\system32\wuapi.dll
10:59:40.0671 0x047c  D:\WINDOWS\system32\wuapi.dll - ok
10:59:40.0671 0x047c  [ 755A529EF5EA3960835507A727FABE56, 3FAD58A7BFCD92F101EE44368562110A87FC5BCBDABAE85AFB98147BAB502A00 ] D:\WINDOWS\system32\wbem\ncprov.dll
10:59:40.0671 0x047c  D:\WINDOWS\system32\wbem\ncprov.dll - ok
10:59:40.0687 0x047c  [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] D:\WINDOWS\system32\alg.exe
10:59:40.0687 0x047c  D:\WINDOWS\system32\alg.exe - ok
10:59:40.0687 0x047c  [ B9E1B91828711D12BBF27C3A29255127, 947BD601908DBB4EDEF93D2EBD2603614895D4D34BF36DA1B8D7FBC91319F316 ] D:\WINDOWS\system32\netcfgx.dll
10:59:40.0687 0x047c  D:\WINDOWS\system32\netcfgx.dll - ok
10:59:40.0687 0x047c  [ C7636BA48F5BA08AD427E6FBECC32679, 5C11B849BC7758C96687A492A1BA48DAE5410A043BB2B333B29B6F82578A15A3 ] D:\WINDOWS\system32\wbem\wbemcons.dll
10:59:40.0687 0x047c  D:\WINDOWS\system32\wbem\wbemcons.dll - ok
10:59:40.0687 0x047c  [ 27EB9D671497EA236E6B59EB9EDE3607, 1AF79A10F1F3D67BF8826A92D9BA523499F2946009DB2619B0988CCAD8C44A63 ] D:\WINDOWS\system32\cscui.dll
10:59:40.0687 0x047c  D:\WINDOWS\system32\cscui.dll - ok
10:59:40.0687 0x047c  [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] D:\WINDOWS\system32\termsrv.dll
10:59:40.0687 0x047c  D:\WINDOWS\system32\termsrv.dll - ok
10:59:40.0703 0x047c  [ 39E63B4B76CB20E20949FCC6DE1BC630, F8A80D853B445E43C37BF5EC35CB9D789B2F8F0A09E1CA50368A547EC8BFD060 ] D:\WINDOWS\system32\icaapi.dll
10:59:40.0703 0x047c  D:\WINDOWS\system32\icaapi.dll - ok
10:59:40.0703 0x047c  [ F0D12C9FA5F8C3ED9329418FFDC4FE4C, 49BAD9620B6671470ADF7F114F241DDD7E6CB28AFCB2F563BAC5DAD520A5B9EB ] D:\WINDOWS\system32\mstlsapi.dll
10:59:40.0703 0x047c  D:\WINDOWS\system32\mstlsapi.dll - ok
10:59:40.0703 0x047c  [ 5A023A0A96A198A667A9FB42ACFA0D7F, 51C51D1F593D7B3EA68CF636D965B2E121984A7C72C650A52E01B2D100CDAE77 ] D:\WINDOWS\system32\dpcdll.dll
10:59:40.0703 0x047c  D:\WINDOWS\system32\dpcdll.dll - ok
10:59:40.0703 0x047c  [ BE2C8BD5F596535D534C785B04A3B741, 45873CE1C437B25CBF44C977569C30561830D0993C4116C6EBF400471DED0BB1 ] D:\WINDOWS\system32\wdmaud.drv
10:59:40.0703 0x047c  D:\WINDOWS\system32\wdmaud.drv - ok
10:59:40.0703 0x047c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] D:\WINDOWS\system32\drivers\wdmaud.sys
10:59:40.0703 0x047c  D:\WINDOWS\system32\drivers\wdmaud.sys - ok
10:59:40.0718 0x047c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] D:\WINDOWS\system32\drivers\sysaudio.sys
10:59:40.0718 0x047c  D:\WINDOWS\system32\drivers\sysaudio.sys - ok
10:59:40.0718 0x047c  [ 788F95312E26389D596C0FA55834E106, F7090C739CFC4AA6280BFEDC1551118F05A098B0AD71BB9541E21E6FDFED3040 ] D:\WINDOWS\system32\userinit.exe
10:59:40.0718 0x047c  D:\WINDOWS\system32\userinit.exe - ok
10:59:40.0718 0x047c  [ 418045A93CD87A352098AB7DABE1B53E, 81419093CCB985DA284931FA3DF41C4CFE25350DB1C366792903411819371664 ] D:\WINDOWS\explorer.exe
10:59:40.0718 0x047c  D:\WINDOWS\explorer.exe - ok
10:59:40.0718 0x047c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] D:\WINDOWS\system32\drivers\splitter.sys
10:59:40.0718 0x047c  D:\WINDOWS\system32\drivers\splitter.sys - ok
10:59:40.0734 0x047c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] D:\WINDOWS\system32\drivers\aec.sys
10:59:40.0734 0x047c  D:\WINDOWS\system32\drivers\aec.sys - ok
10:59:40.0734 0x047c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] D:\WINDOWS\system32\drivers\swmidi.sys
10:59:40.0734 0x047c  D:\WINDOWS\system32\drivers\swmidi.sys - ok
10:59:40.0734 0x047c  [ 62982E7EF025B5D8FB31467265C43918, 50763ED3A1524110A4E1327877C1D6495F135FC462E48D99423AAEC39C139492 ] D:\WINDOWS\system32\browseui.dll
10:59:40.0734 0x047c  D:\WINDOWS\system32\browseui.dll - ok
10:59:40.0734 0x047c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] D:\WINDOWS\system32\drivers\dmusic.sys
10:59:40.0734 0x047c  D:\WINDOWS\system32\drivers\dmusic.sys - ok
10:59:40.0734 0x047c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] D:\WINDOWS\system32\drivers\kmixer.sys
10:59:40.0734 0x047c  D:\WINDOWS\system32\drivers\kmixer.sys - ok
10:59:40.0750 0x047c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] D:\WINDOWS\system32\drivers\drmkaud.sys
10:59:40.0750 0x047c  D:\WINDOWS\system32\drivers\drmkaud.sys - ok
10:59:40.0750 0x047c  [ 5F62AE472DDEC02CB3C635FAD6F3A632, ED777A976B6F75A20EF7D92972B26D5DF8AC2471412D6CB34E0DE74ABB7DBD44 ] D:\WINDOWS\system32\shdocvw.dll
10:59:40.0750 0x047c  D:\WINDOWS\system32\shdocvw.dll - ok
10:59:40.0750 0x047c  [ 84BDD3C4FADB534BD843D949CFCDE53C, 5773B9D7A417935D298AFB2D0FCA9FCFCBD9192F9AC0DE3CFBDE0477D819E348 ] D:\WINDOWS\system32\msacm32.drv
10:59:40.0750 0x047c  D:\WINDOWS\system32\msacm32.drv - ok
10:59:40.0750 0x047c  [ 2CF969B9BF1EF069075DCDCE309FAAE1, 04CD664171AC3BD147CB5FA5CE86F42454D595A73988DFA870410172AC33373A ] D:\WINDOWS\system32\midimap.dll
10:59:40.0750 0x047c  D:\WINDOWS\system32\midimap.dll - ok
10:59:40.0750 0x047c  [ 4B0451C5A07470A3722171E354ABDADE, A7A1F52BA1A20330FEEBF285A62784475E74C95C76B875DF50B71721E412AA5F ] D:\WINDOWS\system32\desk.cpl
10:59:40.0750 0x047c  D:\WINDOWS\system32\desk.cpl - ok
10:59:40.0765 0x047c  [ 78898165CF0E27AFBD8653EF6D2FDA07, 0DBE48641D23FBF823E100861428F73ABCE067B78D5FC97B472806A02D12F36A ] D:\WINDOWS\system32\themeui.dll
10:59:40.0765 0x047c  D:\WINDOWS\system32\themeui.dll - ok
10:59:40.0765 0x047c  [ 65660A5C5C56DEFBA2F0F417D1B4A82C, A55940A35993B24CE3EE420F2C3C5D5EB62207711096E1F690FB0563DAF21B2E ] D:\WINDOWS\system32\urlmon.dll
10:59:40.0765 0x047c  D:\WINDOWS\system32\urlmon.dll - ok
10:59:40.0765 0x047c  [ 9B890F756D087991322464912FE68E75, 57BF326C1AFC57803F6E5E77458080FE5A1C1413C6F9BD3CC37ADD07008E6812 ] D:\WINDOWS\system32\cmd.exe
10:59:40.0765 0x047c  D:\WINDOWS\system32\cmd.exe - ok
10:59:40.0765 0x047c  [ EDAFBE25FB6480CE68F688BA691890DC, F21610B3FC4FE3C18334F2B204E9E7E77F7AC3DD7357171AAD2A65B64AC653E0 ] D:\WINDOWS\system32\wscntfy.exe
10:59:40.0765 0x047c  D:\WINDOWS\system32\wscntfy.exe - ok
10:59:40.0765 0x047c  [ 2AD9820E4B17E78110A6AA06BF5C1CE2, 330A62FC255D24FCF7904B11CD533A9A06C1EBDBD90491A11960317759E7F4D0 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{F9B0BAD2-A76D-4A9E-9159-A678F3457962}.exe
10:59:40.0765 0x047c  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{F9B0BAD2-A76D-4A9E-9159-A678F3457962}.exe - ok
10:59:40.0781 0x047c  [ 65657A27D1487BAAFE446ED3E20D2209, F0A1D344E38B9D60F6149E0BDCCB06EF53A298E76B1682A5F573CFD3B8F49CAF ] D:\WINDOWS\system32\msutb.dll
10:59:40.0781 0x047c  D:\WINDOWS\system32\msutb.dll - ok
10:59:40.0781 0x047c  [ A4472EA73BFB27132483F86BAFCD7783, 04DABF76F91D8F3EE43837591C33516E2C644AB3F2C8E75FE5256258C1632046 ] D:\WINDOWS\system32\msctf.dll
10:59:40.0781 0x047c  D:\WINDOWS\system32\msctf.dll - ok
10:59:40.0781 0x047c  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] D:\WINDOWS\system32\ctfmon.exe
10:59:40.0781 0x047c  D:\WINDOWS\system32\ctfmon.exe - ok
10:59:40.0781 0x047c  [ F6B34CD47CAF6D68106B9F8055F35C50, AEB641391D0186C2A6C2ED97FE87EDF6D0289818FD2CBB98AAD0CDA3504B23B0 ] D:\WINDOWS\system32\rundll32.exe
10:59:40.0781 0x047c  D:\WINDOWS\system32\rundll32.exe - ok
10:59:40.0796 0x047c  [ 456DFE2E9E04CAD282E19DE078DCF85B, 1236F50D225F331F0583D5203E58B2CE631008832071F8FDAF103D0BF47D49AD ] D:\WINDOWS\ime\sptip.dll
10:59:40.0796 0x047c  D:\WINDOWS\ime\sptip.dll - ok
10:59:40.0796 0x047c  [ 6106C285CCBAA90AABE190C7F9E25558, 955D34F12EF4A3B4531DF821ACA31762DAE3E7868719F1FFBDDC85637F4E18E8 ] D:\WINDOWS\system32\bthprops.cpl
10:59:40.0796 0x047c  D:\WINDOWS\system32\bthprops.cpl - ok
10:59:40.0796 0x047c  [ A7A221F7ED230E24A3186A5234751A08, D22B3BE8690FB6BA0586640C67212D5C6105B437086C96572BF3FB01CF308582 ] D:\WINDOWS\system32\winhttp.dll
10:59:40.0796 0x047c  D:\WINDOWS\system32\winhttp.dll - ok
10:59:40.0796 0x047c  [ 5543A9D4A1D0F9F84092482A9373A024, 6A400462579D71046074FA49A34E0F909C43DCBFA05D1875084FA7FF260949E4 ] D:\WINDOWS\system32\linkinfo.dll
10:59:40.0796 0x047c  D:\WINDOWS\system32\linkinfo.dll - ok
10:59:40.0812 0x047c  [ E5A0609A36161F9CA277F3E4EEE339F7, E8E300F5535DBDE4682A2263CD3AF12C5CF778412AA97A8D124B3130ED2B7BEF ] D:\WINDOWS\system32\devmgr.dll
10:59:40.0812 0x047c  D:\WINDOWS\system32\devmgr.dll - ok
10:59:40.0812 0x047c  [ 6AD81A33FE1E1DBB7A1E332C20160D05, 128AA71D3E4CEF642F9C1568349ADFA2AD2A5C4F5E5AA2702380C02783129DE1 ] D:\WINDOWS\system32\ntshrui.dll
10:59:40.0812 0x047c  D:\WINDOWS\system32\ntshrui.dll - ok
10:59:40.0812 0x047c  [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{A915FA1E-B9A2-4784-BC55-2AD53BDE3C54}.tmp
10:59:40.0812 0x047c  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{A915FA1E-B9A2-4784-BC55-2AD53BDE3C54}.tmp - ok
10:59:40.0812 0x047c  [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{D8B76846-5125-487B-A024-C71412463522}.tmp
10:59:40.0812 0x047c  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{D8B76846-5125-487B-A024-C71412463522}.tmp - ok
10:59:40.0812 0x047c  [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{C825494E-CCDD-4C59-BD42-623FB051A6D6}.tmp
10:59:40.0812 0x047c  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{C825494E-CCDD-4C59-BD42-623FB051A6D6}.tmp - ok
10:59:40.0828 0x047c  [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{602C3539-CA26-43AD-9E1A-126E4196A02D}.tmp
10:59:40.0828 0x047c  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{602C3539-CA26-43AD-9E1A-126E4196A02D}.tmp - ok
10:59:40.0828 0x047c  [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{C695AF32-9B0D-4212-969C-26AD74C8FB40}.tmp
10:59:40.0828 0x047c  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{C695AF32-9B0D-4212-969C-26AD74C8FB40}.tmp - ok
10:59:40.0828 0x047c  [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{F69A8810-00B3-453C-B66E-951447F74924}.tmp
10:59:40.0828 0x047c  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{F69A8810-00B3-453C-B66E-951447F74924}.tmp - ok
10:59:40.0828 0x047c  [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{CCD7B2E7-311B-43F6-A01E-4B3DE706746B}.tmp
10:59:40.0828 0x047c  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{CCD7B2E7-311B-43F6-A01E-4B3DE706746B}.tmp - ok
10:59:40.0828 0x047c  [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{BFCD120E-12C9-4C76-8AA1-E1BFDDAA5C9E}.tmp
10:59:40.0828 0x047c  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{BFCD120E-12C9-4C76-8AA1-E1BFDDAA5C9E}.tmp - ok
10:59:40.0843 0x047c  [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{8DC56621-3700-4C25-9038-956F22331497}.tmp
10:59:40.0843 0x047c  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{8DC56621-3700-4C25-9038-956F22331497}.tmp - ok
10:59:40.0843 0x047c  [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{2384202C-3EAC-42ED-92A8-B008009A0E44}.tmp
10:59:40.0843 0x047c  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E9042442-B537-4611-920D-D8526101D9E4}\{2384202C-3EAC-42ED-92A8-B008009A0E44}.tmp - ok
10:59:40.0843 0x047c  [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] D:\WINDOWS\system32\imapi.exe
10:59:40.0843 0x047c  D:\WINDOWS\system32\imapi.exe - ok
10:59:40.0843 0x047c  [ C1DA9CCE6295AA435877CFBF0C61005D, 63B6B70CF3E535F7863DAA3A2DC904E2FA8470E2E35A4C1368468F4015B80F81 ] D:\WINDOWS\system32\webcheck.dll
10:59:40.0843 0x047c  D:\WINDOWS\system32\webcheck.dll - ok
10:59:40.0859 0x047c  [ F84AC3459F5ED9B77BC38C481F744729, 14DB981F2256858F144183C0C66ACF1100D65CBEF73ADD31E1B41D6F648DAF56 ] D:\WINDOWS\system32\batmeter.dll
10:59:40.0859 0x047c  D:\WINDOWS\system32\batmeter.dll - ok
10:59:40.0859 0x047c  [ DE2CD737BB7C6B2F391D54A06C1B80A1, 364E8F5088E0B9B7A7672D752BB1CED92DC2FFEEE4F9A1F16C46839462CB48A6 ] D:\WINDOWS\system32\stobject.dll
10:59:40.0859 0x047c  D:\WINDOWS\system32\stobject.dll - ok
10:59:40.0859 0x047c  [ 3F541BFA1043223844EBBFEBE3ED1AD8, 7A78013B9DC714FEF40B445653E1B901E3476C38724F43AEFC5715F26448D063 ] D:\WINDOWS\system32\ssdpapi.dll
10:59:40.0859 0x047c  D:\WINDOWS\system32\ssdpapi.dll - ok
10:59:40.0859 0x047c  [ 24ABEFFDE26EDD53F33187FB46068876, 988157B737163DEAAFDB8157DBC3D37C05DADC4433A864D7C811CF23087E86F2 ] D:\WINDOWS\system32\upnp.dll
10:59:40.0859 0x047c  D:\WINDOWS\system32\upnp.dll - ok
10:59:40.0859 0x047c  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] D:\WINDOWS\system32\drivers\http.sys
10:59:40.0859 0x047c  D:\WINDOWS\system32\drivers\http.sys - ok
10:59:40.0875 0x047c  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] D:\WINDOWS\system32\ssdpsrv.dll
10:59:40.0875 0x047c  D:\WINDOWS\system32\ssdpsrv.dll - ok
10:59:40.0875 0x047c  [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] D:\WINDOWS\system32\rasmans.dll
10:59:40.0875 0x047c  D:\WINDOWS\system32\rasmans.dll - ok
10:59:40.0875 0x047c  [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] D:\WINDOWS\system32\tapisrv.dll
10:59:40.0875 0x047c  D:\WINDOWS\system32\tapisrv.dll - ok
10:59:40.0875 0x047c  [ 67F2A1E0D4EF9F276346E9FE5007C6A2, 8790C9560BEF428634D3824E129B57CC70DCE59FD27CBE86BD1DE36FBCD1CED1 ] D:\WINDOWS\system32\rastapi.dll
10:59:40.0875 0x047c  D:\WINDOWS\system32\rastapi.dll - ok
10:59:40.0875 0x047c  [ A0D8D3E40071A2D46A174F358E579FF9, 2AEFE14B4B789878A067686056D35A09B8C7D2FE10833FF4526ABE4B0FAF7CC5 ] D:\WINDOWS\system32\unimdm.tsp
10:59:40.0875 0x047c  D:\WINDOWS\system32\unimdm.tsp - ok
10:59:40.0890 0x047c  [ 6880D17F2120260DED52864711FD5D40, 5B2AF29DD885F58B6137D6F0D9CF2F4417388E2C6A7D0E823844238E64352DF9 ] D:\WINDOWS\system32\uniplat.dll
10:59:40.0890 0x047c  D:\WINDOWS\system32\uniplat.dll - ok
10:59:40.0890 0x047c  [ E1A725D3FAC63C1D61EDA9D01D52018E, E6C43143A63FB8D168D50D90BDD7E0228D5C4CEB44F51FC6D80E5ABAF83850AD ] D:\WINDOWS\system32\modemui.dll
10:59:40.0890 0x047c  D:\WINDOWS\system32\modemui.dll - ok
10:59:40.0890 0x047c  [ F7F6B41973142FACBCB0227051B8758C, E9068499EFDE0BBAF7F3AC2A28858FD4D4D7D68BF0F11625C2F35FE3A81F4DDF ] D:\WINDOWS\system32\unimdmat.dll
10:59:40.0890 0x047c  D:\WINDOWS\system32\unimdmat.dll - ok
10:59:40.0890 0x047c  [ A46C35D2222289E11498E63DC255D9EE, 52E4AE39EE6E7026F7C5E9698773A7C6AB98DBBF298BD6C7482033DB5ED7DA70 ] D:\WINDOWS\system32\h323.tsp
10:59:40.0890 0x047c  D:\WINDOWS\system32\h323.tsp - ok
10:59:40.0890 0x047c  [ FAB9161D01BAFED0FBA37B7EDC2E6C3E, 4FC6445C53AB9ABA555ACD77A46725ADD25185ECAB775A65981B931758BF1781 ] D:\WINDOWS\system32\ipconf.tsp
10:59:40.0890 0x047c  D:\WINDOWS\system32\ipconf.tsp - ok
10:59:40.0906 0x047c  [ B88E7C1BECF19CB7DF5D14C139E1B129, A0AFE18EE94B3A5621639B99766289339780470077FCCBD4D8592EC11D6BAF83 ] D:\WINDOWS\system32\kmddsp.tsp
10:59:40.0906 0x047c  D:\WINDOWS\system32\kmddsp.tsp - ok
10:59:40.0906 0x047c  [ B6368A01066D60B47927E70C3FCC4F4E, 2BAA8A00B3CDC2559360D83E53981404E8945D25A21BA411D96630B80FB0879F ] D:\WINDOWS\system32\ndptsp.tsp
10:59:40.0906 0x047c  D:\WINDOWS\system32\ndptsp.tsp - ok
10:59:40.0906 0x047c  [ B469B24EB3B6A5FA2E9AD4679F209A5A, 057467DE813719DA55E8A763E7DB54CB078EA248FCE1964A7DE48E74791BE115 ] D:\WINDOWS\system32\hidphone.tsp
10:59:40.0906 0x047c  D:\WINDOWS\system32\hidphone.tsp - ok
10:59:40.0906 0x047c  [ 41AA6EB6D03E14F64CAE4E661C45F5FC, F3B6FE36CBD517D05EF6E78585D612583C99237B3A1C4F12EC5533111E9C39CB ] D:\WINDOWS\system32\ntlsapi.dll
10:59:40.0906 0x047c  D:\WINDOWS\system32\ntlsapi.dll - ok
10:59:40.0921 0x047c  [ 784CE11452CEE7FA71BE94ACABC8D241, 8808A42B819D17921C417AFE4EF8653D6D63E62E86E26994CF1D6DF7A878646C ] D:\WINDOWS\system32\rasppp.dll
10:59:40.0921 0x047c  D:\WINDOWS\system32\rasppp.dll - ok
10:59:40.0921 0x047c  [ 1F869848291EFDBE3883B101EDD39025, F2771C370D1BE7AEDBC88140CAD704A96906F6ACC5F2D67F87909B8BF209F5A8 ] D:\WINDOWS\system32\rasqec.dll
10:59:40.0921 0x047c  D:\WINDOWS\system32\rasqec.dll - ok
10:59:40.0921 0x047c  [ 31940D74AE890495C73E37482F150DC3, B557CF9608AB3F31980EE36587F66CFF19017FD28398306590A783CBEDB9A58C ] D:\WINDOWS\system32\rasdlg.dll
10:59:40.0921 0x047c  D:\WINDOWS\system32\rasdlg.dll - ok
10:59:40.0921 0x047c  ================ Scan generic autorun ======================
10:59:40.0921 0x047c  BluetoothAuthenticationAgent - ok
10:59:40.0953 0x047c  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] D:\WINDOWS\system32\CTFMON.EXE
10:59:41.0031 0x047c  CTFMON.EXE - ok
10:59:41.0156 0x047c  [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] D:\Programme\Spy\TeaTimer.exe
10:59:41.0296 0x047c  SpybotSD TeaTimer - detected UnsignedFile.Multi.Generic ( 1 )
10:59:41.0296 0x047c  SpybotSD TeaTimer ( UnsignedFile.Multi.Generic ) - warning
10:59:41.0312 0x047c  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] D:\WINDOWS\system32\ctfmon.exe
10:59:41.0375 0x047c  CTFMON.EXE - ok
10:59:41.0484 0x047c  Win FW state via NFM: enabled
10:59:41.0484 0x047c  ============================================================
10:59:41.0484 0x047c  Scan finished
10:59:41.0484 0x047c  ============================================================
10:59:41.0500 0x0744  Detected object count: 3
10:59:41.0500 0x0744  Actual detected object count: 3
11:00:07.0968 0x0744  41d78ef79c384a09 ( Rootkit.Win32.Necurs.gen ) - skipped by user
11:00:07.0968 0x0744  41d78ef79c384a09 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
11:00:07.0968 0x0744  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:07.0968 0x0744  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:00:07.0968 0x0744  SpybotSD TeaTimer ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:07.0968 0x0744  SpybotSD TeaTimer ( UnsignedFile.Multi.Generic ) - User select action: Skip

schrauber 30.11.2014 17:43
Zitat:
11:00:07.0968 0x0744 41d78ef79c384a09 ( Rootkit.Win32.Necurs.gen ) - skipped by user
11:00:07.0968 0x0744 41d78ef79c384a09 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip


Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Gehe sicher das Cure ( default ) angehackt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
    Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die Endbenutzer-Lizenz.
    Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls etwas schief geht.
    Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
    Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es eine Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

tymara 30.11.2014 20:44
Hallo,
hier die Logs.

TDSS erster Teil

[CODE
19:00:03.0875 0x0218 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
19:00:05.0781 0x0218 ============================================================
19:00:05.0781 0x0218 Current date / time: 2014/11/30 19:00:05.0781
19:00:05.0781 0x0218 SystemInfo:
19:00:05.0781 0x0218
19:00:05.0781 0x0218 OS Version: 5.1.2600 ServicePack: 3.0
19:00:05.0781 0x0218 Product type: Workstation
19:00:05.0781 0x0218 ComputerName: INTRNET
19:00:05.0781 0x0218 UserName: Arbeit
19:00:05.0781 0x0218 Windows directory: D:\WINDOWS
19:00:05.0781 0x0218 System windows directory: D:\WINDOWS
19:00:05.0781 0x0218 Processor architecture: Intel x86
19:00:05.0781 0x0218 Number of processors: 2
19:00:05.0781 0x0218 Page size: 0x1000
19:00:05.0781 0x0218 Boot type: Normal boot
19:00:05.0781 0x0218 ============================================================
19:00:05.0781 0x0218 BG loaded
19:00:05.0953 0x0218 System UUID: {78DF7FD0-1D0E-3939-D90F-C6BA596866FA}
19:00:06.0437 0x0218 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
19:00:06.0437 0x0218 Drive \Device\Harddisk1\DR3 - Size: 0x7A800000 ( 1.91 Gb ), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:00:06.0453 0x0218 ============================================================
19:00:06.0453 0x0218 \Device\Harddisk0\DR0:
19:00:06.0453 0x0218 MBR partitions:
19:00:06.0453 0x0218 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C25FE
19:00:06.0453 0x0218 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C267C, BlocksNum 0x1C7FE044
19:00:06.0453 0x0218 \Device\Harddisk1\DR3:
19:00:06.0453 0x0218 MBR partitions:
19:00:06.0453 0x0218 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x5F0, BlocksNum 0x3D3A10
19:00:06.0453 0x0218 ============================================================
19:00:06.0468 0x0218 C: <-> \Device\Harddisk0\DR0\Partition1
19:00:06.0500 0x0218 D: <-> \Device\Harddisk0\DR0\Partition2
19:00:06.0500 0x0218 ============================================================
19:00:06.0500 0x0218 Initialize success
19:00:06.0500 0x0218 ============================================================
19:00:25.0265 0x05c8 ============================================================
19:00:25.0265 0x05c8 Scan started
19:00:25.0265 0x05c8 Mode: Manual; SigCheck; TDLFS;
19:00:25.0265 0x05c8 ============================================================
19:00:25.0265 0x05c8 KSN ping started
19:00:25.0312 0x05c8 KSN ping finished: false
19:00:25.0718 0x05c8 ================ Scan system memory ========================
19:00:25.0718 0x05c8 System memory - ok
19:00:25.0718 0x05c8 ================ Scan services =============================
19:00:25.0718 0x05c8 Suspicious service (NoAccess): 41d78ef79c384a09
19:00:25.0812 0x05c8 [ B2234CF29BF7D128FA69510E0F2D11E2, 11C378B58C37C42365897250DE874E51E612137AC83B181E206571FD173AF4DA ] 41d78ef79c384a09 D:\WINDOWS\System32\Drivers\41d78ef79c384a09.sys
19:00:25.0812 0x05c8 Suspicious file ( NoAccess ): D:\WINDOWS\System32\Drivers\41d78ef79c384a09.sys. md5: B2234CF29BF7D128FA69510E0F2D11E2, sha256: 11C378B58C37C42365897250DE874E51E612137AC83B181E206571FD173AF4DA
19:00:26.0406 0x05c8 41d78ef79c384a09 - detected Rootkit.Win32.Necurs.gen ( 0 )
19:00:26.0562 0x05c8 41d78ef79c384a09 ( Rootkit.Win32.Necurs.gen ) - infected
19:00:26.0562 0x05c8 Force sending object to P2P due to detect: 41d78ef79c384a09
19:00:26.0562 0x05c8 Object send P2P result: false
19:00:26.0562 0x05c8 Abiosdsk - ok
19:00:26.0562 0x05c8 abp480n5 - ok
19:00:26.0656 0x05c8 ACDaemon - ok
19:00:26.0687 0x05c8 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI D:\WINDOWS\system32\DRIVERS\ACPI.sys
19:00:27.0531 0x05c8 ACPI - ok
19:00:27.0578 0x05c8 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC D:\WINDOWS\system32\drivers\ACPIEC.sys
19:00:27.0671 0x05c8 ACPIEC - ok
19:00:27.0671 0x05c8 adpu160m - ok
19:00:27.0703 0x05c8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec D:\WINDOWS\system32\drivers\aec.sys
19:00:27.0796 0x05c8 aec - ok
19:00:27.0843 0x05c8 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc D:\WINDOWS\system32\drivers\Afc.sys
19:00:27.0890 0x05c8 Afc - ok
19:00:27.0968 0x05c8 [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD D:\WINDOWS\System32\drivers\afd.sys
19:00:28.0062 0x05c8 AFD - ok
19:00:28.0062 0x05c8 Aha154x - ok
19:00:28.0062 0x05c8 aic78u2 - ok
19:00:28.0062 0x05c8 aic78xx - ok
19:00:28.0125 0x05c8 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter D:\WINDOWS\system32\alrsvc.dll
19:00:28.0234 0x05c8 Alerter - ok
19:00:28.0250 0x05c8 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG D:\WINDOWS\System32\alg.exe
19:00:28.0328 0x05c8 ALG - ok
19:00:28.0328 0x05c8 AliIde - ok
19:00:28.0421 0x05c8 [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt D:\WINDOWS\system32\drivers\Ambfilt.sys
19:00:28.0531 0x05c8 Ambfilt - ok
19:00:28.0562 0x05c8 [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] AmdPPM D:\WINDOWS\system32\DRIVERS\AmdPPM.sys
19:00:28.0609 0x05c8 AmdPPM - ok
19:00:28.0609 0x05c8 amsint - ok
19:00:28.0640 0x05c8 [ D45960BE52C3C610D361977057F98C54, 9186589B502F46B47672CFB8EBD558D51B0F3CBFE4E0DDBA625A4265236518CE ] AppMgmt D:\WINDOWS\System32\appmgmts.dll
19:00:28.0734 0x05c8 AppMgmt - ok
19:00:28.0734 0x05c8 asc - ok
19:00:28.0750 0x05c8 asc3350p - ok
19:00:28.0750 0x05c8 asc3550 - ok
19:00:28.0796 0x05c8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac D:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:00:28.0875 0x05c8 AsyncMac - ok
19:00:28.0906 0x05c8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi D:\WINDOWS\system32\DRIVERS\atapi.sys
19:00:28.0984 0x05c8 atapi - ok
19:00:29.0000 0x05c8 Atdisk - ok
19:00:29.0062 0x05c8 [ ECA673779ECD27D674953D692FE070F6, 6FBCAF6C347E06032C63B72261785109D0929BE1B23CA5465995803951954616 ] Ati HotKey Poller D:\WINDOWS\system32\Ati2evxx.exe
19:00:29.0125 0x05c8 Ati HotKey Poller - ok
19:00:29.0234 0x05c8 [ 15B2FE76E2ECEB98C49ED52311A6F26F, E917AEBD221BF2DB217C111F256033FDA2B28FE55C7E87DAD4A16B84E3FD9398 ] ati2mtag D:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:00:29.0390 0x05c8 ati2mtag - ok
19:00:29.0453 0x05c8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc D:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:00:29.0546 0x05c8 Atmarpc - ok
19:00:29.0578 0x05c8 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv D:\WINDOWS\System32\audiosrv.dll
19:00:29.0656 0x05c8 AudioSrv - ok
19:00:29.0703 0x05c8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub D:\WINDOWS\system32\DRIVERS\audstub.sys
19:00:29.0781 0x05c8 audstub - ok
19:00:29.0828 0x05c8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep D:\WINDOWS\system32\drivers\Beep.sys
19:00:29.0906 0x05c8 Beep - ok
19:00:29.0953 0x05c8 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS D:\WINDOWS\system32\qmgr.dll
19:00:30.0062 0x05c8 BITS - ok
19:00:30.0093 0x05c8 [ 852A1BD08E7DFEB9E30B5440881C0501, 92D3F82A29D4466706DA0A30921B4AE5D67F08C2C4EF362EDB1A2D254A5AF068 ] BlueletAudio D:\WINDOWS\system32\DRIVERS\blueletaudio.sys
19:00:30.0109 0x05c8 BlueletAudio - ok
19:00:30.0125 0x05c8 [ 8FC27B12A02B43947787F0EF1885DF9B, 1C0A44406FCD78BB6410140512B2165F974CD1837400A818529E4054A358E7BF ] BlueletSCOAudio D:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
19:00:30.0140 0x05c8 BlueletSCOAudio - ok
19:00:30.0171 0x05c8 [ B42057F06BBB98B31876C0B3F2B54E33, 779AF28378E8D37E784BEDBEE23DCFFC6C9C9068180F2A9058C91047E33ED078 ] Browser D:\WINDOWS\System32\browser.dll
19:00:30.0250 0x05c8 Browser - ok
19:00:30.0265 0x05c8 [ C5CCE2B26F73F8CF7F3C82159E79AA08, 09FDCB702ADB4A58F061D314BD7FD4A2BD487EA877F89A5F31B86BE0BBC24360 ] BT D:\WINDOWS\system32\DRIVERS\btnetdrv.sys
19:00:30.0265 0x05c8 BT - ok
19:00:30.0281 0x05c8 [ DA473D279420234170DA795F1CAD4479, A6958C700496695D9B24D570FDCCB47C114217426AACB3FABBBA1941C722008D ] Btcsrusb D:\WINDOWS\system32\Drivers\btcusb.sys
19:00:30.0281 0x05c8 Btcsrusb - ok
19:00:30.0328 0x05c8 [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum D:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:00:30.0421 0x05c8 BthEnum - ok
19:00:30.0437 0x05c8 [ CE643D0918123D76A5CAAB008FCA9663, 045FA050D273C56AF13DC24A3E4AB14B236AC2CB4DD48D5B3180696096D3A931 ] BTHidEnum D:\WINDOWS\system32\Drivers\vbtenum.sys
19:00:30.0437 0x05c8 BTHidEnum - ok
19:00:30.0437 0x05c8 [ DFCA4FE4C8AEC786B4D0F432EB730F48, 3D9731A50127E86280B93466A3CAA90607027341E04EA3A8AE89B373DFC0A5B8 ] BTHidMgr D:\WINDOWS\system32\Drivers\BTHidMgr.sys
19:00:30.0453 0x05c8 BTHidMgr - ok
19:00:30.0453 0x05c8 [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM D:\WINDOWS\system32\DRIVERS\bthmodem.sys
19:00:30.0531 0x05c8 BTHMODEM - ok
19:00:30.0546 0x05c8 [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan D:\WINDOWS\system32\DRIVERS\bthpan.sys
19:00:30.0640 0x05c8 BthPan - ok
19:00:30.0671 0x05c8 [ 27D6108CFEBA7EF5AA976FC66EC77BBD, B0C3C61B3AF6358D9BE12DF56F741FE3CC5714950C74014EBED6804034D9D5DE ] BTHPORT D:\WINDOWS\system32\Drivers\BTHport.sys
19:00:30.0750 0x05c8 BTHPORT - ok
19:00:30.0796 0x05c8 [ 26C601EF7525E31379744ABFC6F35A1B, 842626D3A00DDA959A4AB730C0D551244DCDA15AC291FD70CC7324571A6088EC ] BthServ D:\WINDOWS\System32\bthserv.dll
19:00:30.0875 0x05c8 BthServ - ok
19:00:30.0890 0x05c8 [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB D:\WINDOWS\system32\Drivers\BTHUSB.sys
19:00:30.0968 0x05c8 BTHUSB - ok
19:00:31.0031 0x05c8 [ 4F26303BECBB7CC5CA8FF39593124CF2, 2953C2F0F81230B97ABD517F68367A3B787A2F02E780062386EFFF2F22E159BF ] BTNetFilter D:\Programme\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
19:00:31.0046 0x05c8 BTNetFilter - ok
19:00:31.0062 0x05c8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k D:\WINDOWS\system32\drivers\cbidf2k.sys
19:00:31.0140 0x05c8 cbidf2k - ok
19:00:31.0140 0x05c8 cd20xrnt - ok
19:00:31.0171 0x05c8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio D:\WINDOWS\system32\drivers\Cdaudio.sys
19:00:31.0250 0x05c8 Cdaudio - ok
19:00:31.0296 0x05c8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs D:\WINDOWS\system32\drivers\Cdfs.sys
19:00:31.0375 0x05c8 Cdfs - ok
19:00:31.0375 0x05c8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom D:\WINDOWS\system32\DRIVERS\cdrom.sys
19:00:31.0468 0x05c8 Cdrom - ok
19:00:31.0468 0x05c8 Changer - ok
19:00:31.0500 0x05c8 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc D:\WINDOWS\system32\cisvc.exe
19:00:31.0578 0x05c8 CiSvc - ok
19:00:31.0593 0x05c8 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv D:\WINDOWS\system32\clipsrv.exe
19:00:31.0656 0x05c8 ClipSrv - ok
19:00:31.0656 0x05c8 CmdIde - ok
19:00:31.0671 0x05c8 COMSysApp - ok
19:00:31.0671 0x05c8 Cpqarray - ok
19:00:31.0687 0x05c8 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc D:\WINDOWS\System32\cryptsvc.dll
19:00:31.0765 0x05c8 CryptSvc - ok
19:00:31.0765 0x05c8 dac2w2k - ok
19:00:31.0765 0x05c8 dac960nt - ok
19:00:31.0828 0x05c8 [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] DcomLaunch D:\WINDOWS\system32\rpcss.dll
19:00:31.0921 0x05c8 DcomLaunch - ok
19:00:31.0984 0x05c8 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp D:\WINDOWS\System32\dhcpcsvc.dll
19:00:32.0062 0x05c8 Dhcp - ok
19:00:32.0093 0x05c8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk D:\WINDOWS\system32\DRIVERS\disk.sys
19:00:32.0171 0x05c8 Disk - ok
19:00:32.0187 0x05c8 dmadmin - ok
19:00:32.0234 0x05c8 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot D:\WINDOWS\system32\drivers\dmboot.sys
19:00:32.0343 0x05c8 dmboot - ok
19:00:32.0359 0x05c8 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio D:\WINDOWS\system32\drivers\dmio.sys
19:00:32.0437 0x05c8 dmio - ok
19:00:32.0468 0x05c8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload D:\WINDOWS\system32\drivers\dmload.sys
19:00:32.0546 0x05c8 dmload - ok
19:00:32.0578 0x05c8 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver D:\WINDOWS\System32\dmserver.dll
19:00:32.0656 0x05c8 dmserver - ok
19:00:32.0687 0x05c8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic D:\WINDOWS\system32\drivers\DMusic.sys
19:00:32.0765 0x05c8 DMusic - ok
19:00:32.0781 0x05c8 [ 8C9ED3B2834AAE63081AB2DA831C6FE9, 87D2931A5CD3658A28072BEC3F28384B91CC3B19D072CE9C69F119B80671C163 ] Dnscache D:\WINDOWS\System32\dnsrslvr.dll
19:00:32.0859 0x05c8 Dnscache - ok
19:00:32.0906 0x05c8 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc D:\WINDOWS\System32\dot3svc.dll
19:00:32.0984 0x05c8 Dot3svc - ok
19:00:33.0000 0x05c8 dpti2o - ok
19:00:33.0015 0x05c8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud D:\WINDOWS\system32\drivers\drmkaud.sys
19:00:33.0093 0x05c8 drmkaud - ok
19:00:33.0140 0x05c8 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost D:\WINDOWS\System32\eapsvc.dll
19:00:33.0718 0x05c8 EapHost - ok
19:00:33.0765 0x05c8 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc D:\WINDOWS\System32\ersvc.dll
19:00:33.0843 0x05c8 ERSvc - ok
19:00:33.0875 0x05c8 [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] Eventlog D:\WINDOWS\system32\services.exe
19:00:33.0953 0x05c8 Eventlog - ok
19:00:33.0984 0x05c8 [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C, 8FB19E57429EA5C35C43DADC9C37088A9AD6D039067DA7920DD6A3C9287D0FED ] EventSystem D:\WINDOWS\system32\es.dll
19:00:34.0062 0x05c8 EventSystem - ok
19:00:34.0109 0x05c8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat D:\WINDOWS\system32\drivers\Fastfat.sys
19:00:34.0187 0x05c8 Fastfat - ok
19:00:34.0234 0x05c8 [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] FastUserSwitchingCompatibility D:\WINDOWS\System32\shsvcs.dll
19:00:34.0312 0x05c8 FastUserSwitchingCompatibility - ok
19:00:34.0328 0x05c8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc D:\WINDOWS\system32\drivers\Fdc.sys
19:00:34.0390 0x05c8 Fdc - ok
19:00:34.0390 0x05c8 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips D:\WINDOWS\system32\drivers\Fips.sys
19:00:34.0468 0x05c8 Fips - ok
19:00:34.0468 0x05c8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk D:\WINDOWS\system32\drivers\Flpydisk.sys
19:00:34.0546 0x05c8 Flpydisk - ok
19:00:34.0593 0x05c8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr D:\WINDOWS\system32\drivers\fltmgr.sys
19:00:34.0656 0x05c8 FltMgr - ok
19:00:34.0671 0x05c8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec D:\WINDOWS\system32\drivers\Fs_Rec.sys
19:00:34.0750 0x05c8 Fs_Rec - ok
19:00:34.0765 0x05c8 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk D:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:00:34.0843 0x05c8 Ftdisk - ok
19:00:34.0843 0x05c8 gdrv - ok
19:00:34.0890 0x05c8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc D:\WINDOWS\system32\DRIVERS\msgpc.sys
19:00:34.0953 0x05c8 Gpc - ok
19:00:34.0984 0x05c8 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:00:35.0062 0x05c8 HDAudBus - ok
19:00:35.0156 0x05c8 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:00:35.0218 0x05c8 helpsvc - ok
19:00:35.0250 0x05c8 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ D:\WINDOWS\System32\hidserv.dll
19:00:35.0312 0x05c8 HidServ - ok
19:00:35.0343 0x05c8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb D:\WINDOWS\system32\DRIVERS\hidusb.sys
19:00:35.0421 0x05c8 hidusb - ok
19:00:35.0468 0x05c8 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc D:\WINDOWS\System32\kmsvc.dll
19:00:35.0546 0x05c8 hkmsvc - ok
19:00:35.0546 0x05c8 hpn - ok
19:00:35.0593 0x05c8 [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP D:\WINDOWS\system32\Drivers\HTTP.sys
19:00:35.0671 0x05c8 HTTP - ok
19:00:35.0703 0x05c8 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter D:\WINDOWS\System32\w3ssl.dll
19:00:35.0781 0x05c8 HTTPFilter - ok
19:00:35.0781 0x05c8 i2omgmt - ok
19:00:35.0781 0x05c8 i2omp - ok
19:00:35.0828 0x05c8 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt D:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:00:35.0906 0x05c8 i8042prt - ok
19:00:35.0921 0x05c8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi D:\WINDOWS\system32\DRIVERS\imapi.sys
19:00:36.0000 0x05c8 Imapi - ok
19:00:36.0031 0x05c8 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService D:\WINDOWS\system32\imapi.exe
19:00:36.0109 0x05c8 ImapiService - ok
19:00:36.0125 0x05c8 ini910u - ok
19:00:36.0312 0x05c8 [ 0C5A04F0FFAEBC25AC815EE14441A8CB, 1A140EFBAC42370180830543F765780508176CAD342541843F54F2B2BCFBD102 ] IntcAzAudAddService D:\WINDOWS\system32\drivers\RtkHDAud.sys
19:00:36.0531 0x05c8 IntcAzAudAddService - ok
19:00:36.0546 0x05c8 IntelIde - ok
19:00:36.0593 0x05c8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw D:\WINDOWS\system32\drivers\ip6fw.sys
19:00:36.0671 0x05c8 Ip6Fw - ok
19:00:36.0718 0x05c8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:00:36.0812 0x05c8 IpFilterDriver - ok
19:00:36.0859 0x05c8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp D:\WINDOWS\system32\DRIVERS\ipinip.sys
19:00:36.0921 0x05c8 IpInIp - ok
19:00:36.0953 0x05c8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat D:\WINDOWS\system32\DRIVERS\ipnat.sys
19:00:37.0046 0x05c8 IpNat - ok
19:00:37.0062 0x05c8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec D:\WINDOWS\system32\DRIVERS\ipsec.sys
19:00:37.0140 0x05c8 IPSec - ok
19:00:37.0140 0x05c8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM D:\WINDOWS\system32\DRIVERS\irenum.sys
19:00:37.0218 0x05c8 IRENUM - ok
19:00:37.0234 0x05c8 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp D:\WINDOWS\system32\DRIVERS\isapnp.sys
19:00:37.0296 0x05c8 isapnp - ok
19:00:37.0312 0x05c8 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass D:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:00:37.0406 0x05c8 Kbdclass - ok
19:00:37.0421 0x05c8 [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid D:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:00:37.0500 0x05c8 kbdhid - ok
19:00:37.0531 0x05c8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer D:\WINDOWS\system32\drivers\kmixer.sys
19:00:37.0609 0x05c8 kmixer - ok
19:00:37.0656 0x05c8 [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD D:\WINDOWS\system32\drivers\KSecDD.sys
19:00:37.0750 0x05c8 KSecDD - ok
19:00:37.0781 0x05c8 [ D6EB4916B203CBE525F8EFF5FD5AB16C, 93C0F25E7D018B85FE8725EF39F25AED80698D39356FA8FC9CA534F68C430EE8 ] lanmanserver D:\WINDOWS\System32\srvsvc.dll
19:00:37.0859 0x05c8 lanmanserver - ok
19:00:37.0906 0x05c8 [ C0DB1E9367681ECD7ECCA9615C1D0F9B, 0CB18C35032E39163645C1761A9488639D2EF0643D856FDAA013BFF8A69DC744 ] lanmanworkstation D:\WINDOWS\System32\wkssvc.dll
19:00:37.0984 0x05c8 lanmanworkstation - ok
19:00:37.0984 0x05c8 lbrtfdc - ok
19:00:38.0062 0x05c8 [ 9696786759C4B43FA5C894747E893EA2, 4E68CD3A109EF892F09E2A2E7805A53969B512E7F427A09880E2C2082513929F ] LightScribeService D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
19:00:38.0062 0x05c8 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
19:00:38.0078 0x05c8 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:00:38.0109 0x05c8 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts D:\WINDOWS\System32\lmhsvc.dll
19:00:38.0187 0x05c8 LmHosts - ok
19:00:38.0234 0x05c8 [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] MBAMProtector D:\WINDOWS\system32\drivers\mbam.sys
19:00:38.0234 0x05c8 MBAMProtector - ok
19:00:38.0343 0x05c8 [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler D:\Programme\Malwarebam\mbamscheduler.exe
19:00:38.0390 0x05c8 MBAMScheduler - ok
19:00:38.0484 0x05c8 [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService D:\Programme\Malwarebam\mbamservice.exe
19:00:38.0546 0x05c8 MBAMService - ok
19:00:38.0593 0x05c8 [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy D:\WINDOWS\system32\drivers\49F22E28.sys
19:00:38.0609 0x05c8 MBAMSwissArmy - ok
19:00:38.0640 0x05c8 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger D:\WINDOWS\System32\msgsvc.dll
19:00:38.0703 0x05c8 Messenger - ok
19:00:38.0750 0x05c8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd D:\WINDOWS\system32\drivers\mnmdd.sys
19:00:38.0828 0x05c8 mnmdd - ok
19:00:38.0875 0x05c8 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc D:\WINDOWS\system32\mnmsrvc.exe
19:00:38.0953 0x05c8 mnmsrvc - ok
19:00:38.0968 0x05c8 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem D:\WINDOWS\system32\drivers\Modem.sys
19:00:39.0062 0x05c8 Modem - ok
19:00:39.0140 0x05c8 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt D:\WINDOWS\system32\drivers\Monfilt.sys
19:00:39.0218 0x05c8 Monfilt - ok
19:00:39.0250 0x05c8 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass D:\WINDOWS\system32\DRIVERS\mouclass.sys
19:00:39.0328 0x05c8 Mouclass - ok
19:00:39.0343 0x05c8 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid D:\WINDOWS\system32\DRIVERS\mouhid.sys
19:00:39.0437 0x05c8 mouhid - ok
19:00:39.0437 0x05c8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr D:\WINDOWS\system32\drivers\MountMgr.sys
19:00:39.0515 0x05c8 MountMgr - ok
19:00:39.0531 0x05c8 MozillaMaintenance - ok
19:00:39.0531 0x05c8 mraid35x - ok
19:00:39.0546 0x05c8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV D:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:00:39.0609 0x05c8 MRxDAV - ok
19:00:39.0640 0x05c8 [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:00:39.0718 0x05c8 MRxSmb - ok
19:00:39.0765 0x05c8 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC D:\WINDOWS\system32\msdtc.exe
19:00:39.0828 0x05c8 MSDTC - ok
19:00:39.0843 0x05c8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs D:\WINDOWS\system32\drivers\Msfs.sys
19:00:39.0906 0x05c8 Msfs - ok
19:00:39.0906 0x05c8 MSIServer - ok
19:00:39.0937 0x05c8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV D:\WINDOWS\system32\drivers\MSKSSRV.sys
19:00:40.0015 0x05c8 MSKSSRV - ok
19:00:40.0031 0x05c8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK D:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:00:40.0093 0x05c8 MSPCLOCK - ok
19:00:40.0109 0x05c8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM D:\WINDOWS\system32\drivers\MSPQM.sys
19:00:40.0187 0x05c8 MSPQM - ok
19:00:40.0187 0x05c8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios D:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:00:40.0265 0x05c8 mssmbios - ok
19:00:40.0281 0x05c8 [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup D:\WINDOWS\system32\drivers\Mup.sys
19:00:40.0343 0x05c8 Mup - ok
19:00:40.0390 0x05c8 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent D:\WINDOWS\System32\qagentrt.dll
19:00:40.0484 0x05c8 napagent - ok
19:00:40.0546 0x05c8 NAVENG - ok
19:00:40.0546 0x05c8 NAVEX15 - ok
19:00:40.0578 0x05c8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS D:\WINDOWS\system32\drivers\NDIS.sys
19:00:40.0656 0x05c8 NDIS - ok
19:00:40.0671 0x05c8 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi D:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:00:40.0750 0x05c8 NdisTapi - ok
19:00:40.0765 0x05c8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio D:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:00:40.0828 0x05c8 Ndisuio - ok
19:00:40.0828 0x05c8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan D:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:00:40.0937 0x05c8 NdisWan - ok
19:00:40.0953 0x05c8 [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy D:\WINDOWS\system32\drivers\NDProxy.sys
19:00:41.0031 0x05c8 NDProxy - ok
19:00:41.0046 0x05c8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS D:\WINDOWS\system32\DRIVERS\netbios.sys
19:00:41.0125 0x05c8 NetBIOS - ok
19:00:41.0140 0x05c8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT D:\WINDOWS\system32\DRIVERS\netbt.sys
19:00:41.0234 0x05c8 NetBT - ok
19:00:41.0265 0x05c8 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE D:\WINDOWS\system32\netdde.exe
19:00:41.0343 0x05c8 NetDDE - ok
19:00:41.0343 0x05c8 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm D:\WINDOWS\system32\netdde.exe
19:00:41.0421 0x05c8 NetDDEdsdm - ok
19:00:41.0468 0x05c8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon D:\WINDOWS\system32\lsass.exe
19:00:41.0546 0x05c8 Netlogon - ok
19:00:41.0562 0x05c8 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman D:\WINDOWS\System32\netman.dll
19:00:41.0640 0x05c8 Netman - ok
19:00:41.0671 0x05c8 [ F12B9D9A069331877D006CC81B4735F9, 28EEE4A21412174BE0CAF7B041DAAB8299AA59EA5F6E41B8AFDD1A4DA770C793 ] Nla D:\WINDOWS\System32\mswsock.dll
19:00:41.0750 0x05c8 Nla - ok
19:00:41.0750 0x05c8 Norton Internet Security - ok
19:00:41.0796 0x05c8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs D:\WINDOWS\system32\drivers\Npfs.sys
19:00:41.0859 0x05c8 Npfs - ok
19:00:41.0906 0x05c8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs D:\WINDOWS\system32\drivers\Ntfs.sys
19:00:42.0015 0x05c8 Ntfs - ok
19:00:42.0046 0x05c8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp D:\WINDOWS\system32\lsass.exe
19:00:42.0109 0x05c8 NtLmSsp - ok
19:00:42.0171 0x05c8 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc D:\WINDOWS\system32\ntmssvc.dll
19:00:42.0265 0x05c8 NtmsSvc - ok
19:00:42.0296 0x05c8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null D:\WINDOWS\system32\drivers\Null.sys
19:00:42.0359 0x05c8 Null - ok
19:00:42.0406 0x05c8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:00:42.0484 0x05c8 NwlnkFlt - ok
19:00:42.0500 0x05c8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:00:42.0578 0x05c8 NwlnkFwd - ok
19:00:42.0656 0x05c8 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
19:00:42.0656 0x05c8 ose - ok
19:00:42.0703 0x05c8 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport D:\WINDOWS\system32\DRIVERS\parport.sys
19:00:42.0781 0x05c8 Parport - ok
19:00:42.0796 0x05c8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr D:\WINDOWS\system32\drivers\PartMgr.sys
19:00:42.0875 0x05c8 PartMgr - ok
19:00:42.0921 0x05c8 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm D:\WINDOWS\system32\drivers\ParVdm.sys
19:00:43.0000 0x05c8 ParVdm - ok
19:00:43.0000 0x05c8 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI D:\WINDOWS\system32\DRIVERS\pci.sys
19:00:43.0078 0x05c8 PCI - ok
19:00:43.0078 0x05c8 PCIDump - ok
19:00:43.0078 0x05c8 [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde D:\WINDOWS\system32\DRIVERS\pciide.sys
19:00:43.0187 0x05c8 PCIIde - ok
19:00:43.0203 0x05c8 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia D:\WINDOWS\system32\drivers\Pcmcia.sys
19:00:43.0281 0x05c8 Pcmcia - ok
19:00:43.0296 0x05c8 PDCOMP - ok
19:00:43.0296 0x05c8 PDFRAME - ok
19:00:43.0296 0x05c8 PDRELI - ok
19:00:43.0296 0x05c8 PDRFRAME - ok
19:00:43.0312 0x05c8 perc2 - ok
19:00:43.0312 0x05c8 perc2hib - ok
19:00:43.0328 0x05c8 [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] PlugPlay D:\WINDOWS\system32\services.exe
19:00:43.0406 0x05c8 PlugPlay - ok
19:00:43.0406 0x05c8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent D:\WINDOWS\system32\lsass.exe
19:00:43.0468 0x05c8 PolicyAgent - ok
19:00:43.0515 0x05c8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport D:\WINDOWS\system32\DRIVERS\raspptp.sys
19:00:43.0593 0x05c8 PptpMiniport - ok
19:00:43.0609 0x05c8 [ 2CB55427C58679F49AD600FCCBA76360, 2B5242E9637FCB6A7C16F720C9D8D440AA88B61FB5F108B295A208886C01C4D1 ] Processor D:\WINDOWS\system32\DRIVERS\processr.sys
19:00:43.0671 0x05c8 Processor - ok
19:00:43.0687 0x05c8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage D:\WINDOWS\system32\lsass.exe
19:00:43.0750 0x05c8 ProtectedStorage - ok
19:00:43.0750 0x05c8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched D:\WINDOWS\system32\DRIVERS\psched.sys
19:00:43.0828 0x05c8 PSched - ok
19:00:43.0843 0x05c8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink D:\WINDOWS\system32\DRIVERS\ptilink.sys
19:00:43.0937 0x05c8 Ptilink - ok
19:00:43.0937 0x05c8 ql1080 - ok
19:00:43.0937 0x05c8 Ql10wnt - ok
19:00:43.0937 0x05c8 ql12160 - ok
19:00:43.0953 0x05c8 ql1240 - ok
19:00:43.0953 0x05c8 ql1280 - ok
19:00:43.0968 0x05c8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd D:\WINDOWS\system32\DRIVERS\rasacd.sys
19:00:44.0046 0x05c8 RasAcd - ok
19:00:44.0093 0x05c8 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto D:\WINDOWS\System32\rasauto.dll
19:00:44.0171 0x05c8 RasAuto - ok
19:00:44.0218 0x05c8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:00:44.0296 0x05c8 Rasl2tp - ok
19:00:44.0343 0x05c8 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan D:\WINDOWS\System32\rasmans.dll
19:00:44.0406 0x05c8 RasMan - ok
19:00:44.0406 0x05c8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe D:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:00:44.0500 0x05c8 RasPppoe - ok
19:00:44.0500 0x05c8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti D:\WINDOWS\system32\DRIVERS\raspti.sys
19:00:44.0578 0x05c8 Raspti - ok
19:00:44.0593 0x05c8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss D:\WINDOWS\system32\DRIVERS\rdbss.sys
19:00:44.0671 0x05c8 Rdbss - ok
19:00:44.0687 0x05c8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:00:44.0781 0x05c8 RDPCDD - ok
19:00:44.0781 0x05c8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr D:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:00:44.0875 0x05c8 rdpdr - ok
19:00:44.0906 0x05c8 [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD D:\WINDOWS\system32\drivers\RDPWD.sys
19:00:44.0984 0x05c8 RDPWD - ok
19:00:45.0015 0x05c8 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr D:\WINDOWS\system32\sessmgr.exe
19:00:45.0109 0x05c8 RDSessMgr - ok
19:00:45.0156 0x05c8 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook D:\WINDOWS\system32\DRIVERS\redbook.sys
19:00:45.0218 0x05c8 redbook - ok
19:00:45.0250 0x05c8 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess D:\WINDOWS\System32\mprdim.dll
19:00:45.0343 0x05c8 RemoteAccess - ok
19:00:45.0390 0x05c8 [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry D:\WINDOWS\system32\regsvc.dll
19:00:45.0468 0x05c8 RemoteRegistry - ok
19:00:45.0515 0x05c8 [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM D:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:00:45.0578 0x05c8 RFCOMM - ok
19:00:45.0625 0x05c8 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM D:\WINDOWS\system32\Drivers\RootMdm.sys
19:00:45.0687 0x05c8 ROOTMODEM - ok
19:00:45.0703 0x05c8 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator D:\WINDOWS\system32\locator.exe
19:00:45.0781 0x05c8 RpcLocator - ok
19:00:45.0796 0x05c8 [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] RpcSs D:\WINDOWS\system32\rpcss.dll
19:00:45.0890 0x05c8 RpcSs - ok
19:00:45.0906 0x05c8 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP D:\WINDOWS\system32\rsvp.exe
19:00:46.0000 0x05c8 RSVP - ok
19:00:46.0156 0x05c8 [ 1674A34F0084BFFDEC2DCDB1625A87F0, 139F0F18779009EBDD72AEFCC8395B0F818A197E7B1D624896D88D7399026281 ] RTHDMIAzAudService D:\WINDOWS\system32\drivers\RtKHDMI.sys
19:00:46.0296 0x05c8 RTHDMIAzAudService - ok
19:00:46.0328 0x05c8 [ 00FD6811350E175585ABCF7D4A61DD90, 00B54CB6547E47E6A2B8AE4BB220E68BBFECF2188CB7DFE651B50F7FE6AC7E9D ] RTLE8023xp D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:00:46.0359 0x05c8 RTLE8023xp - ok
19:00:46.0390 0x05c8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs D:\WINDOWS\system32\lsass.exe
19:00:46.0453 0x05c8 SamSs - ok
19:00:46.0484 0x05c8 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr D:\WINDOWS\System32\SCardSvr.exe
19:00:46.0562 0x05c8 SCardSvr - ok
19:00:46.0625 0x05c8 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule D:\WINDOWS\system32\schedsvc.dll
19:00:46.0703 0x05c8 Schedule - ok
19:00:46.0734 0x05c8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv D:\WINDOWS\system32\DRIVERS\secdrv.sys
19:00:46.0796 0x05c8 Secdrv - ok
19:00:46.0828 0x05c8 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon D:\WINDOWS\System32\seclogon.dll
19:00:46.0921 0x05c8 seclogon - ok
19:00:46.0921 0x05c8 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS D:\WINDOWS\system32\sens.dll
19:00:46.0984 0x05c8 SENS - ok
19:00:47.0015 0x05c8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum D:\WINDOWS\system32\DRIVERS\serenum.sys
19:00:47.0078 0x05c8 serenum - ok
19:00:47.0078 0x05c8 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial D:\WINDOWS\system32\DRIVERS\serial.sys
19:00:47.0156 0x05c8 Serial - ok
19:00:47.0171 0x05c8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy D:\WINDOWS\system32\drivers\Sfloppy.sys
19:00:47.0250 0x05c8 Sfloppy - ok
19:00:47.0296 0x05c8 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess D:\WINDOWS\System32\ipnathlp.dll
19:00:47.0375 0x05c8 SharedAccess - ok
19:00:47.0406 0x05c8 [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] ShellHWDetection D:\WINDOWS\System32\shsvcs.dll
19:00:47.0468 0x05c8 ShellHWDetection - ok
19:00:47.0468 0x05c8 Simbad - ok
19:00:47.0468 0x05c8 Sparrow - ok
19:00:47.0515 0x05c8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter D:\WINDOWS\system32\drivers\splitter.sys
19:00:47.0593 0x05c8 splitter - ok
19:00:47.0640 0x05c8 [ 39356A9CDB6753A6D13A4072A9F5A4BB, 7E41478460B0FFE7606F245B74AD60244816F4523FD4355C26BADF724BCE6575 ] Spooler D:\WINDOWS\system32\spoolsv.exe
19:00:47.0718 0x05c8 Spooler - ok
19:00:47.0734 0x05c8 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr D:\WINDOWS\system32\DRIVERS\sr.sys
19:00:47.0796 0x05c8 sr - ok
19:00:47.0828 0x05c8 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice D:\WINDOWS\system32\srsvc.dll
19:00:47.0906 0x05c8 srservice - ok
19:00:47.0906 0x05c8 SRTSP - ok
19:00:47.0921 0x05c8 SRTSPX - ok
19:00:47.0953 0x05c8 [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] Srv D:\WINDOWS\system32\DRIVERS\srv.sys
19:00:48.0031 0x05c8 Srv - ok
19:00:48.0062 0x05c8 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV D:\WINDOWS\System32\ssdpsrv.dll
19:00:48.0125 0x05c8 SSDPSRV - ok
19:00:48.0171 0x05c8 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc D:\WINDOWS\system32\wiaservc.dll
19:00:48.0265 0x05c8 stisvc - ok
19:00:48.0296 0x05c8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum D:\WINDOWS\system32\DRIVERS\swenum.sys
19:00:48.0375 0x05c8 swenum - ok
19:00:48.0390 0x05c8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi D:\WINDOWS\system32\drivers\swmidi.sys
19:00:48.0468 0x05c8 swmidi - ok
19:00:48.0468 0x05c8 SwPrv - ok
19:00:48.0468 0x05c8 symc810 - ok
19:00:48.0468 0x05c8 symc8xx - ok
19:00:48.0484 0x05c8 sym_hi - ok
19:00:48.0484 0x05c8 sym_u3 - ok
19:00:48.0500 0x05c8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio D:\WINDOWS\system32\drivers\sysaudio.sys
19:00:48.0578 0x05c8 sysaudio - ok
19:00:48.0625 0x05c8 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog D:\WINDOWS\system32\smlogsvc.exe
19:00:48.0703 0x05c8 SysmonLog - ok
19:00:48.0718 0x05c8 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv D:\WINDOWS\System32\tapisrv.dll
19:00:48.0796 0x05c8 TapiSrv - ok
19:00:48.0843 0x05c8 [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] Tcpip D:\WINDOWS\system32\DRIVERS\tcpip.sys
19:00:48.0921 0x05c8 Tcpip - ok
19:00:48.0953 0x05c8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE D:\WINDOWS\system32\drivers\TDPIPE.sys
19:00:49.0031 0x05c8 TDPIPE - ok
19:00:49.0031 0x05c8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP D:\WINDOWS\system32\drivers\TDTCP.sys
19:00:49.0093 0x05c8 TDTCP - ok
19:00:49.0109 0x05c8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD D:\WINDOWS\system32\DRIVERS\termdd.sys
19:00:49.0187 0x05c8 TermDD - ok
19:00:49.0234 0x05c8 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService D:\WINDOWS\System32\termsrv.dll
19:00:49.0312 0x05c8 TermService - ok
19:00:49.0343 0x05c8 [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] Themes D:\WINDOWS\System32\shsvcs.dll
19:00:49.0406 0x05c8 Themes - ok
19:00:49.0437 0x05c8 [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr D:\WINDOWS\system32\tlntsvr.exe
19:00:49.0500 0x05c8 TlntSvr - ok
19:00:49.0515 0x05c8 TosIde - ok
19:00:49.0531 0x05c8 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks D:\WINDOWS\system32\trkwks.dll
19:00:49.0625 0x05c8 TrkWks - ok
19:00:49.0656 0x05c8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs D:\WINDOWS\system32\drivers\Udfs.sys
19:00:49.0734 0x05c8 Udfs - ok
19:00:49.0734 0x05c8 ultra - ok
19:00:49.0796 0x05c8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update D:\WINDOWS\system32\DRIVERS\update.sys
19:00:49.0875 0x05c8 Update - ok
19:00:49.0906 0x05c8 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost D:\WINDOWS\System32\upnphost.dll
19:00:50.0000 0x05c8 upnphost - ok
19:00:50.0015 0x05c8 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS D:\WINDOWS\System32\ups.exe
19:00:50.0093 0x05c8 UPS - ok
19:00:50.0140 0x05c8 [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp D:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:00:50.0218 0x05c8 usbccgp - ok
19:00:50.0265 0x05c8 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci D:\WINDOWS\system32\DRIVERS\usbehci.sys
19:00:50.0328 0x05c8 usbehci - ok
19:00:50.0343 0x05c8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub D:\WINDOWS\system32\DRIVERS\usbhub.sys
19:00:50.0421 0x05c8 usbhub - ok
19:00:50.0437 0x05c8 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci D:\WINDOWS\system32\DRIVERS\usbohci.sys
19:00:50.0500 0x05c8 usbohci - ok
19:00:50.0546 0x05c8 [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan D:\WINDOWS\system32\DRIVERS\usbscan.sys
19:00:50.0625 0x05c8 usbscan - ok
19:00:50.0671 0x05c8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:00:50.0734 0x05c8 usbstor - ok
19:00:50.0781 0x05c8 [ 51750B0539986186C6931FC40D171521, 8288954D1393D8D3EEECDF79A73FB82E19B03B67022AFE9C20E99134E6E4C8BF ] VComm D:\WINDOWS\system32\DRIVERS\VComm.sys
19:00:50.0781 0x05c8 VComm - ok
19:00:50.0796 0x05c8 [ 6D9C891C0A761AFED1F3609C2E56F2B9, 53A528AB64CE5567C05194D006F066E8ABA572DCF305A42A5915EFE66A127BDA ] VcommMgr D:\WINDOWS\system32\Drivers\VcommMgr.sys
19:00:50.0796 0x05c8 VcommMgr - ok
19:00:50.0843 0x05c8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave D:\WINDOWS\System32\drivers\vga.sys
19:00:50.0921 0x05c8 VgaSave - ok
19:00:50.0921 0x05c8 ViaIde - ok
19:00:50.0953 0x05c8 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap D:\WINDOWS\system32\drivers\VolSnap.sys
19:00:51.0031 0x05c8 VolSnap - ok
19:00:51.0078 0x05c8 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS D:\WINDOWS\System32\vssvc.exe
19:00:51.0171 0x05c8 VSS - ok
19:00:51.0187 0x05c8 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time D:\WINDOWS\system32\w32time.dll
19:00:51.0265 0x05c8 W32Time - ok
19:00:51.0296 0x05c8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp D:\WINDOWS\system32\DRIVERS\wanarp.sys
19:00:51.0375 0x05c8 Wanarp - ok
19:00:51.0375 0x05c8 WDICA - ok
19:00:51.0390 0x05c8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud D:\WINDOWS\system32\drivers\wdmaud.sys
19:00:51.0453 0x05c8 wdmaud - ok
19:00:51.0500 0x05c8 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient D:\WINDOWS\System32\webclnt.dll
19:00:51.0578 0x05c8 WebClient - ok
19:00:51.0671 0x05c8 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt D:\WINDOWS\system32\wbem\WMIsvc.dll
19:00:51.0750 0x05c8 winmgmt - ok
19:00:51.0796 0x05c8 [ 6E18978B749F0696A774DE3F2CB142DD, 4BBE31A78F6CF474A4CFDBB7C365DE058247F8BFA21F7E563111E84D8937BC26 ] WmdmPmSN D:\WINDOWS\system32\mspmsnsv.dll
19:00:51.0875 0x05c8 WmdmPmSN - ok
19:00:51.0921 0x05c8 [ 53E1CCF332A2F40B5E08476921CD8B44, BBD472701811695EB8BD06CB3DFAF07D2632E1D271B387395455FE9B274CB470 ] Wmi D:\WINDOWS\System32\advapi32.dll
19:00:52.0046 0x05c8 Wmi - ok
19:00:52.0078 0x05c8 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv D:\WINDOWS\system32\wbem\wmiapsrv.exe
19:00:52.0156 0x05c8 WmiApSrv - ok
19:00:52.0203 0x05c8 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL D:\WINDOWS\System32\drivers\ws2ifsl.sys
19:00:52.0265 0x05c8 WS2IFSL - ok
19:00:52.0312 0x05c8 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc D:\WINDOWS\system32\wscsvc.dll
19:00:52.0390 0x05c8 wscsvc - ok
19:00:52.0421 0x05c8 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv D:\WINDOWS\system32\wuauserv.dll
19:00:52.0515 0x05c8 wuauserv - ok
19:00:52.0562 0x05c8 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC D:\WINDOWS\System32\wzcsvc.dll
19:00:52.0656 0x05c8 WZCSVC - ok
19:00:52.0718 0x05c8 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov D:\WINDOWS\System32\xmlprov.dll
19:00:52.0828 0x05c8 xmlprov - ok
19:00:52.0828 0x05c8 ================ Scan global ===============================
19:00:52.0875 0x05c8 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] D:\WINDOWS\system32\basesrv.dll
19:00:52.0906 0x05c8 [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] D:\WINDOWS\system32\winsrv.dll
19:00:52.0921 0x05c8 [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] D:\WINDOWS\system32\winsrv.dll
19:00:52.0937 0x05c8 [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] D:\WINDOWS\system32\services.exe
19:00:52.0953 0x05c8 [ Global ] - ok
19:00:52.0953 0x05c8 ================ Scan MBR ==================================
19:00:52.0968 0x05c8 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
19:00:53.0140 0x05c8 \Device\Harddisk0\DR0 - ok
19:00:53.0156 0x05c8 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR3
19:00:53.0312 0x05c8 \Device\Harddisk1\DR3 - ok
19:00:53.0312 0x05c8 ================ Scan VBR ==================================
19:00:53.0312 0x05c8 [ EEA1061F0EF31F4EDA64FCBE1BD45D45 ] \Device\Harddisk0\DR0\Partition1
19:00:53.0312 0x05c8 \Device\Harddisk0\DR0\Partition1 - ok
19:00:53.0328 0x05c8 [ B4F7B80D6A8D52769E63625C7E1C6299 ] \Device\Harddisk0\DR0\Partition2
19:00:53.0328 0x05c8 \Device\Harddisk0\DR0\Partition2 - ok
19:00:53.0328 0x05c8 [ 6A7D02BEED42A7C411D6FF9B31958F5E ] \Device\Harddisk1\DR3\Partition1
19:00:53.0328 0x05c8 \Device\Harddisk1\DR3\Partition1 - ok
19:00:53.0328 0x05c8 ================ Scan active images ========================
19:00:53.0328 0x05c8 [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] D:\WINDOWS\system32\drivers\AmdPPM.sys
19:00:53.0328 0x05c8 D:\WINDOWS\system32\drivers\AmdPPM.sys - ok
19:00:53.0328 0x05c8 [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] D:\WINDOWS\system32\drivers\videoprt.sys
19:00:53.0328 0x05c8 D:\WINDOWS\system32\drivers\videoprt.sys - ok
19:00:53.0343 0x05c8 [ 15B2FE76E2ECEB98C49ED52311A6F26F, E917AEBD221BF2DB217C111F256033FDA2B28FE55C7E87DAD4A16B84E3FD9398 ] D:\WINDOWS\system32\drivers\ati2mtag.sys
19:00:53.0343 0x05c8 D:\WINDOWS\system32\drivers\ati2mtag.sys - ok
19:00:53.0343 0x05c8 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] D:\WINDOWS\system32\drivers\hdaudbus.sys
19:00:53.0343 0x05c8 D:\WINDOWS\system32\drivers\hdaudbus.sys - ok
19:00:53.0343 0x05c8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] D:\WINDOWS\system32\drivers\imapi.sys
19:00:53.0343 0x05c8 D:\WINDOWS\system32\drivers\imapi.sys - ok
19:00:53.0343 0x05c8 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] D:\WINDOWS\system32\drivers\afc.sys
19:00:53.0343 0x05c8 D:\WINDOWS\system32\drivers\afc.sys - ok
19:00:53.0343 0x05c8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] D:\WINDOWS\system32\drivers\cdrom.sys
19:00:53.0343 0x05c8 D:\WINDOWS\system32\drivers\cdrom.sys - ok
19:00:53.0359 0x05c8 [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] D:\WINDOWS\system32\drivers\ks.sys
19:00:53.0359 0x05c8 D:\WINDOWS\system32\drivers\ks.sys - ok
19:00:53.0359 0x05c8 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] D:\WINDOWS\system32\drivers\redbook.sys
19:00:53.0359 0x05c8 D:\WINDOWS\system32\drivers\redbook.sys - ok
19:00:53.0359 0x05c8 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] D:\WINDOWS\system32\drivers\usbohci.sys
19:00:53.0359 0x05c8 D:\WINDOWS\system32\drivers\usbohci.sys - ok
19:00:53.0359 0x05c8 [ 791912E524CC2CC6F50B5F2B52D1EB71, 2B269372E5B39B03089F781CC69AE519D1C840A80ADBE15EA3787FBCDE97F1A8 ] D:\WINDOWS\system32\drivers\usbport.sys
19:00:53.0359 0x05c8 D:\WINDOWS\system32\drivers\usbport.sys - ok
19:00:53.0359 0x05c8 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] D:\WINDOWS\system32\drivers\parport.sys
19:00:53.0359 0x05c8 D:\WINDOWS\system32\drivers\parport.sys - ok
19:00:53.0375 0x05c8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] D:\WINDOWS\system32\drivers\serenum.sys
19:00:53.0375 0x05c8 D:\WINDOWS\system32\drivers\serenum.sys - ok
19:00:53.0375 0x05c8 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] D:\WINDOWS\system32\drivers\serial.sys
19:00:53.0375 0x05c8 D:\WINDOWS\system32\drivers\serial.sys - ok
19:00:53.0375 0x05c8 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] D:\WINDOWS\system32\drivers\usbehci.sys
19:00:53.0375 0x05c8 D:\WINDOWS\system32\drivers\usbehci.sys - ok
19:00:53.0375 0x05c8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] D:\WINDOWS\system32\drivers\audstub.sys
19:00:53.0375 0x05c8 D:\WINDOWS\system32\drivers\audstub.sys - ok
19:00:53.0390 0x05c8 [ 852A1BD08E7DFEB9E30B5440881C0501, 92D3F82A29D4466706DA0A30921B4AE5D67F08C2C4EF362EDB1A2D254A5AF068 ] D:\WINDOWS\system32\drivers\blueletaudio.sys
19:00:53.0390 0x05c8 D:\WINDOWS\system32\drivers\blueletaudio.sys - ok
19:00:53.0390 0x05c8 [ 8FC27B12A02B43947787F0EF1885DF9B, 1C0A44406FCD78BB6410140512B2165F974CD1837400A818529E4054A358E7BF ] D:\WINDOWS\system32\drivers\BlueletSCOAudio.sys
19:00:53.0390 0x05c8 D:\WINDOWS\system32\drivers\BlueletSCOAudio.sys - ok
19:00:53.0390 0x05c8 [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] D:\WINDOWS\system32\drivers\drmk.sys
19:00:53.0390 0x05c8 D:\WINDOWS\system32\drivers\drmk.sys - ok
19:00:53.0390 0x05c8 [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] D:\WINDOWS\system32\drivers\portcls.sys
19:00:53.0390 0x05c8 D:\WINDOWS\system32\drivers\portcls.sys - ok
19:00:53.0390 0x05c8 [ 6D9C891C0A761AFED1F3609C2E56F2B9, 53A528AB64CE5567C05194D006F066E8ABA572DCF305A42A5915EFE66A127BDA ] D:\WINDOWS\system32\drivers\VcommMgr.sys
19:00:53.0390 0x05c8 D:\WINDOWS\system32\drivers\VcommMgr.sys - ok
19:00:53.0406 0x05c8 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] D:\WINDOWS\system32\drivers\modem.sys
19:00:53.0406 0x05c8 D:\WINDOWS\system32\drivers\modem.sys - ok
19:00:53.0406 0x05c8 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] D:\WINDOWS\system32\drivers\ndistapi.sys
19:00:53.0406 0x05c8 D:\WINDOWS\system32\drivers\ndistapi.sys - ok
19:00:53.0406 0x05c8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] D:\WINDOWS\system32\drivers\ndiswan.sys
19:00:53.0406 0x05c8 D:\WINDOWS\system32\drivers\ndiswan.sys - ok
19:00:53.0406 0x05c8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] D:\WINDOWS\system32\drivers\rasl2tp.sys
19:00:53.0406 0x05c8 D:\WINDOWS\system32\drivers\rasl2tp.sys - ok
19:00:53.0406 0x05c8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] D:\WINDOWS\system32\drivers\raspppoe.sys
19:00:53.0406 0x05c8 D:\WINDOWS\system32\drivers\raspppoe.sys - ok
19:00:53.0421 0x05c8 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] D:\WINDOWS\system32\drivers\rootmdm.sys
19:00:53.0421 0x05c8 D:\WINDOWS\system32\drivers\rootmdm.sys - ok
19:00:53.0421 0x05c8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] D:\WINDOWS\system32\drivers\msgpc.sys
19:00:53.0421 0x05c8 D:\WINDOWS\system32\drivers\msgpc.sys - ok
19:00:53.0421 0x05c8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] D:\WINDOWS\system32\drivers\psched.sys
19:00:53.0421 0x05c8 D:\WINDOWS\system32\drivers\psched.sys - ok
19:00:53.0421 0x05c8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] D:\WINDOWS\system32\drivers\raspptp.sys
19:00:53.0421 0x05c8 D:\WINDOWS\system32\drivers\raspptp.sys - ok
19:00:53.0437 0x05c8 [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] D:\WINDOWS\system32\drivers\tdi.sys
19:00:53.0437 0x05c8 D:\WINDOWS\system32\drivers\tdi.sys - ok
19:00:53.0437 0x05c8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] D:\WINDOWS\system32\drivers\ptilink.sys
19:00:53.0437 0x05c8 D:\WINDOWS\system32\drivers\ptilink.sys - ok
19:00:53.0437 0x05c8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] D:\WINDOWS\system32\drivers\raspti.sys
19:00:53.0437 0x05c8 D:\WINDOWS\system32\drivers\raspti.sys - ok
19:00:53.0437 0x05c8 [ 51750B0539986186C6931FC40D171521, 8288954D1393D8D3EEECDF79A73FB82E19B03B67022AFE9C20E99134E6E4C8BF ] D:\WINDOWS\system32\drivers\VComm.sys
19:00:53.0437 0x05c8 D:\WINDOWS\system32\drivers\VComm.sys - ok
19:00:53.0437 0x05c8 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] D:\WINDOWS\system32\drivers\kbdclass.sys
19:00:53.0437 0x05c8 D:\WINDOWS\system32\drivers\kbdclass.sys - ok
19:00:53.0453 0x05c8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] D:\WINDOWS\system32\drivers\rdpdr.sys
19:00:53.0453 0x05c8 D:\WINDOWS\system32\drivers\rdpdr.sys - ok
19:00:53.0453 0x05c8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] D:\WINDOWS\system32\drivers\termdd.sys
19:00:53.0453 0x05c8 D:\WINDOWS\system32\drivers\termdd.sys - ok
19:00:53.0453 0x05c8 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] D:\WINDOWS\system32\drivers\mouclass.sys
19:00:53.0453 0x05c8 D:\WINDOWS\system32\drivers\mouclass.sys - ok
19:00:53.0453 0x05c8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] D:\WINDOWS\system32\drivers\swenum.sys
19:00:53.0453 0x05c8 D:\WINDOWS\system32\drivers\swenum.sys - ok
19:00:53.0453 0x05c8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] D:\WINDOWS\system32\drivers\update.sys
19:00:53.0453 0x05c8 D:\WINDOWS\system32\drivers\update.sys - ok
19:00:53.0468 0x05c8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] D:\WINDOWS\system32\drivers\mssmbios.sys
19:00:53.0468 0x05c8 D:\WINDOWS\system32\drivers\mssmbios.sys - ok
19:00:53.0468 0x05c8 [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] D:\WINDOWS\system32\drivers\ndproxy.sys
19:00:53.0468 0x05c8 D:\WINDOWS\system32\drivers\ndproxy.sys - ok
19:00:53.0468 0x05c8 [ 1674A34F0084BFFDEC2DCDB1625A87F0, 139F0F18779009EBDD72AEFCC8395B0F818A197E7B1D624896D88D7399026281 ] D:\WINDOWS\system32\drivers\RtKHDMI.sys
19:00:53.0468 0x05c8 D:\WINDOWS\system32\drivers\RtKHDMI.sys - ok
19:00:53.0468 0x05c8 [ 596EB39B50D6EBD9B734DC4AE0544693, EFCA2CFFFB8467BAC63F5174F125FEEFFA1F29491285C5BF99B3A2B2A6A25934 ] D:\WINDOWS\system32\drivers\usbd.sys
19:00:53.0468 0x05c8 D:\WINDOWS\system32\drivers\usbd.sys - ok
19:00:53.0484 0x05c8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] D:\WINDOWS\system32\drivers\usbhub.sys
19:00:53.0484 0x05c8 D:\WINDOWS\system32\drivers\usbhub.sys - ok
19:00:53.0484 0x05c8 [ 0C5A04F0FFAEBC25AC815EE14441A8CB, 1A140EFBAC42370180830543F765780508176CAD342541843F54F2B2BCFBD102 ] D:\WINDOWS\system32\drivers\RtkHDAud.sys
19:00:53.0484 0x05c8 D:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
19:00:53.0484 0x05c8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] D:\WINDOWS\system32\drivers\fdc.sys
19:00:53.0484 0x05c8 D:\WINDOWS\system32\drivers\fdc.sys - ok
19:00:53.0484 0x05c8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] D:\WINDOWS\system32\drivers\cdaudio.sys
19:00:53.0484 0x05c8 D:\WINDOWS\system32\drivers\cdaudio.sys - ok
19:00:53.0484 0x05c8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] D:\WINDOWS\system32\drivers\flpydisk.sys
19:00:53.0484 0x05c8 D:\WINDOWS\system32\drivers\flpydisk.sys - ok
19:00:53.0500 0x05c8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] D:\WINDOWS\system32\drivers\sfloppy.sys
19:00:53.0500 0x05c8 D:\WINDOWS\system32\drivers\sfloppy.sys - ok
19:00:53.0500 0x05c8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] D:\WINDOWS\system32\drivers\beep.sys
19:00:53.0500 0x05c8 D:\WINDOWS\system32\drivers\beep.sys - ok
19:00:53.0500 0x05c8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] D:\WINDOWS\system32\drivers\fs_rec.sys
19:00:53.0500 0x05c8 D:\WINDOWS\system32\drivers\fs_rec.sys - ok
19:00:53.0500 0x05c8 [ 96ECCF28FDBF1B2CC12725818A63628D, 0F25069EE8A44B6F4B18F82F384D404CC1776A2AFC5032D9ED19CE36FF2A61DC ] D:\WINDOWS\system32\drivers\hidparse.sys
19:00:53.0500 0x05c8 D:\WINDOWS\system32\drivers\hidparse.sys - ok
19:00:53.0500 0x05c8 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] D:\WINDOWS\system32\drivers\i8042prt.sys
19:00:53.0500 0x05c8 D:\WINDOWS\system32\drivers\i8042prt.sys - ok
19:00:53.0515 0x05c8 [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] D:\WINDOWS\system32\drivers\kbdhid.sys
19:00:53.0515 0x05c8 D:\WINDOWS\system32\drivers\kbdhid.sys - ok
19:00:53.0515 0x05c8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] D:\WINDOWS\system32\drivers\null.sys
19:00:53.0515 0x05c8 D:\WINDOWS\system32\drivers\null.sys - ok
19:00:53.0515 0x05c8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] D:\WINDOWS\system32\drivers\vga.sys
19:00:53.0515 0x05c8 D:\WINDOWS\system32\drivers\vga.sys - ok
19:00:53.0515 0x05c8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] D:\WINDOWS\system32\drivers\mnmdd.sys
19:00:53.0515 0x05c8 D:\WINDOWS\system32\drivers\mnmdd.sys - ok
19:00:53.0515 0x05c8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] D:\WINDOWS\system32\drivers\msfs.sys
19:00:53.0515 0x05c8 D:\WINDOWS\system32\drivers\msfs.sys - ok
19:00:53.0531 0x05c8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] D:\WINDOWS\system32\drivers\rdpcdd.sys
19:00:53.0531 0x05c8 D:\WINDOWS\system32\drivers\rdpcdd.sys - ok
19:00:53.0531 0x05c8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] D:\WINDOWS\system32\drivers\ipsec.sys
19:00:53.0531 0x05c8 D:\WINDOWS\system32\drivers\ipsec.sys - ok
19:00:53.0531 0x05c8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] D:\WINDOWS\system32\drivers\npfs.sys
19:00:53.0531 0x05c8 D:\WINDOWS\system32\drivers\npfs.sys - ok
19:00:53.0531 0x05c8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] D:\WINDOWS\system32\drivers\rasacd.sys
19:00:53.0531 0x05c8 D:\WINDOWS\system32\drivers\rasacd.sys - ok
19:00:53.0546 0x05c8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] D:\WINDOWS\system32\drivers\netbt.sys
19:00:53.0546 0x05c8 D:\WINDOWS\system32\drivers\netbt.sys - ok
19:00:53.0546 0x05c8 [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] D:\WINDOWS\system32\drivers\tcpip.sys
19:00:53.0546 0x05c8 D:\WINDOWS\system32\drivers\tcpip.sys - ok
19:00:53.0546 0x05c8 [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] D:\WINDOWS\system32\drivers\afd.sys
19:00:53.0546 0x05c8 D:\WINDOWS\system32\drivers\afd.sys - ok
19:00:53.0546 0x05c8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] D:\WINDOWS\system32\drivers\ipnat.sys
19:00:53.0546 0x05c8 D:\WINDOWS\system32\drivers\ipnat.sys - ok
19:00:53.0546 0x05c8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] D:\WINDOWS\system32\drivers\wanarp.sys
19:00:53.0546 0x05c8 D:\WINDOWS\system32\drivers\wanarp.sys - ok
19:00:53.0562 0x05c8 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] D:\WINDOWS\system32\drivers\ws2ifsl.sys
19:00:53.0562 0x05c8 D:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
19:00:53.0562 0x05c8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] D:\WINDOWS\system32\drivers\netbios.sys
19:00:53.0562 0x05c8 D:\WINDOWS\system32\drivers\netbios.sys - ok
19:00:53.0562 0x05c8 [ 2CB55427C58679F49AD600FCCBA76360, 2B5242E9637FCB6A7C16F720C9D8D440AA88B61FB5F108B295A208886C01C4D1 ] D:\WINDOWS\system32\drivers\processr.sys
19:00:53.0562 0x05c8 D:\WINDOWS\system32\drivers\processr.sys - ok
19:00:53.0562 0x05c8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] D:\WINDOWS\system32\drivers\rdbss.sys
19:00:53.0562 0x05c8 D:\WINDOWS\system32\drivers\rdbss.sys - ok
19:00:53.0562 0x05c8 [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] D:\WINDOWS\system32\drivers\mrxsmb.sys
19:00:53.0562 0x05c8 D:\WINDOWS\system32\drivers\mrxsmb.sys - ok
19:00:53.0578 0x05c8 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] D:\WINDOWS\system32\drivers\fips.sys
19:00:53.0578 0x05c8 D:\WINDOWS\system32\drivers\fips.sys - ok
19:00:53.0578 0x05c8 [ 95092EFBE367A108ECDD5D6E439754C3, 82B3041AFC520243B0D1E6DB5FF908771BB0DE86B8FCB1514B2C1E25ADCA95B1 ] D:\WINDOWS\system32\ntdll.dll
19:00:53.0578 0x05c8 D:\WINDOWS\system32\ntdll.dll - ok
19:00:53.0578 0x05c8 [ B3EFDE4B2CC3AC949BCDE7A89712AFCF, EE1A3E5F7324E0169F42683E698B74AA72459BE817E5512BD7319F488E39D3B8 ] D:\WINDOWS\system32\smss.exe
19:00:53.0578 0x05c8 D:\WINDOWS\system32\smss.exe - ok
19:00:53.0578 0x05c8 [ 813DB4805C6EF1D8A86EAF530597EAB7, 445E6ECBA0DB169B52B68CC05ACD3E5F2D69CE6F06FD31667247FC17D24C1EDF ] D:\WINDOWS\system32\autochk.exe
19:00:53.0578 0x05c8 D:\WINDOWS\system32\autochk.exe - ok
19:00:53.0593 0x05c8 [ 5251425B86EA4A3532B8BB8D14044E61, 3A5F57DA2C2B4C1BA5B5B356379D0B12C358EA76642856DD607422B656EF4985 ] D:\WINDOWS\system32\sfcfiles.dll
19:00:53.0593 0x05c8 D:\WINDOWS\system32\sfcfiles.dll - ok
19:00:53.0593 0x05c8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] D:\WINDOWS\system32\drivers\cdfs.sys
19:00:53.0593 0x05c8 D:\WINDOWS\system32\drivers\cdfs.sys - ok
19:00:53.0593 0x05c8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] D:\WINDOWS\system32\drivers\usbstor.sys
19:00:53.0593 0x05c8 D:\WINDOWS\system32\drivers\usbstor.sys - ok
19:00:53.0593 0x05c8 [ 1AF592532532A402ED7C060F6954004F, 84A55432A7FBBD1B84FF8DD1BD84266747E4A88297BDAA84AAD12F13B848BFF2 ] D:\WINDOWS\system32\drivers\hidclass.sys
19:00:53.0593 0x05c8 D:\WINDOWS\system32\drivers\hidclass.sys - ok
19:00:53.0593 0x05c8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] D:\WINDOWS\system32\drivers\hidusb.sys
19:00:53.0593 0x05c8 D:\WINDOWS\system32\drivers\hidusb.sys - ok
19:00:53.0609 0x05c8 [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] D:\WINDOWS\system32\drivers\usbccgp.sys
19:00:53.0609 0x05c8 D:\WINDOWS\system32\drivers\usbccgp.sys - ok
19:00:53.0609 0x05c8 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] D:\WINDOWS\system32\drivers\mouhid.sys
19:00:53.0609 0x05c8 D:\WINDOWS\system32\drivers\mouhid.sys - ok
19:00:53.0609 0x05c8 [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] D:\WINDOWS\system32\drivers\dxapi.sys
19:00:53.0609 0x05c8 D:\WINDOWS\system32\drivers\dxapi.sys - ok
19:00:53.0609 0x05c8 [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] D:\WINDOWS\system32\watchdog.sys
19:00:53.0609 0x05c8 D:\WINDOWS\system32\watchdog.sys - ok
19:00:53.0625 0x05c8 [ 261BC0644BEFEF7D3DB5E45D244866FA, 8A55EB0C9D849B41A7902BEF94BAD759654AE70ABD5D1A7CFF68AA9A831823B1 ] D:\WINDOWS\system32\win32k.sys
19:00:53.0625 0x05c8 D:\WINDOWS\system32\win32k.sys - ok
19:00:53.0625 0x05c8 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] D:\WINDOWS\system32\basesrv.dll
19:00:53.0625 0x05c8 D:\WINDOWS\system32\basesrv.dll - ok
19:00:53.0625 0x05c8 [ D192E1ECA15213F90601FF4DF5683C15, 6AED1CFE6190A12171A97E1BC333E99ECEC891F0E86DE74C32A640025359AA8B ] D:\WINDOWS\system32\csrsrv.dll
19:00:53.0625 0x05c8 D:\WINDOWS\system32\csrsrv.dll - ok
19:00:53.0625 0x05c8 [ 9B22AAE3566AEFEE33CE498DBE0D2FD2, C2AD4DA8DB58BE4DB12FE93451F24D3070C591BB4E8D56FA1505A7CD3BAD6E4D ] D:\WINDOWS\system32\csrss.exe
19:00:53.0625 0x05c8 D:\WINDOWS\system32\csrss.exe - ok
19:00:53.0625 0x05c8 [ 4CD408F799D4A72B0DE1F1116A77A48E, 7EF6B36B63DD010C30AC7B4825E6980C70B18DA4327AB6BC69FBA977E1952992 ] D:\WINDOWS\system32\winsrv.dll
19:00:53.0625 0x05c8 D:\WINDOWS\system32\winsrv.dll - ok
19:00:53.0640 0x05c8 [ ADDA37626598A6F5ED786195EAC26A4F, 5484A37A3E5265DCE0D2AB4C6A3F0D6E7A3F8BD482BCF9E473DA414483AC7861 ] D:\WINDOWS\system32\gdi32.dll
19:00:53.0640 0x05c8 D:\WINDOWS\system32\gdi32.dll - ok
19:00:53.0640 0x05c8 [ 4C897C69754D88F496339B1A666907C1, 39C9F8330E87D81EC3955E8D41218CC0EB1799915A13F3ADCED5A0E4DA596949 ] D:\WINDOWS\system32\kernel32.dll
19:00:53.0640 0x05c8 D:\WINDOWS\system32\kernel32.dll - ok
19:00:53.0640 0x05c8 [ B0050CC5340E3A0760DD8B417FF7AEBD, 340C042C78E55824F2D84D83E03E6C5CA0F44B329245AC2F4C034F2CB4306F53 ] D:\WINDOWS\system32\user32.dll
19:00:53.0640 0x05c8 D:\WINDOWS\system32\user32.dll - ok
19:00:53.0640 0x05c8 [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] D:\WINDOWS\system32\drivers\dxg.sys
19:00:53.0640 0x05c8 D:\WINDOWS\system32\drivers\dxg.sys - ok
19:00:53.0656 0x05c8 [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] D:\WINDOWS\system32\drivers\dxgthk.sys
19:00:53.0656 0x05c8 D:\WINDOWS\system32\drivers\dxgthk.sys - ok
19:00:53.0656 0x05c8 [ A06014D0934F17FA5A567FAEB42118D9, 5F25A45975301B8E8012C8A665814A1D95BD4516E2AEBC8E6588B7264C702B35 ] D:\WINDOWS\system32\ati2dvag.dll
19:00:53.0656 0x05c8 D:\WINDOWS\system32\ati2dvag.dll - ok
19:00:53.0656 0x05c8 [ BEF558BEDEC2B5F2728D0AAE8EDBDC20, 9F14F75A3A0FA608E5CD0CBB98D86627E8287CC55E1F74BA9D0C0C5F9D7BC752 ] D:\WINDOWS\system32\ati2cqag.dll
19:00:53.0656 0x05c8 D:\WINDOWS\system32\ati2cqag.dll - ok
19:00:53.0656 0x05c8 [ 44F99CA575CEEBA6819578C4F170FCAC, 49B1223095F9DF3374C8A80C57D59D2C57F9877AD721259C058DE9233C00A7D0 ] D:\WINDOWS\system32\atikvmag.dll
19:00:53.0656 0x05c8 D:\WINDOWS\system32\atikvmag.dll - ok
19:00:53.0656 0x05c8 [ 95C6B8206B8A55D89CD517675583AA4B, 1ACD1B84C93DE18921AC6B5765FAA9B3577420FCA9047A7BEC6017D4208C3415 ] D:\WINDOWS\system32\vga.dll
19:00:53.0656 0x05c8 D:\WINDOWS\system32\vga.dll - ok
19:00:53.0671 0x05c8 [ E129E32C09F5B2F3A1C61C264691500E, 1B83CDB3243A5BEA468C7A680511EFF6F0D53CDC71151C202C456C002A4EAA58 ] D:\WINDOWS\system32\atiok3x2.dll
19:00:53.0671 0x05c8 D:\WINDOWS\system32\atiok3x2.dll - ok
19:00:53.0671 0x05c8 [ 167395C27BE91BCD950CED197FE7A5E4, D9CB7DE0AC5E4430F270AA3EABCD4BC76EFD521723534F1A19CD252A84C492B9 ] D:\WINDOWS\system32\ati3duag.dll
19:00:53.0671 0x05c8 D:\WINDOWS\system32\ati3duag.dll - ok
19:00:53.0671 0x05c8 [ BC3BBAEC284D360CD37E1E035929C6D8, A3E653103EAC08980A64116561D8A36D53953E69AF5359FFA30499F7C7D0C6E3 ] D:\WINDOWS\system32\ativvaxx.dll
19:00:53.0671 0x05c8 D:\WINDOWS\system32\ativvaxx.dll - ok
19:00:53.0671 0x05c8 [ F09A527B422E25C478E38CAA0E44417A, 8E4D860C5C753B657A1BCB42579556E582CBDAABF07EAE59F81519AC6997ACCB ] D:\WINDOWS\system32\winlogon.exe
19:00:53.0671 0x05c8 D:\WINDOWS\system32\winlogon.exe - ok
19:00:53.0671 0x05c8 [ 53E1CCF332A2F40B5E08476921CD8B44, BBD472701811695EB8BD06CB3DFAF07D2632E1D271B387395455FE9B274CB470 ] D:\WINDOWS\system32\advapi32.dll
19:00:53.0671 0x05c8 D:\WINDOWS\system32\advapi32.dll - ok
19:00:53.0687 0x05c8 [ 8B171E51F5486FC0ACE108BE3E76B1E0, 5FF8172ACB26707FA6689CE6BDFAAA6DF0CEAE9818931496CF39DDE04FBA61FE ] D:\WINDOWS\system32\authz.dll
19:00:53.0687 0x05c8 D:\WINDOWS\system32\authz.dll - ok
19:00:53.0687 0x05c8 [ E7E67C2EE5A306B2AF30D4B446248E34, 7A7818135AC2B4E3512A1488E7808DDCD8426C32024C7C2FBF0C6F0FE305AFF2 ] D:\WINDOWS\system32\rpcrt4.dll
19:00:53.0687 0x05c8 D:\WINDOWS\system32\rpcrt4.dll - ok
19:00:53.0687 0x05c8 [ 7CB4DF6D66F99E6C5E09ADFBE29E0275, 1FBE28BD0A6431DC294EE5EE373205CF858A8991A9FE43C9FB5A6B540EE1ECD7 ] D:\WINDOWS\system32\secur32.dll
19:00:53.0687 0x05c8 D:\WINDOWS\system32\secur32.dll - ok
19:00:53.0687 0x05c8 [ 7727D9C5FFB84E103484D52F978D5DC6, B9E1A1C458B50738F5BEC4C2EEFFCB6E9F0085EA67584936303DCAA9B20C0938 ] D:\WINDOWS\system32\crypt32.dll
19:00:53.0687 0x05c8 D:\WINDOWS\system32\crypt32.dll - ok
19:00:53.0687 0x05c8 [ C6A6E53A0C34EC87883137A6CB87AE5E, AC2BA6B65390258D88B08252037AC77CE7CD0FD7E9CFCC6BB412FF07517A6F63 ] D:\WINDOWS\system32\msvcrt.dll
19:00:53.0687 0x05c8 D:\WINDOWS\system32\msvcrt.dll - ok
19:00:53.0703 0x05c8 [ AE8ACAD9F6931ECC0BD9A3751A0AB0C4, 19E5920E1D98004C957759EE5E3E7E63D01F3696A48F7E6A27BA09E71EBF04E0 ] D:\WINDOWS\system32\msasn1.dll
19:00:53.0703 0x05c8 D:\WINDOWS\system32\msasn1.dll - ok
19:00:53.0703 0x05c8 [ E500CB5F6FE4C1AF388608A54B32E7F7, FF142DEDD4879F41437AC2999AB52F0274682EA3E60B1010D50087ED80E4A0BA ] D:\WINDOWS\system32\nddeapi.dll
19:00:53.0703 0x05c8 D:\WINDOWS\system32\nddeapi.dll - ok
19:00:53.0703 0x05c8 [ 7B40A9A5029111D94AB6B97AF0C9FA5E, C2C20AE04A32657F95AFB47D8F6475B0E471ED9E2172CBBF42D77A13DDAE995F ] D:\WINDOWS\system32\netapi32.dll
19:00:53.0703 0x05c8 D:\WINDOWS\system32\netapi32.dll - ok
19:00:53.0703 0x05c8 [ B50FBE927DA41AB4A151663F59664B82, CED5ECDDAC5A3CAE51543421F85E853DEAA1C519850F2BD5A1BA9C3A3AF849A8 ] D:\WINDOWS\system32\profmap.dll
19:00:53.0703 0x05c8 D:\WINDOWS\system32\profmap.dll - ok
19:00:53.0718 0x05c8 [ 8CB206B85C69B8FB0E7AD1E949BF3194, 8E0F48856A1E59CCFA2A520B8311EBA12299CE4E748F28E81DC2C0462785F2A3 ] D:\WINDOWS\system32\userenv.dll
19:00:53.0718 0x05c8 D:\WINDOWS\system32\userenv.dll - ok
19:00:53.0718 0x05c8 [ D0112D84372AB2C47DC9755696354CE6, 12A66C2C1C96DFD871579E19A318FD371191F4D65A1F3C61339CB9BC4C52656C ] D:\WINDOWS\system32\psapi.dll
19:00:53.0718 0x05c8 D:\WINDOWS\system32\psapi.dll - ok
19:00:53.0718 0x05c8 [ 06C0391672FB97E017B431076F455857, 6E09ABAD4442E294185D9CE215BAAFFA05174C4F5CC364D981C239EAEA9FA2CB ] D:\WINDOWS\system32\regapi.dll
19:00:53.0718 0x05c8 D:\WINDOWS\system32\regapi.dll - ok
19:00:53.0718 0x05c8 [ 5B04BC7C5AF0E2A0A8EC402B2FCBD9E5, 6F0654C8E490149005CCC910909D26167B49A3DBD2F7F551FBF2A94911CCFEA9 ] D:\WINDOWS\system32\setupapi.dll
19:00:53.0718 0x05c8 D:\WINDOWS\system32\setupapi.dll - ok
19:00:53.0718 0x05c8 [ 24EEC6968BF76464609B2C96523976B8, 283E845CF4088C468F12088579277E93C6B35D2DD588A7C16EC1E19142D40FF9 ] D:\WINDOWS\system32\imagehlp.dll
19:00:53.0718 0x05c8 D:\WINDOWS\system32\imagehlp.dll - ok
19:00:53.0734 0x05c8 [ F86000634319F71535BCE6B06995EE99, E88CAA85659500DEE3234571267FFEB557A8FB5155EE7FDE8E0D4D84F62E6CCA ] D:\WINDOWS\system32\version.dll
19:00:53.0734 0x05c8 D:\WINDOWS\system32\version.dll - ok
19:00:53.0734 0x05c8 [ 455AEC2D466FB582D1CB0EF49CE8EDEC, A38530673546363DA970952DE80482DF739BC8EEFFA99D1EA61345C9A59D21DD ] D:\WINDOWS\system32\winsta.dll
19:00:53.0734 0x05c8 D:\WINDOWS\system32\winsta.dll - ok
19:00:53.0734 0x05c8 [ 493A290C0D641E22578129BE23F2CA82, 77C87A214C1F05DE856569A06AE977CC1AEF9647048E8CE185E49644C7E02622 ] D:\WINDOWS\system32\wintrust.dll
19:00:53.0734 0x05c8 D:\WINDOWS\system32\wintrust.dll - ok
19:00:53.0734 0x05c8 [ 3C1708C5C05910FE495D832C6536ED78, 81E86FB3590E786D129EE6F653B32D5114F432AD3321CE7FA60A89D979B89A7D ] D:\WINDOWS\system32\kbdgr.dll
19:00:53.0734 0x05c8 D:\WINDOWS\system32\kbdgr.dll - ok
19:00:53.0734 0x05c8 [ C7D8A0517CBF16B84F657DE87EBE9D4B, B69AAEE7E28375F16C0F2746AFD28C58C7968068C140A2C83838A74A4907F084 ] D:\WINDOWS\system32\ws2help.dll
19:00:53.0734 0x05c8 D:\WINDOWS\system32\ws2help.dll - ok
19:00:53.0750 0x05c8 [ 6A35E2D6F5F052C84EC2CEB296389439, 0349BA3243BC91149D6394F5CB3B114934DA5FBB953A8A59AFA90156029D1163 ] D:\WINDOWS\system32\ws2_32.dll
19:00:53.0750 0x05c8 D:\WINDOWS\system32\ws2_32.dll - ok
19:00:53.0750 0x05c8 [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] D:\WINDOWS\system32\kbdus.dll
19:00:53.0750 0x05c8 D:\WINDOWS\system32\kbdus.dll - ok
19:00:53.0750 0x05c8 [ BEEB23CAA0A08CBECB13D55C1922C86E, 30F8A3F4785757272E1B8598F0361C27BBE4572932B5DB0D931354C04400B907 ] D:\WINDOWS\system32\msgina.dll
19:00:53.0750 0x05c8 D:\WINDOWS\system32\msgina.dll - ok
19:00:53.0750 0x05c8 [ AD28671D1B83A386B070DC451A113C13, D906178EC646A26AA9B7E82371E6D7347866713A7071EBFEC18B3E04BF7DD570 ] D:\WINDOWS\system32\comctl32.dll
19:00:53.0750 0x05c8 D:\WINDOWS\system32\comctl32.dll - ok
19:00:53.0765 0x05c8 [ 220A7166831EE2B71F07010E70AFA34A, 30D15911013394AE769E645C89CDC5D38BF4C4ABDF88208DFDA96A66A9831C0D ] D:\WINDOWS\system32\odbc32.dll
19:00:53.0765 0x05c8 D:\WINDOWS\system32\odbc32.dll - ok
19:00:53.0765 0x05c8 [ 96E31F7B305D0CD510950B945E2ED829, EC0896B347BD376CB00C52A2403B8227C7259E257E89548663EA8A0C48AA4635 ] D:\WINDOWS\system32\comdlg32.dll
19:00:53.0765 0x05c8 D:\WINDOWS\system32\comdlg32.dll - ok
19:00:53.0765 0x05c8 [ 0721590C8C1E99FB4286F1EEA65731C2, 7B48BE620AA2BB9049C2EBEB06B123F5ED5ECED4E7B3AC84D780B17FDD68114F ] D:\WINDOWS\system32\shell32.dll
19:00:53.0765 0x05c8 D:\WINDOWS\system32\shell32.dll - ok
19:00:53.0765 0x05c8 [ 21F5F91A49CADC4AB873417F54D17D25, DFCC0AEB47DE305ECFCED6349624393ED9C0CA343AD25F3A7E37FA47B75B4F57 ] D:\WINDOWS\system32\shlwapi.dll
19:00:53.0765 0x05c8 D:\WINDOWS\system32\shlwapi.dll - ok
19:00:53.0765 0x05c8 [ 353FC7A3091E25F831439E94082C9B35, 2B40A7EC4BFB6DA4775C70192DD3113B9A87C22054BE3C1BDB2B394F01BE0310 ] D:\WINDOWS\system32\sxs.dll
19:00:53.0765 0x05c8 D:\WINDOWS\system32\sxs.dll - ok
19:00:53.0781 0x05c8 [ 3C93CE6C6985C55952B7BE6673E9FD15, 1F0D2D8F9739063FF5EAFEFB50D20C235E50CCBB924F6B473E8EBAA5C6BA7619 ] D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
19:00:53.0781 0x05c8 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - ok
19:00:53.0781 0x05c8 [ 4E7F74CFC0DBB2DB988A8A460A603407, 30B439F2FDAFD3FC8F5AA3A987F4C2430486F674BFC0FECCA7DC3B6AE342A4E3 ] D:\WINDOWS\system32\odbcint.dll
19:00:53.0781 0x05c8 D:\WINDOWS\system32\odbcint.dll - ok
19:00:53.0781 0x05c8 [ 44161A59DC33AC2EA9C95438ADFFFB7F, 4287C019D707FB601D33779AFA360289EF7775B8E47D438AA3B7ECF68A0D127B ] D:\WINDOWS\system32\sfc.dll
19:00:53.0781 0x05c8 D:\WINDOWS\system32\sfc.dll - ok
19:00:53.0781 0x05c8 [ D110369E8D883029325B77D7E1B7B2AD, 81856C906386D11DAC8044477914FF3E4B79EC8CF5EF85DA4B41E230EF7A3749 ] D:\WINDOWS\system32\sfc_os.dll
19:00:53.0781 0x05c8 D:\WINDOWS\system32\sfc_os.dll - ok
19:00:53.0781 0x05c8 [ 40602EBFBE06AA075C8E4560743F6883, 808AF03F31CA4168888D0E3802AE4A0DE7F7324F4CD2F8FE491211895C9C6901 ] D:\WINDOWS\system32\shsvcs.dll
19:00:53.0781 0x05c8 D:\WINDOWS\system32\shsvcs.dll - ok
19:00:53.0796 0x05c8 [ E08D638BA3D3DD6DF6E31216AB66AE0B, 4CD060A85D194173FA296A56D98D0EFF1C1873C0CE087EA724521D8D97C77BEE ] D:\WINDOWS\system32\ole32.dll
[/CODE]

tymara 30.11.2014 20:50
TDSS zweiter Teil

Code:
19:00:53.0796 0x05c8  D:\WINDOWS\system32\ole32.dll - ok
19:00:53.0796 0x05c8  [ 07CBC9E96C70214034E00136D5642492, 43C2E921044C11D7EBDC34F6AC1C0C05CA6767D3FB15EB11C6FD81C7B667F82A ] D:\WINDOWS\system32\apphelp.dll
19:00:53.0796 0x05c8  D:\WINDOWS\system32\apphelp.dll - ok
19:00:53.0796 0x05c8  [ CB28AF8C4F50DDD91D1DB253DF0C2679, 877CFD7E55CB4C92B81D10156467574DCA49928EC1369DBD0F65BC8A7C0E68A5 ] D:\WINDOWS\system32\lsasrv.dll
19:00:53.0796 0x05c8  D:\WINDOWS\system32\lsasrv.dll - ok
19:00:53.0796 0x05c8  [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] D:\WINDOWS\system32\lsass.exe
19:00:53.0796 0x05c8  D:\WINDOWS\system32\lsass.exe - ok
19:00:53.0812 0x05c8  [ 243955BFA314C7D48D7A6D5BC4A9922A, 5DC34BE9D5670A59B10F36438000EB7A48F90E47CBE8EAC568CA0FB13761A2F0 ] D:\WINDOWS\system32\msvcp60.dll
19:00:53.0812 0x05c8  D:\WINDOWS\system32\msvcp60.dll - ok
19:00:53.0812 0x05c8  [ 2957CF1BDDCF21D3F5DB13AD5E406A7B, 78FA6082453DEFFB7CF22DA7783AA6DBBFD5989F48700E5BCF2BCCBA1AA100E7 ] D:\WINDOWS\system32\ncobjapi.dll
19:00:53.0812 0x05c8  D:\WINDOWS\system32\ncobjapi.dll - ok
19:00:53.0812 0x05c8  [ 4BB6A83640F1D1792AD21CE767B621C6, 7B88A06D5220DE5C378B8C017354E9C8C89D625251A6EB607059A663E2BACD0A ] D:\WINDOWS\system32\services.exe
19:00:53.0812 0x05c8  D:\WINDOWS\system32\services.exe - ok
19:00:53.0812 0x05c8  [ 7717633EB7A76FBD3FB09BACAB07124E, E65D4DCA692D6EB1EB861999C53B9C1334FAB90312CC540BDE6E6AD6AAD397ED ] D:\WINDOWS\system32\mpr.dll
19:00:53.0812 0x05c8  D:\WINDOWS\system32\mpr.dll - ok
19:00:53.0812 0x05c8  [ 37499389DEAE0FF44437AAB7A75DAB73, EB10EE5AA38C22B836EE0C26B55BB1D61024D52CB535218AEA2B21F30A7B307B ] D:\WINDOWS\system32\scesrv.dll
19:00:53.0812 0x05c8  D:\WINDOWS\system32\scesrv.dll - ok
19:00:53.0828 0x05c8  [ 4B6C449D5AAC708E1BBFDF8BB603E4FA, B0002D30BD4DB250D103B271FF68270F457937C7ED3479B73D061C1E4DF1B94A ] D:\WINDOWS\AppPatch\acadproc.dll
19:00:53.0828 0x05c8  D:\WINDOWS\AppPatch\acadproc.dll - ok
19:00:53.0828 0x05c8  [ 292AEB6CBF02DC02445C61EB3F5DAC69, 7D694CF6032AEC7033925E916CDF9172CF8D5EB13798E4AF292922EBAECBD85A ] D:\WINDOWS\system32\dnsapi.dll
19:00:53.0828 0x05c8  D:\WINDOWS\system32\dnsapi.dll - ok
19:00:53.0828 0x05c8  [ 8007D5DC09EB8646C03B6D61AACC3B20, 13BB1E57B9202C3418BADFAEFBF420C513759986EB741E423EA76FE024DE8998 ] D:\WINDOWS\system32\ntdsapi.dll
19:00:53.0828 0x05c8  D:\WINDOWS\system32\ntdsapi.dll - ok
19:00:53.0828 0x05c8  [ B5E7026D1CB7D9BCBA0083B9F69683F1, EC3D0746ADE4CA286B778D2A5CEBF4882BCE814F1C7399AE298FB4E1DC979416 ] D:\WINDOWS\system32\shimeng.dll
19:00:53.0828 0x05c8  D:\WINDOWS\system32\shimeng.dll - ok
19:00:53.0828 0x05c8  [ 327507F0FD1C410917AD951FE7CAAC2D, 079D71F5E1E0A7ADC31A97FB6F3EA0FD8E4AC49244C34BE058F61A2DD6C6958E ] D:\WINDOWS\system32\umpnpmgr.dll
19:00:53.0828 0x05c8  D:\WINDOWS\system32\umpnpmgr.dll - ok
19:00:53.0843 0x05c8  [ FEB0A547DF442F353E1FC83BC7D7AE73, 810563C9A1135AE918DC279DA9CE5FF22AF2C2A678A360A88AE6A033309C55AA ] D:\WINDOWS\system32\wldap32.dll
19:00:53.0843 0x05c8  D:\WINDOWS\system32\wldap32.dll - ok
19:00:53.0843 0x05c8  [ 6D526EF248128FCEEAD9D35B3744A10B, 3ED8D0CB764250B4B62F77FC27CDFA68043B2765A318A07293FD162307388164 ] D:\WINDOWS\system32\samlib.dll
19:00:53.0843 0x05c8  D:\WINDOWS\system32\samlib.dll - ok
19:00:53.0843 0x05c8  [ 434ADBB2F0875D881D73A9861220A7FD, 0A7AE31AD55A0DF48CDB4BAB82F96920894E2D9E1E9CFBA762CDF144BCC1AF9F ] D:\WINDOWS\system32\samsrv.dll
19:00:53.0843 0x05c8  D:\WINDOWS\system32\samsrv.dll - ok
19:00:53.0843 0x05c8  [ AC6927F5C5B4A0478BE981E25C4BDDB6, 05381DFF02B6692E586EC8405BA22F4CBD0E64EF5CC73BA22C424FC175C9629E ] D:\WINDOWS\AppPatch\acgenral.dll
19:00:53.0843 0x05c8  D:\WINDOWS\AppPatch\acgenral.dll - ok
19:00:53.0859 0x05c8  [ 447AF8FE53D79E4F59F9452743C3BB68, ADE7AE92F9360BEDC62A857B1556E72363AE87941F6E9BAB10E2A3A8D639A0A5 ] D:\WINDOWS\system32\cryptdll.dll
19:00:53.0859 0x05c8  D:\WINDOWS\system32\cryptdll.dll - ok
19:00:53.0859 0x05c8  [ 6AEA30E09213A468AE8F2F6071557246, CD65B04435CA4DBD4FAD9B1CCAB7FD2916A4D01046E7C430DF39C1F56FB376D8 ] D:\WINDOWS\system32\oleaut32.dll
19:00:53.0859 0x05c8  D:\WINDOWS\system32\oleaut32.dll - ok
19:00:53.0859 0x05c8  [ FF452D340940822DF0A1D1BC1D734186, ACFA67E1406A251B7C039FA3D05729A4BFD40DE5049B496BF48D805CE95669C8 ] D:\WINDOWS\system32\winmm.dll
19:00:53.0859 0x05c8  D:\WINDOWS\system32\winmm.dll - ok
19:00:53.0859 0x05c8  [ 56EB828638033E8DA33A720B22FBBA8A, 6536451650FCA42E0606D201876485D6CF2EB8E597D525076E60681FB4433641 ] D:\WINDOWS\system32\msacm32.dll
19:00:53.0859 0x05c8  D:\WINDOWS\system32\msacm32.dll - ok
19:00:53.0859 0x05c8  [ A00674B8ACB5F8726E5AD35202E091D4, CA18E3E5221FF898ACF5465EEF6FB1AAF3EC9ACFDB0E508824B9C6A0A4E64E25 ] D:\WINDOWS\system32\uxtheme.dll
19:00:53.0859 0x05c8  D:\WINDOWS\system32\uxtheme.dll - ok
19:00:53.0875 0x05c8  [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] D:\WINDOWS\system32\msprivs.dll
19:00:53.0875 0x05c8  D:\WINDOWS\system32\msprivs.dll - ok
19:00:53.0875 0x05c8  [ FEA07EF8DE796B6956ED23933675CBE8, EEBB4DEFD5C4CF75F92B3311DF8059737BC2B71BD6FE1A46826B8CA0DE150D6E ] D:\WINDOWS\system32\schannel.dll
19:00:53.0875 0x05c8  D:\WINDOWS\system32\schannel.dll - ok
19:00:53.0875 0x05c8  [ 394CCD355E86092FFDCCA41F8797861E, F4004B50EF25D92CE972EE18845CC91203FE78CC8BBC13EAA891CE2E1FF90B88 ] D:\WINDOWS\system32\kerberos.dll
19:00:53.0875 0x05c8  D:\WINDOWS\system32\kerberos.dll - ok
19:00:53.0875 0x05c8  [ 1579CF2100A10C85A4C0758DB66006EE, 85F7087683D5EA1C22E374B313CA9387702BB058BAACCF0A9ADE940497D1C41E ] D:\WINDOWS\system32\msv1_0.dll
19:00:53.0875 0x05c8  D:\WINDOWS\system32\msv1_0.dll - ok
19:00:53.0875 0x05c8  [ B65FA22811B17544F24A3E2520F087EF, F22E40A938374ADCCA334F4BA0E75AF517CF2397A27F8F8372D992FCBF100D54 ] D:\WINDOWS\system32\iphlpapi.dll
19:00:53.0875 0x05c8  D:\WINDOWS\system32\iphlpapi.dll - ok
19:00:53.0890 0x05c8  [ 0098D35F91DEAB9C127360A877F2CF84, F556E910CAF640CE892B8533B79F5D90F375D8C8C5322EBD153ED762F36A2796 ] D:\WINDOWS\system32\netlogon.dll
19:00:53.0890 0x05c8  D:\WINDOWS\system32\netlogon.dll - ok
19:00:53.0890 0x05c8  [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] D:\WINDOWS\system32\w32time.dll
19:00:53.0890 0x05c8  D:\WINDOWS\system32\w32time.dll - ok
19:00:53.0890 0x05c8  [ 22D7E027DD7B81EDAA0BCDCC02449B86, 39DBE05A8A391DE71AEF93956A720B4086CE58549074B2F0C322283472105352 ] D:\WINDOWS\system32\wdigest.dll
19:00:53.0890 0x05c8  D:\WINDOWS\system32\wdigest.dll - ok
19:00:53.0890 0x05c8  [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] D:\WINDOWS\system32\rsaenh.dll
19:00:53.0890 0x05c8  D:\WINDOWS\system32\rsaenh.dll - ok
19:00:53.0906 0x05c8  [ 798D5AE675FD3A9B7CB836112C0EEC78, A83BED504EA1E620A623C27BFEF19800D58E92A7DA55EFB5673F43D530188FD2 ] D:\WINDOWS\system32\winscard.dll
19:00:53.0906 0x05c8  D:\WINDOWS\system32\winscard.dll - ok
19:00:53.0906 0x05c8  [ 0752206793CCA5825C0F8E863D83D81E, 44DBF61778B46D4BF3F73A9E4467DD2AC2523CC31211BFBF1AFFEAA1E4D28F72 ] D:\WINDOWS\system32\wtsapi32.dll
19:00:53.0906 0x05c8  D:\WINDOWS\system32\wtsapi32.dll - ok
19:00:53.0906 0x05c8  [ 5132443DF6FC3771A17AB4AE55DCBC28, EA8E278FE638FA3ADA33983C2D4AFEB04298EEE87982EE2BA0804751D6BE0CD0 ] D:\WINDOWS\system32\scecli.dll
19:00:53.0906 0x05c8  D:\WINDOWS\system32\scecli.dll - ok
19:00:53.0906 0x05c8  [ ECA673779ECD27D674953D692FE070F6, 6FBCAF6C347E06032C63B72261785109D0929BE1B23CA5465995803951954616 ] D:\WINDOWS\system32\ati2evxx.exe
19:00:53.0906 0x05c8  D:\WINDOWS\system32\ati2evxx.exe - ok
19:00:53.0906 0x05c8  [ D2DED3C333A5D9CB3F4C244B0F0DD877, 5C1D6C2520C24B12AC99B4B1AB8A0C41052B78CEC2E8B52807057B09A03AD81F ] D:\WINDOWS\system32\drivers\mbam.sys
19:00:53.0906 0x05c8  D:\WINDOWS\system32\drivers\mbam.sys - ok
19:00:53.0921 0x05c8  [ FB48C9B0B6382D5AEA6AEEDBDAEA55A3, EDCFB7CBEBCEA04AAF96C2DABD83B338CAB0F367F1E7274FDF973F6B3F0C771C ] D:\WINDOWS\system32\cfgmgr32.dll
19:00:53.0921 0x05c8  D:\WINDOWS\system32\cfgmgr32.dll - ok
19:00:53.0921 0x05c8  [ C8C0BDABC966B6C24D337DF0A0A399E1, 2A8376BC6EC1B2A8B632051C47A8A5106B984887774CFEBD2624F58D73BA8E66 ] D:\WINDOWS\system32\powrprof.dll
19:00:53.0921 0x05c8  D:\WINDOWS\system32\powrprof.dll - ok
19:00:53.0921 0x05c8  [ 4FBC75B74479C7A6F829E0CA19DF3366, A42568851B48FB9924B3FE18C8A0F3CEECD850254257CFE6C5F168C08F408EF0 ] D:\WINDOWS\system32\svchost.exe
19:00:53.0921 0x05c8  D:\WINDOWS\system32\svchost.exe - ok
19:00:53.0921 0x05c8  [ 65ABA37DE32716D6D1164216DB6263BA, DA2C2781F1D9080549CC1E7B0AA3EA1B4C982A96B845853C53B8485BE4A6433E ] D:\WINDOWS\system32\ntmarta.dll
19:00:53.0921 0x05c8  D:\WINDOWS\system32\ntmarta.dll - ok
19:00:53.0921 0x05c8  [ E970C2296916BF4A2F958680016FE312, ED7FA2854D12D82A0E58536702C7DCD89E274677B113B6974AED4B276FAA4DF4 ] D:\WINDOWS\system32\rpcss.dll
19:00:53.0921 0x05c8  D:\WINDOWS\system32\rpcss.dll - ok
19:00:53.0937 0x05c8  [ FDB5E2CA5763E37E1D19B7C4AFAE8055, 054F909CF48C9546F7F7A703AB66A50FE10A76CC384265551896854155A8366C ] D:\WINDOWS\system32\xpsp2res.dll
19:00:53.0937 0x05c8  D:\WINDOWS\system32\xpsp2res.dll - ok
19:00:53.0937 0x05c8  [ 04955AA695448C181B367D964AF158AA, 4C6A6FCB3D882D93E1643D8DA555D04625BEE5D6C279FF98879C2A7410635BF2 ] D:\WINDOWS\system32\eventlog.dll
19:00:53.0937 0x05c8  D:\WINDOWS\system32\eventlog.dll - ok
19:00:53.0937 0x05c8  [ 68169471FA71B327ED009B80CDDC82DE, 70FDB4F3E4EBA7D93B233D9BDDAAAADE998EE128174A11091AB3C5438C84DD6D ] D:\WINDOWS\system32\ati2edxx.dll
19:00:53.0937 0x05c8  D:\WINDOWS\system32\ati2edxx.dll - ok
19:00:53.0937 0x05c8  [ DF585DE3B2AE3CE0FB72EB562BB989A7, 599F391B640FA62AA2F81733791556BEFD4894E71C04C7C3031E184B334A905D ] D:\WINDOWS\system32\atipdlxx.dll
19:00:53.0937 0x05c8  D:\WINDOWS\system32\atipdlxx.dll - ok
19:00:53.0937 0x05c8  [ F12B9D9A069331877D006CC81B4735F9, 28EEE4A21412174BE0CAF7B041DAAB8299AA59EA5F6E41B8AFDD1A4DA770C793 ] D:\WINDOWS\system32\mswsock.dll
19:00:53.0937 0x05c8  D:\WINDOWS\system32\mswsock.dll - ok
19:00:53.0953 0x05c8  [ 0DAF0705D7B39C94E287913226688804, 6757E08E027B31740DC829F3EF498D45C4D6C1E74CEE7F9711235C15D43AC5A7 ] D:\WINDOWS\system32\hnetcfg.dll
19:00:53.0953 0x05c8  D:\WINDOWS\system32\hnetcfg.dll - ok
19:00:53.0953 0x05c8  [ 02AF8A799D173C2D0C71F399C03AC9E1, 2337951BAFD3BDCB0102BFAD672354D8C1C2DFDE23AC531F87CE0F0C8B55C851 ] D:\WINDOWS\system32\wshtcpip.dll
19:00:53.0953 0x05c8  D:\WINDOWS\system32\wshtcpip.dll - ok
19:00:53.0953 0x05c8  [ 469FED8597896DB77B49384BE90E2E0A, E811D47288AFEC01013A5D907107312A742175384B9BDAC0F9A710EFF70B120B ] D:\WINDOWS\system32\rasadhlp.dll
19:00:53.0953 0x05c8  D:\WINDOWS\system32\rasadhlp.dll - ok
19:00:53.0953 0x05c8  [ 4934FF44C8B6AE7B4CA0118B3D2CF666, AD33FCDCE79EF82B00AD0B0D08F201C242FA809A110A70968B1D3FB4E7C5170F ] D:\WINDOWS\system32\winrnr.dll
19:00:53.0953 0x05c8  D:\WINDOWS\system32\winrnr.dll - ok
19:00:53.0968 0x05c8  [ 41CCC4CD535579D27AEAB485B36CEB9E, 5453E3056EE42579A612BD1A177E3C57A128803189AD8CB91EE2D228FC475D19 ] D:\WINDOWS\system32\wshbth.dll
19:00:53.0968 0x05c8  D:\WINDOWS\system32\wshbth.dll - ok
19:00:53.0968 0x05c8  [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] D:\WINDOWS\system32\dhcpcsvc.dll
19:00:53.0968 0x05c8  D:\WINDOWS\system32\dhcpcsvc.dll - ok
19:00:53.0968 0x05c8  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] D:\WINDOWS\system32\drivers\ndisuio.sys
19:00:53.0968 0x05c8  D:\WINDOWS\system32\drivers\ndisuio.sys - ok
19:00:53.0968 0x05c8  [ 8C9ED3B2834AAE63081AB2DA831C6FE9, 87D2931A5CD3658A28072BEC3F28384B91CC3B19D072CE9C69F119B80671C163 ] D:\WINDOWS\system32\dnsrslvr.dll
19:00:53.0968 0x05c8  D:\WINDOWS\system32\dnsrslvr.dll - ok
19:00:53.0968 0x05c8  [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] D:\WINDOWS\system32\lmhsvc.dll
19:00:53.0968 0x05c8  D:\WINDOWS\system32\lmhsvc.dll - ok
19:00:53.0984 0x05c8  [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] D:\WINDOWS\system32\wzcsvc.dll
19:00:53.0984 0x05c8  D:\WINDOWS\system32\wzcsvc.dll - ok
19:00:53.0984 0x05c8  [ 6F5ABF78CEB2A64DAC1CD8A8A04E30A5, 8524937F4B8CB1E3BA8737BA36952B2913A42BBCC4890664A616EEF591641FB0 ] D:\WINDOWS\system32\atl.dll
19:00:53.0984 0x05c8  D:\WINDOWS\system32\atl.dll - ok
19:00:53.0984 0x05c8  [ 6B08275230504D5112CE379A3D9DF8D9, 4E8342BDACA2A721FCB16F76DF0F3B5408F1AE4856CEA6F71A51E9DFDA15D0E0 ] D:\WINDOWS\system32\dot3api.dll
19:00:53.0984 0x05c8  D:\WINDOWS\system32\dot3api.dll - ok
19:00:53.0984 0x05c8  [ 27EE4C04D81A9B5658C819C43221598B, 51650B93D67732BFB5E1FA156A320607E233A36047064E9843E3E15498A22547 ] D:\WINDOWS\system32\eapolqec.dll
19:00:53.0984 0x05c8  D:\WINDOWS\system32\eapolqec.dll - ok
19:00:53.0984 0x05c8  [ EC9DB893C89020C2B95D301429535162, C08DD59C71C3ACEAA5491D1AC10237FBE64962DC66DA9BB981A09B62658EFBF7 ] D:\WINDOWS\system32\esent.dll
19:00:53.0984 0x05c8  D:\WINDOWS\system32\esent.dll - ok
19:00:54.0000 0x05c8  [ 06BE178035B554A7638CC45030DFB7A5, AEEDDA78470A951B742B04F9FD429006EFCB0E9097BE871037B3931F2D997745 ] D:\WINDOWS\system32\qutil.dll
19:00:54.0000 0x05c8  D:\WINDOWS\system32\qutil.dll - ok
19:00:54.0000 0x05c8  [ 7CC640E3B8D427752F1D5B1093609338, 1CB2CFBE00D6017736E2CA40E2A8B7344427C864BDAD2E936AD76D9B88360114 ] D:\WINDOWS\system32\rtutils.dll
19:00:54.0000 0x05c8  D:\WINDOWS\system32\rtutils.dll - ok
19:00:54.0000 0x05c8  [ 43AD9160D7AF6E7EAD00B485EBBAB6A5, BCC321C85162CA13482323B00028880854B7EC5B9BF53FE28B93EB01A73C43C8 ] D:\WINDOWS\system32\wmi.dll
19:00:54.0000 0x05c8  D:\WINDOWS\system32\wmi.dll - ok
19:00:54.0000 0x05c8  [ 78CC39AD817831F5BAD2B5D79A299F25, A5146E0FDD520AFA62F7A7B1C403E86DC2C6F7139BD9F1FD28B77473CF753117 ] D:\WINDOWS\system32\clbcatq.dll
19:00:54.0000 0x05c8  D:\WINDOWS\system32\clbcatq.dll - ok
19:00:54.0015 0x05c8  [ D0DE8A2EC95184E5193BB4B3112E29DF, 533EDAC06B30E3BA7BC65398D2C1067A0B6015E17A339439DECCD2B13EC1E9BB ] D:\WINDOWS\system32\comres.dll
19:00:54.0015 0x05c8  D:\WINDOWS\system32\comres.dll - ok
19:00:54.0015 0x05c8  [ F2FBB810CEE3E25F8F923959C400E457, A63C42197D321B1BEB44C7BD28AD74BA27D7AD9D33387BEC5759E8AEB63E3D6E ] D:\WINDOWS\system32\logonui.exe
19:00:54.0015 0x05c8  D:\WINDOWS\system32\logonui.exe - ok
19:00:54.0015 0x05c8  [ B1CDCB462C2B50F0D66E755D2B285820, 51655195D017FEEF9AA4039D493C840BDDDC4258C8723C58C562A69355C9C2C2 ] D:\WINDOWS\system32\rastls.dll
19:00:54.0015 0x05c8  D:\WINDOWS\system32\rastls.dll - ok
19:00:54.0015 0x05c8  [ DB326A97E844964AF487D6FFDE28256B, 939E16FD9AD3D9D91DAA858802FD84045AD743B4126DB9A2E0930CC117547AEB ] D:\WINDOWS\system32\ati2evxx.dll
19:00:54.0015 0x05c8  D:\WINDOWS\system32\ati2evxx.dll - ok
19:00:54.0015 0x05c8  [ 8395FB1049CB49B2C14C3CACDF9B2B5A, 0253C0A8B38AECE84BC602EB626FF6D147EACEFB31BC6DA5FACDB1588C3645A4 ] D:\WINDOWS\system32\cryptui.dll
19:00:54.0015 0x05c8  D:\WINDOWS\system32\cryptui.dll - ok
19:00:54.0031 0x05c8  [ BDB7897C7845025C085EA76B7210150E, F99F1B4ECED2094B622BD81FC7EA9D1EB283350A9AFEE5B56843ED8BA8C2E002 ] D:\WINDOWS\system32\duser.dll
19:00:54.0031 0x05c8  D:\WINDOWS\system32\duser.dll - ok
19:00:54.0031 0x05c8  [ D1A962D2DA4241977634365E33DB2417, D589D6D92FD916A06C8024CCD48B31045E66963D98263DFC53A055662CEA2737 ] D:\WINDOWS\system32\cscdll.dll
19:00:54.0031 0x05c8  D:\WINDOWS\system32\cscdll.dll - ok
19:00:54.0031 0x05c8  [ 2449D2A51EA2083FA05058F7CEF44714, 3291589AEC31C553C35B54B2D9082BB83035ADA5B68ABBB351E3AE3E0A9ED18B ] D:\WINDOWS\system32\dimsntfy.dll
19:00:54.0031 0x05c8  D:\WINDOWS\system32\dimsntfy.dll - ok
19:00:54.0031 0x05c8  [ DC4E223F5813150073FB5CC63D13293B, 7420E02BD2C81B74E2F9CDFA7B43F087EFE0D086A85DED453B4B65A3280B1A8A ] D:\WINDOWS\system32\msimg32.dll
19:00:54.0031 0x05c8  D:\WINDOWS\system32\msimg32.dll - ok
19:00:54.0031 0x05c8  [ DF2A4BD2F67F35D803F5342046BA07C6, 6F3E349F90AD65D8777ED6930838A67393892CA082511B211938009BD8E958E0 ] D:\WINDOWS\system32\oleacc.dll
19:00:54.0031 0x05c8  D:\WINDOWS\system32\oleacc.dll - ok
19:00:54.0046 0x05c8  [ B4AEE98A48917B274FACFB78BBE0BC84, D5E64C865B09B54212A5D80BE757E01FB8E8486CA2C95D3387CC2869E0A484D0 ] D:\WINDOWS\system32\wininet.dll
19:00:54.0046 0x05c8  D:\WINDOWS\system32\wininet.dll - ok
19:00:54.0046 0x05c8  [ 85D87ABB3889CE139BFFD7C7CBAC396B, 940BC0718EE819500A12F6F6D29CEE87C320CC37284DE591A3DC72545972A14C ] D:\WINDOWS\system32\wlnotify.dll
19:00:54.0046 0x05c8  D:\WINDOWS\system32\wlnotify.dll - ok
19:00:54.0046 0x05c8  [ E12D149442BBFEA6AA952327B2EA0079, FCCF3B9436632628DF34472DBE61B6DE5FE3C71280420DA23DF0769BEA2E3792 ] D:\WINDOWS\system32\winspool.drv
19:00:54.0046 0x05c8  D:\WINDOWS\system32\winspool.drv - ok
19:00:54.0046 0x05c8  [ C310CEAF283A8B5D4100E7C81E711F74, C9BE6CF66EE33FBF8295F66C6A5EA27D1FA503C950940A425E48DD0182DC77BD ] D:\WINDOWS\system32\mprapi.dll
19:00:54.0046 0x05c8  D:\WINDOWS\system32\mprapi.dll - ok
19:00:54.0062 0x05c8  [ 210199B7F3F632A95C29C916B040EABE, D535E25C508CD2CF2DB7C6FF9DE5E542590E152A90F9DD494B9D3AD358462B39 ] D:\WINDOWS\system32\activeds.dll
19:00:54.0062 0x05c8  D:\WINDOWS\system32\activeds.dll - ok
19:00:54.0062 0x05c8  [ DEF910C95F7C0C9B36C9A90EE25C924E, 3685026FC70CA6B0F40962C87D5A5B4B0B24EDDB68AA8CD5D4586EBD6C6B1238 ] D:\WINDOWS\system32\adsldpc.dll
19:00:54.0062 0x05c8  D:\WINDOWS\system32\adsldpc.dll - ok
19:00:54.0062 0x05c8  [ 8DD8B3F22B6E6E62D6D113AB319D1839, A807EC807945DB938D24A17152CBB939A612FF27D0377B8E29133B2CD3BB76DD ] D:\WINDOWS\system32\shgina.dll
19:00:54.0062 0x05c8  D:\WINDOWS\system32\shgina.dll - ok
19:00:54.0062 0x05c8  [ FC5F5F2EC1676C7CD898155B6546D2AE, 03590813360B76FD7B27D7FA19FA418FCA135ED4B31E205043F26673C9012795 ] D:\WINDOWS\system32\rasapi32.dll
19:00:54.0062 0x05c8  D:\WINDOWS\system32\rasapi32.dll - ok
19:00:54.0062 0x05c8  [ D4A61C9CFD998B132541C658E60C239D, 36A935942C1AF961EAEDE0D15DE889B9F4DAC36E24DD1666ABB685AE3691B71F ] D:\WINDOWS\system32\rasman.dll
19:00:54.0062 0x05c8  D:\WINDOWS\system32\rasman.dll - ok
19:00:54.0078 0x05c8  [ 995857A5138976FAEE6455F00033F607, 46EBA315DA3DC227A1173D9A6F1EA1242A8C20F54BEFF20BB83A2D09636B2458 ] D:\WINDOWS\system32\tapi32.dll
19:00:54.0078 0x05c8  D:\WINDOWS\system32\tapi32.dll - ok
19:00:54.0078 0x05c8  [ B4B91D8615D022B4143B9AED662008D1, EE719D9ACEBBC92D59E150423884E25343B1D6E0447555CF5588E2D1477BD2F7 ] D:\WINDOWS\system32\riched20.dll
19:00:54.0078 0x05c8  D:\WINDOWS\system32\riched20.dll - ok
19:00:54.0078 0x05c8  [ FED5D601190B0CCD6A625C92FACDDC74, 93BACE8F4895E7AE5420FCA94673975CE2A099A393B8410D9A7F2DEB806F123B ] D:\WINDOWS\system32\raschap.dll
19:00:54.0078 0x05c8  D:\WINDOWS\system32\raschap.dll - ok
19:00:54.0078 0x05c8  [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] D:\WINDOWS\system32\schedsvc.dll
19:00:54.0078 0x05c8  D:\WINDOWS\system32\schedsvc.dll - ok
19:00:54.0078 0x05c8  [ C52B07091AD6E6201FA535686E5642FA, 95E646E10B611BC6B63257AB84012543AD82CF2995B348E367116264E5FA475D ] D:\WINDOWS\system32\msidle.dll
19:00:54.0078 0x05c8  D:\WINDOWS\system32\msidle.dll - ok
19:00:54.0093 0x05c8  [ 39356A9CDB6753A6D13A4072A9F5A4BB, 7E41478460B0FFE7606F245B74AD60244816F4523FD4355C26BADF724BCE6575 ] D:\WINDOWS\system32\spoolsv.exe
19:00:54.0093 0x05c8  D:\WINDOWS\system32\spoolsv.exe - ok
19:00:54.0093 0x05c8  [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] D:\WINDOWS\system32\audiosrv.dll
19:00:54.0093 0x05c8  D:\WINDOWS\system32\audiosrv.dll - ok
19:00:54.0093 0x05c8  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] D:\WINDOWS\system32\drivers\mrxdav.sys
19:00:54.0093 0x05c8  D:\WINDOWS\system32\drivers\mrxdav.sys - ok
19:00:54.0093 0x05c8  [ C0DB1E9367681ECD7ECCA9615C1D0F9B, 0CB18C35032E39163645C1761A9488639D2EF0643D856FDAA013BFF8A69DC744 ] D:\WINDOWS\system32\wkssvc.dll
19:00:54.0093 0x05c8  D:\WINDOWS\system32\wkssvc.dll - ok
19:00:54.0109 0x05c8  [ 9621BE9F6EA24F3D7F09B07853CB5AC8, 289B6CF50AB088D474C84634A0469502153EED94BFBD11396E574451B0E8EF1C ] D:\WINDOWS\system32\spoolss.dll
19:00:54.0109 0x05c8  D:\WINDOWS\system32\spoolss.dll - ok
19:00:54.0109 0x05c8  [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] D:\WINDOWS\system32\webclnt.dll
19:00:54.0109 0x05c8  D:\WINDOWS\system32\webclnt.dll - ok
19:00:54.0109 0x05c8  [ 6582453D9A23287F6DCA15B82D339A48, 7FE6EE258F7017C8EEB36A2F8FF66B47C8662957A42EEE97BCDC46176EB014F0 ] D:\WINDOWS\system32\localspl.dll
19:00:54.0109 0x05c8  D:\WINDOWS\system32\localspl.dll - ok
19:00:54.0109 0x05c8  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] D:\WINDOWS\system32\drivers\fastfat.sys
19:00:54.0109 0x05c8  D:\WINDOWS\system32\drivers\fastfat.sys - ok
19:00:54.0109 0x05c8  [ F0C803D84B89B2EA3CDB5580CECC15E3, 03E6A3261DDA5341B294CA1742E6569EB805038A31EA6C969318FB280A3CCBBA ] D:\WINDOWS\system32\wsock32.dll
19:00:54.0109 0x05c8  D:\WINDOWS\system32\wsock32.dll - ok
19:00:54.0125 0x05c8  [ 7E7D8DD0AFC6EFAA7F39CCF7B222D751, 244946BB067BBD573570417A3C042412A2CFC2AEED23411DB30A1223C2D733DD ] D:\WINDOWS\system32\certcli.dll
19:00:54.0125 0x05c8  D:\WINDOWS\system32\certcli.dll - ok
19:00:54.0125 0x05c8  [ CD1A323D787B738DDE0D62AA28214E16, 537C716DCC3F173580F6A34D31CBB099D0AFF57B5A31E737F4A41C8BCF041CB5 ] D:\WINDOWS\system32\cnbjmon.dll
19:00:54.0125 0x05c8  D:\WINDOWS\system32\cnbjmon.dll - ok
19:00:54.0125 0x05c8  [ 6CD9B4F273997E04EB548969C4AAEAA1, D3540729FDF61CCBB8CED7DFC3CAB4A1616409AD93F4663FD0C6B3EA42E3FDBA ] D:\WINDOWS\system32\CNMLM64.DLL
19:00:54.0125 0x05c8  D:\WINDOWS\system32\CNMLM64.DLL - ok
19:00:54.0125 0x05c8  [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] D:\WINDOWS\system32\cryptsvc.dll
19:00:54.0125 0x05c8  D:\WINDOWS\system32\cryptsvc.dll - ok
19:00:54.0125 0x05c8  [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] D:\WINDOWS\system32\drivers\parvdm.sys
19:00:54.0125 0x05c8  D:\WINDOWS\system32\drivers\parvdm.sys - ok
19:00:54.0140 0x05c8  [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] D:\WINDOWS\system32\dmserver.dll
19:00:54.0140 0x05c8  D:\WINDOWS\system32\dmserver.dll - ok
19:00:54.0140 0x05c8  [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] D:\WINDOWS\system32\ersvc.dll
19:00:54.0140 0x05c8  D:\WINDOWS\system32\ersvc.dll - ok
19:00:54.0140 0x05c8  [ 9B0B5DF56025F6E48C17C7BA75310D35, 11769BD4B25A6C139A347893E543935F85BD357B6EEEC65F174EA94531CD1D46 ] D:\WINDOWS\system32\pjlmon.dll
19:00:54.0140 0x05c8  D:\WINDOWS\system32\pjlmon.dll - ok
19:00:54.0140 0x05c8  [ CA8AA75C4DC6A48D65949A30CE46C970, 36315F9335ECECC839B6479A1B772F2B2CDC8CF8891E93507018ACBBF7231063 ] D:\WINDOWS\system32\tcpmon.dll
19:00:54.0140 0x05c8  D:\WINDOWS\system32\tcpmon.dll - ok
19:00:54.0140 0x05c8  [ 9696786759C4B43FA5C894747E893EA2, 4E68CD3A109EF892F09E2A2E7805A53969B512E7F427A09880E2C2082513929F ] D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
19:00:54.0140 0x05c8  D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe - ok
19:00:54.0156 0x05c8  [ 86F1895AE8C5E8B17D99ECE768A70732, 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE ] D:\Programme\Gemeinsame Dateien\LightScribe\msvcr71.dll
19:00:54.0156 0x05c8  D:\Programme\Gemeinsame Dateien\LightScribe\msvcr71.dll - ok
19:00:54.0156 0x05c8  [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
19:00:54.0156 0x05c8  D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
19:00:54.0156 0x05c8  [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C, 8FB19E57429EA5C35C43DADC9C37088A9AD6D039067DA7920DD6A3C9287D0FED ] D:\WINDOWS\system32\es.dll
19:00:54.0156 0x05c8  D:\WINDOWS\system32\es.dll - ok
19:00:54.0156 0x05c8  [ 1B07F9455F2354120B5E0F7FD0DE21E7, 03E88E4499188CE01646BD16D14A15BAD1F4BEB04D5AF55C3331E28FF14E5B16 ] D:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL
19:00:54.0156 0x05c8  D:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL - ok
19:00:54.0171 0x05c8  [ E7BB3BF2DFDF4483DFF8A4AB05805416, 596CC4D6E8D3253D29EA0BE7FD01F44BD585910EBBD5D8B49C8911C7BC068470 ] D:\WINDOWS\system32\usbmon.dll
19:00:54.0171 0x05c8  D:\WINDOWS\system32\usbmon.dll - ok
19:00:54.0171 0x05c8  [ 8E1714FC6103F585F00CF2FA883EB33A, A50446B68792AAE4409F4CF150052835D86760FFE49E9D27B5BB719339C1E223 ] D:\WINDOWS\system32\hid.dll
19:00:54.0171 0x05c8  D:\WINDOWS\system32\hid.dll - ok
19:00:54.0171 0x05c8  [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] D:\WINDOWS\system32\hidserv.dll
19:00:54.0171 0x05c8  D:\WINDOWS\system32\hidserv.dll - ok
19:00:54.0171 0x05c8  [ D6EB4916B203CBE525F8EFF5FD5AB16C, 93C0F25E7D018B85FE8725EF39F25AED80698D39356FA8FC9CA534F68C430EE8 ] D:\WINDOWS\system32\srvsvc.dll
19:00:54.0171 0x05c8  D:\WINDOWS\system32\srvsvc.dll - ok
19:00:54.0171 0x05c8  [ 561FA2ABB31DFA8FAB762145F81667C2, DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B ] D:\Programme\Gemeinsame Dateien\LightScribe\msvcp71.dll
19:00:54.0171 0x05c8  D:\Programme\Gemeinsame Dateien\LightScribe\msvcp71.dll - ok
19:00:54.0187 0x05c8  [ A3962F4BBFE699B7EFFBBADE608E314F, C25CC5F546BE13C4632009C4D30522AC7EA4AAA76D88C70E11B336BBD2FE48B4 ] D:\WINDOWS\system32\netmsg.dll
19:00:54.0187 0x05c8  D:\WINDOWS\system32\netmsg.dll - ok
19:00:54.0187 0x05c8  [ 4333010681772735474A64D984F175AB, 8A5795DEDD12B91562984AEB6F0A0D692A113ECAB66CC0365DC1FB0258E87802 ] D:\WINDOWS\system32\win32spl.dll
19:00:54.0187 0x05c8  D:\WINDOWS\system32\win32spl.dll - ok
19:00:54.0187 0x05c8  [ 0E892525F035A10857E33153CF65CE6C, D3C18126CCC1B59A90E28CDCAEA2CE3129081E5511C2F3428A39F2168EE9D3F9 ] D:\WINDOWS\system32\netrap.dll
19:00:54.0187 0x05c8  D:\WINDOWS\system32\netrap.dll - ok
19:00:54.0187 0x05c8  [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] D:\WINDOWS\system32\drivers\srv.sys
19:00:54.0187 0x05c8  D:\WINDOWS\system32\drivers\srv.sys - ok
19:00:54.0187 0x05c8  [ 4BAB096EE0673DE722536F0274DA2373, FFAC271F8E690695C65000204816D78D6E152B3E46091D9643FC6693AE5981E2 ] D:\WINDOWS\system32\inetpp.dll
19:00:54.0187 0x05c8  D:\WINDOWS\system32\inetpp.dll - ok
19:00:54.0203 0x05c8  [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] D:\Programme\Malwarebam\mbamscheduler.exe
19:00:54.0203 0x05c8  D:\Programme\Malwarebam\mbamscheduler.exe - ok
19:00:54.0203 0x05c8  [ A422816A15CFAC50567FD0F6582FD2CF, 0AA6588C63F53962E2D3665159BAE7402F43BEC0136A48DE39FE977430CA7B5A ] D:\Programme\Malwarebam\mbamsrv.dll
19:00:54.0203 0x05c8  D:\Programme\Malwarebam\mbamsrv.dll - ok
19:00:54.0203 0x05c8  [ 61AF7614418BA5B9E8B4EB82E459BE53, 828ABEF68681C061E93FA61E7D12AEAB6D67ABBE597BC207DF0E6DB185C95C72 ] D:\Programme\Malwarebam\QtCore4.dll
19:00:54.0203 0x05c8  D:\Programme\Malwarebam\QtCore4.dll - ok
19:00:54.0203 0x05c8  [ CA55500E2E0515FCC888C4A5E01E64B7, 053910D883931A776F71AF8CF3A15837524B65B933C09038E51F40FCB7B959D2 ] D:\Programme\Malwarebam\msvcp100.dll
19:00:54.0203 0x05c8  D:\Programme\Malwarebam\msvcp100.dll - ok
19:00:54.0218 0x05c8  [ 4C539E592E50633B21AB1E1FDA40A32A, F07F846E1BFA7AE1B5FE835BCB34CCD2FA671B865415EF2A9C6EB8972D3A0E0C ] D:\Programme\Malwarebam\msvcr100.dll
19:00:54.0218 0x05c8  D:\Programme\Malwarebam\msvcr100.dll - ok
19:00:54.0218 0x05c8  [ 72DC0AFC9BDCFEB18F390B937A24E32C, 7E0396569EB37E1520F01B99EDE0B906BD032C8410B2F02DD6F2B0C2F07E0D46 ] D:\WINDOWS\system32\ipsecsvc.dll
19:00:54.0218 0x05c8  D:\WINDOWS\system32\ipsecsvc.dll - ok
19:00:54.0218 0x05c8  [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] D:\WINDOWS\system32\netman.dll
19:00:54.0218 0x05c8  D:\WINDOWS\system32\netman.dll - ok
19:00:54.0218 0x05c8  [ 121E5C473F0AD53BCFDB6E8181C44F81, 82E8036DD29249E826582D8933B04571AAE7B17EDD945B7928C8878DF3D0E454 ] D:\WINDOWS\system32\netshell.dll
19:00:54.0218 0x05c8  D:\WINDOWS\system32\netshell.dll - ok
19:00:54.0218 0x05c8  [ A3101C65133F0E3FCFF3ABA073BBA89C, 3041B0031E6834248DE5CD7766E8897DA65099D684F508878768212F17ED537D ] D:\WINDOWS\system32\oakley.dll
19:00:54.0218 0x05c8  D:\WINDOWS\system32\oakley.dll - ok
19:00:54.0234 0x05c8  [ 1F975474A91306BEFF9A2314A88DB3BF, 9A839FF98353AADA54D66EF57D7AF168E27E845C203C83087EA8CB12A8871430 ] D:\WINDOWS\system32\pstorsvc.dll
19:00:54.0234 0x05c8  D:\WINDOWS\system32\pstorsvc.dll - ok
19:00:54.0234 0x05c8  [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] D:\WINDOWS\system32\regsvc.dll
19:00:54.0234 0x05c8  D:\WINDOWS\system32\regsvc.dll - ok
19:00:54.0234 0x05c8  [ C6D9B9487143C455C26BFA3D8BE7C445, 073F10A6216F517710167813B0D0ADD8A261FAC033F8C8948BA5BCACD32D9E57 ] D:\WINDOWS\system32\winipsec.dll
19:00:54.0234 0x05c8  D:\WINDOWS\system32\winipsec.dll - ok
19:00:54.0234 0x05c8  [ AB0B97A27AA94AB681F0B0DD7C1B5E89, F0CA25154DABE472ADB4D9A21EEC715E5D91D076CE079D2191E5D0AC1EB90BEE ] D:\WINDOWS\system32\psbase.dll
19:00:54.0234 0x05c8  D:\WINDOWS\system32\psbase.dll - ok
19:00:54.0234 0x05c8  [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] D:\WINDOWS\system32\dssenh.dll
19:00:54.0234 0x05c8  D:\WINDOWS\system32\dssenh.dll - ok
19:00:54.0250 0x05c8  [ AFF1657382B09291DCB40ECFD2B673F2, F565C41416E13F6C73A063EC7FC393F6E8D0F3F4B3C0F04EEBA3D36220836537 ] D:\WINDOWS\system32\credui.dll
19:00:54.0250 0x05c8  D:\WINDOWS\system32\credui.dll - ok
19:00:54.0250 0x05c8  [ AE1BFF56A081E11208AFFCC7209BF5CE, 800E32D54181A1001780B8FC84ACF4646C02FEFBD32D12B8881FA1CDD0C3D20F ] D:\WINDOWS\system32\dot3dlg.dll
19:00:54.0250 0x05c8  D:\WINDOWS\system32\dot3dlg.dll - ok
19:00:54.0250 0x05c8  [ 14FA15EF89423FBFE55F55BB892C5CF2, F002C5A226FE14956752CA49822FC785639CD4B8F9C7687392062E0CE44D1EA7 ] D:\WINDOWS\system32\eappcfg.dll
19:00:54.0250 0x05c8  D:\WINDOWS\system32\eappcfg.dll - ok
19:00:54.0250 0x05c8  [ D6633FC7D1FCE7DCD7A1FE2564DC4FA6, EE96500063A6114F0EBC56026A39ABA62A83D3E12509E6F3187B9BC9426661DF ] D:\WINDOWS\system32\eappprxy.dll
19:00:54.0250 0x05c8  D:\WINDOWS\system32\eappprxy.dll - ok
19:00:54.0265 0x05c8  [ 4BAC361B11D8C5F3B38EC668ADD95D60, 7F5719C1D04576B7FF51902C4ED0D10B5824935C18D3D98016E59102EB449A47 ] D:\WINDOWS\system32\onex.dll
19:00:54.0265 0x05c8  D:\WINDOWS\system32\onex.dll - ok
19:00:54.0265 0x05c8  [ 41696F6200C7151CC0A4A26816E3F577, 66B97C2CF41A6DB28A5118C09A63B95EA8C954698B52A19D457E20D90F85F353 ] D:\WINDOWS\system32\wzcsapi.dll
19:00:54.0265 0x05c8  D:\WINDOWS\system32\wzcsapi.dll - ok
19:00:54.0265 0x05c8  [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] D:\WINDOWS\system32\wiaservc.dll
19:00:54.0265 0x05c8  D:\WINDOWS\system32\wiaservc.dll - ok
19:00:54.0265 0x05c8  [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] D:\WINDOWS\system32\seclogon.dll
19:00:54.0265 0x05c8  D:\WINDOWS\system32\seclogon.dll - ok
19:00:54.0265 0x05c8  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] D:\WINDOWS\system32\sens.dll
19:00:54.0265 0x05c8  D:\WINDOWS\system32\sens.dll - ok
19:00:54.0281 0x05c8  [ C30D8C61884413FB35E241A2D98BD08F, E269FFAA5DC6E25F58D185C495F9B8EC054B1923963A0FF05D472392463FB3E3 ] D:\WINDOWS\system32\mscms.dll
19:00:54.0281 0x05c8  D:\WINDOWS\system32\mscms.dll - ok
19:00:54.0281 0x05c8  [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] D:\WINDOWS\system32\srsvc.dll
19:00:54.0281 0x05c8  D:\WINDOWS\system32\srsvc.dll - ok
19:00:54.0281 0x05c8  [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] D:\WINDOWS\system32\trkwks.dll
19:00:54.0281 0x05c8  D:\WINDOWS\system32\trkwks.dll - ok
19:00:54.0281 0x05c8  [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] D:\WINDOWS\system32\wbem\wmisvc.dll
19:00:54.0281 0x05c8  D:\WINDOWS\system32\wbem\wmisvc.dll - ok
19:00:54.0281 0x05c8  [ 6E3FFF4A95EA978E333E53FE7F47E7F6, A71185F0B786691058FFBDA6540BAEE6D95618CF678E26B26C2F522E695C2E70 ] D:\WINDOWS\system32\vssapi.dll
19:00:54.0281 0x05c8  D:\WINDOWS\system32\vssapi.dll - ok
19:00:54.0296 0x05c8  [ B42057F06BBB98B31876C0B3F2B54E33, 779AF28378E8D37E784BEDBEE23DCFFC6C9C9068180F2A9058C91047E33ED078 ] D:\WINDOWS\system32\browser.dll
19:00:54.0296 0x05c8  D:\WINDOWS\system32\browser.dll - ok
19:00:54.0296 0x05c8  [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] D:\WINDOWS\system32\wscsvc.dll
19:00:54.0296 0x05c8  D:\WINDOWS\system32\wscsvc.dll - ok
19:00:54.0296 0x05c8  [ 8C22083ED515DC94D575438662F0BE6A, 67DC2A393AE31764C090BE2AEFAD3E20220538152157BAEBF366112166FEAB23 ] D:\WINDOWS\system32\msi.dll
19:00:54.0296 0x05c8  D:\WINDOWS\system32\msi.dll - ok
19:00:54.0296 0x05c8  [ 18D926CD5F5BE2AA73EAD99C02BC719D, A4FC9EDCB1DA7AFDAB498BDD6245C035F19E478FA1C7F51192608B63F10D6DB8 ] D:\WINDOWS\system32\actxprxy.dll
19:00:54.0296 0x05c8  D:\WINDOWS\system32\actxprxy.dll - ok
19:00:54.0296 0x05c8  [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] D:\WINDOWS\system32\ipnathlp.dll
19:00:54.0296 0x05c8  D:\WINDOWS\system32\ipnathlp.dll - ok
19:00:54.0312 0x05c8  [ 8747DA0A28057B6EF2366E4C951A23F5, 96AC4AFEB8D2EB706A5AA58B2B3803F88E8B74774F8FC2C4F7D59A3A961AA70D ] D:\WINDOWS\system32\wbem\wbemcomn.dll
19:00:54.0312 0x05c8  D:\WINDOWS\system32\wbem\wbemcomn.dll - ok
19:00:54.0312 0x05c8  [ 8B42C14DA903681760079C1E12D8B4DA, 2527D3FEE00D645620AABC36D2701216FE7C72BCE5C4E6F2BF1EA4C04B26461B ] D:\WINDOWS\system32\wbem\wbemcore.dll
19:00:54.0312 0x05c8  D:\WINDOWS\system32\wbem\wbemcore.dll - ok
19:00:54.0312 0x05c8  [ 517A94B722F607B904061447939D7924, B705E2012BA66A257B91DD933238E5A9056BAAB5502DDC9F779F142A9A42772A ] D:\WINDOWS\system32\wbem\wbemprox.dll
19:00:54.0312 0x05c8  D:\WINDOWS\system32\wbem\wbemprox.dll - ok
19:00:54.0312 0x05c8  [ 5F07EDF60DC19981238A0D8A9622535D, 35CCC1B21968CA652A8882694895660BF862C72DFB561853D6EBA131B396F8FD ] D:\WINDOWS\system32\wbem\esscli.dll
19:00:54.0312 0x05c8  D:\WINDOWS\system32\wbem\esscli.dll - ok
19:00:54.0328 0x05c8  [ 3F2A4A47A2BCE0269B252550D1A2B471, E672F6A19563B715A96A1B9D13C521C865447DD2CEA65CED87A1A943C74FE8CA ] D:\WINDOWS\system32\wbem\fastprox.dll
19:00:54.0328 0x05c8  D:\WINDOWS\system32\wbem\fastprox.dll - ok
19:00:54.0328 0x05c8  [ 90075AE5778A16AD07A030377E2E95CD, 90039F8CC696B71B0D88A266B0234A1D8525843344280F55F35204DDE298BC0D ] D:\WINDOWS\system32\comsvcs.dll
19:00:54.0328 0x05c8  D:\WINDOWS\system32\comsvcs.dll - ok
19:00:54.0328 0x05c8  [ 17E6FA7A7EBE1864DD5DDCD66D2735DF, D32882B2CA1503C62A2A65594D95D951EA291726600658A453C4B65C69ABD391 ] D:\WINDOWS\system32\colbact.dll
19:00:54.0328 0x05c8  D:\WINDOWS\system32\colbact.dll - ok
19:00:54.0328 0x05c8  [ 89546F0070588D78EA7357583A4C04CB, 3A0912E1B20A1A5A48EDE869C3C9A8EB606CA72DEA9288751DDD0582B8A29E8A ] D:\WINDOWS\system32\mtxclu.dll
19:00:54.0328 0x05c8  D:\WINDOWS\system32\mtxclu.dll - ok
19:00:54.0328 0x05c8  [ B601A34A1BC3FFF07B005BC91FF58500, D0DBB43DA277BAA4ED116B873C27EC6CE37607683E427C3A854FDFDA151295A6 ] D:\WINDOWS\system32\clusapi.dll
19:00:54.0328 0x05c8  D:\WINDOWS\system32\clusapi.dll - ok
19:00:54.0343 0x05c8  [ 241F738F1F3F67297066898C6322E794, 4DD9A20D2EC7F7EC65529D6F53C54C98F7A3AB1A1C662ACBE46ECF3DA5589FF0 ] D:\WINDOWS\system32\resutils.dll
19:00:54.0343 0x05c8  D:\WINDOWS\system32\resutils.dll - ok
19:00:54.0343 0x05c8  [ F4E0C344DDBD3F1DD43B438009A06B77, 452BA14451E599B255A56793E30A096CA1F16C4A5F65C4CBDC2F54ECA21DAC51 ] D:\WINDOWS\system32\wbem\wbemsvc.dll
19:00:54.0343 0x05c8  D:\WINDOWS\system32\wbem\wbemsvc.dll - ok
19:00:54.0343 0x05c8  [ BBF69BCF56B41E590B3F52719D002DB3, 8C6DA6C5B19C3A2A8FF998120FFEFAEE0C82522BCFA4274CD1775DF98572200B ] D:\WINDOWS\system32\wbem\wmiutils.dll
19:00:54.0343 0x05c8  D:\WINDOWS\system32\wbem\wmiutils.dll - ok
19:00:54.0343 0x05c8  [ 61E5A4949B77DFF8A776C3C45383AF2E, E2CD4C4EC1868AB4AA133AC13272ACA65E09AF979447723975BEC514F3E9D629 ] D:\WINDOWS\system32\wbem\repdrvfs.dll
19:00:54.0343 0x05c8  D:\WINDOWS\system32\wbem\repdrvfs.dll - ok
19:00:54.0343 0x05c8  [ A7F9E133160AFC926AC272EB80C47C58, D383EBA825C1245391F1D91AAC3FD62C81CB31B4AF7FC79E374DC6AF0F245FF3 ] D:\WINDOWS\system32\wbem\wmiprvsd.dll
19:00:54.0343 0x05c8  D:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
19:00:54.0359 0x05c8  [ 885CE91BDCDECEDCA6DB0E59D48FB43D, D4725D4F00DA4142505F124BA987475E98D276F891A868D4B2477857F700A448 ] D:\WINDOWS\system32\wbem\wbemess.dll
19:00:54.0359 0x05c8  D:\WINDOWS\system32\wbem\wbemess.dll - ok
19:00:54.0359 0x05c8  [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] D:\WINDOWS\system32\alg.exe
19:00:54.0359 0x05c8  D:\WINDOWS\system32\alg.exe - ok
19:00:54.0359 0x05c8  [ F49D9D59B38311C3A2F6D1FC1C297BE4, D1555A774396AF2718D5278F4967BB6977BD62C495B824EF6F0B1379730B43FC ] D:\WINDOWS\system32\wuapi.dll
19:00:54.0359 0x05c8  D:\WINDOWS\system32\wuapi.dll - ok
19:00:54.0359 0x05c8  [ 755A529EF5EA3960835507A727FABE56, 3FAD58A7BFCD92F101EE44368562110A87FC5BCBDABAE85AFB98147BAB502A00 ] D:\WINDOWS\system32\wbem\ncprov.dll
19:00:54.0359 0x05c8  D:\WINDOWS\system32\wbem\ncprov.dll - ok
19:00:54.0375 0x05c8  [ B9E1B91828711D12BBF27C3A29255127, 947BD601908DBB4EDEF93D2EBD2603614895D4D34BF36DA1B8D7FBC91319F316 ] D:\WINDOWS\system32\netcfgx.dll
19:00:54.0375 0x05c8  D:\WINDOWS\system32\netcfgx.dll - ok
19:00:54.0375 0x05c8  [ C7636BA48F5BA08AD427E6FBECC32679, 5C11B849BC7758C96687A492A1BA48DAE5410A043BB2B333B29B6F82578A15A3 ] D:\WINDOWS\system32\wbem\wbemcons.dll
19:00:54.0375 0x05c8  D:\WINDOWS\system32\wbem\wbemcons.dll - ok
19:00:54.0375 0x05c8  [ 27EB9D671497EA236E6B59EB9EDE3607, 1AF79A10F1F3D67BF8826A92D9BA523499F2946009DB2619B0988CCAD8C44A63 ] D:\WINDOWS\system32\cscui.dll
19:00:54.0375 0x05c8  D:\WINDOWS\system32\cscui.dll - ok
19:00:54.0375 0x05c8  [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] D:\WINDOWS\system32\termsrv.dll
19:00:54.0375 0x05c8  D:\WINDOWS\system32\termsrv.dll - ok
19:00:54.0375 0x05c8  [ 39E63B4B76CB20E20949FCC6DE1BC630, F8A80D853B445E43C37BF5EC35CB9D789B2F8F0A09E1CA50368A547EC8BFD060 ] D:\WINDOWS\system32\icaapi.dll
19:00:54.0375 0x05c8  D:\WINDOWS\system32\icaapi.dll - ok
19:00:54.0390 0x05c8  [ F0D12C9FA5F8C3ED9329418FFDC4FE4C, 49BAD9620B6671470ADF7F114F241DDD7E6CB28AFCB2F563BAC5DAD520A5B9EB ] D:\WINDOWS\system32\mstlsapi.dll
19:00:54.0390 0x05c8  D:\WINDOWS\system32\mstlsapi.dll - ok
19:00:54.0390 0x05c8  [ 5A023A0A96A198A667A9FB42ACFA0D7F, 51C51D1F593D7B3EA68CF636D965B2E121984A7C72C650A52E01B2D100CDAE77 ] D:\WINDOWS\system32\dpcdll.dll
19:00:54.0390 0x05c8  D:\WINDOWS\system32\dpcdll.dll - ok
19:00:54.0390 0x05c8  [ BE2C8BD5F596535D534C785B04A3B741, 45873CE1C437B25CBF44C977569C30561830D0993C4116C6EBF400471DED0BB1 ] D:\WINDOWS\system32\wdmaud.drv
19:00:54.0390 0x05c8  D:\WINDOWS\system32\wdmaud.drv - ok
19:00:54.0390 0x05c8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] D:\WINDOWS\system32\drivers\wdmaud.sys
19:00:54.0390 0x05c8  D:\WINDOWS\system32\drivers\wdmaud.sys - ok
19:00:54.0390 0x05c8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] D:\WINDOWS\system32\drivers\sysaudio.sys
19:00:54.0390 0x05c8  D:\WINDOWS\system32\drivers\sysaudio.sys - ok
19:00:54.0406 0x05c8  [ 788F95312E26389D596C0FA55834E106, F7090C739CFC4AA6280BFEDC1551118F05A098B0AD71BB9541E21E6FDFED3040 ] D:\WINDOWS\system32\userinit.exe
19:00:54.0406 0x05c8  D:\WINDOWS\system32\userinit.exe - ok
19:00:54.0406 0x05c8  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] D:\WINDOWS\system32\drivers\aec.sys
19:00:54.0406 0x05c8  D:\WINDOWS\system32\drivers\aec.sys - ok
19:00:54.0406 0x05c8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] D:\WINDOWS\system32\drivers\splitter.sys
19:00:54.0406 0x05c8  D:\WINDOWS\system32\drivers\splitter.sys - ok
19:00:54.0406 0x05c8  [ 418045A93CD87A352098AB7DABE1B53E, 81419093CCB985DA284931FA3DF41C4CFE25350DB1C366792903411819371664 ] D:\WINDOWS\explorer.exe
19:00:54.0406 0x05c8  D:\WINDOWS\explorer.exe - ok
19:00:54.0421 0x05c8  [ 62982E7EF025B5D8FB31467265C43918, 50763ED3A1524110A4E1327877C1D6495F135FC462E48D99423AAEC39C139492 ] D:\WINDOWS\system32\browseui.dll
19:00:54.0421 0x05c8  D:\WINDOWS\system32\browseui.dll - ok
19:00:54.0421 0x05c8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] D:\WINDOWS\system32\drivers\swmidi.sys
19:00:54.0421 0x05c8  D:\WINDOWS\system32\drivers\swmidi.sys - ok
19:00:54.0421 0x05c8  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] D:\WINDOWS\system32\drivers\dmusic.sys
19:00:54.0421 0x05c8  D:\WINDOWS\system32\drivers\dmusic.sys - ok
19:00:54.0421 0x05c8  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] D:\WINDOWS\system32\drivers\kmixer.sys
19:00:54.0421 0x05c8  D:\WINDOWS\system32\drivers\kmixer.sys - ok
19:00:54.0421 0x05c8  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] D:\WINDOWS\system32\drivers\drmkaud.sys
19:00:54.0421 0x05c8  D:\WINDOWS\system32\drivers\drmkaud.sys - ok
19:00:54.0437 0x05c8  [ 5F62AE472DDEC02CB3C635FAD6F3A632, ED777A976B6F75A20EF7D92972B26D5DF8AC2471412D6CB34E0DE74ABB7DBD44 ] D:\WINDOWS\system32\shdocvw.dll
19:00:54.0437 0x05c8  D:\WINDOWS\system32\shdocvw.dll - ok
19:00:54.0437 0x05c8  [ 2CF969B9BF1EF069075DCDCE309FAAE1, 04CD664171AC3BD147CB5FA5CE86F42454D595A73988DFA870410172AC33373A ] D:\WINDOWS\system32\midimap.dll
19:00:54.0437 0x05c8  D:\WINDOWS\system32\midimap.dll - ok
19:00:54.0437 0x05c8  [ 84BDD3C4FADB534BD843D949CFCDE53C, 5773B9D7A417935D298AFB2D0FCA9FCFCBD9192F9AC0DE3CFBDE0477D819E348 ] D:\WINDOWS\system32\msacm32.drv
19:00:54.0437 0x05c8  D:\WINDOWS\system32\msacm32.drv - ok
19:00:54.0437 0x05c8  [ 4B0451C5A07470A3722171E354ABDADE, A7A1F52BA1A20330FEEBF285A62784475E74C95C76B875DF50B71721E412AA5F ] D:\WINDOWS\system32\desk.cpl
19:00:54.0437 0x05c8  D:\WINDOWS\system32\desk.cpl - ok
19:00:54.0437 0x05c8  [ 78898165CF0E27AFBD8653EF6D2FDA07, 0DBE48641D23FBF823E100861428F73ABCE067B78D5FC97B472806A02D12F36A ] D:\WINDOWS\system32\themeui.dll
19:00:54.0437 0x05c8  D:\WINDOWS\system32\themeui.dll - ok
19:00:54.0453 0x05c8  [ 65660A5C5C56DEFBA2F0F417D1B4A82C, A55940A35993B24CE3EE420F2C3C5D5EB62207711096E1F690FB0563DAF21B2E ] D:\WINDOWS\system32\urlmon.dll
19:00:54.0453 0x05c8  D:\WINDOWS\system32\urlmon.dll - ok
19:00:54.0453 0x05c8  [ EDAFBE25FB6480CE68F688BA691890DC, F21610B3FC4FE3C18334F2B204E9E7E77F7AC3DD7357171AAD2A65B64AC653E0 ] D:\WINDOWS\system32\wscntfy.exe
19:00:54.0453 0x05c8  D:\WINDOWS\system32\wscntfy.exe - ok
19:00:54.0453 0x05c8  [ 9B890F756D087991322464912FE68E75, 57BF326C1AFC57803F6E5E77458080FE5A1C1413C6F9BD3CC37ADD07008E6812 ] D:\WINDOWS\system32\cmd.exe
19:00:54.0453 0x05c8  D:\WINDOWS\system32\cmd.exe - ok
19:00:54.0453 0x05c8  [ 2AD9820E4B17E78110A6AA06BF5C1CE2, 330A62FC255D24FCF7904B11CD533A9A06C1EBDBD90491A11960317759E7F4D0 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{A3707573-378C-4F1A-BC0D-911A3B6224BC}.exe
19:00:54.0453 0x05c8  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{A3707573-378C-4F1A-BC0D-911A3B6224BC}.exe - ok
19:00:54.0468 0x05c8  [ 65657A27D1487BAAFE446ED3E20D2209, F0A1D344E38B9D60F6149E0BDCCB06EF53A298E76B1682A5F573CFD3B8F49CAF ] D:\WINDOWS\system32\msutb.dll
19:00:54.0468 0x05c8  D:\WINDOWS\system32\msutb.dll - ok
19:00:54.0468 0x05c8  [ A4472EA73BFB27132483F86BAFCD7783, 04DABF76F91D8F3EE43837591C33516E2C644AB3F2C8E75FE5256258C1632046 ] D:\WINDOWS\system32\msctf.dll
19:00:54.0468 0x05c8  D:\WINDOWS\system32\msctf.dll - ok
19:00:54.0468 0x05c8  [ F6B34CD47CAF6D68106B9F8055F35C50, AEB641391D0186C2A6C2ED97FE87EDF6D0289818FD2CBB98AAD0CDA3504B23B0 ] D:\WINDOWS\system32\rundll32.exe
19:00:54.0468 0x05c8  D:\WINDOWS\system32\rundll32.exe - ok
19:00:54.0468 0x05c8  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] D:\WINDOWS\system32\ctfmon.exe
19:00:54.0468 0x05c8  D:\WINDOWS\system32\ctfmon.exe - ok
19:00:54.0468 0x05c8  [ 6106C285CCBAA90AABE190C7F9E25558, 955D34F12EF4A3B4531DF821ACA31762DAE3E7868719F1FFBDDC85637F4E18E8 ] D:\WINDOWS\system32\bthprops.cpl
19:00:54.0468 0x05c8  D:\WINDOWS\system32\bthprops.cpl - ok
19:00:54.0484 0x05c8  [ 456DFE2E9E04CAD282E19DE078DCF85B, 1236F50D225F331F0583D5203E58B2CE631008832071F8FDAF103D0BF47D49AD ] D:\WINDOWS\ime\sptip.dll
19:00:54.0484 0x05c8  D:\WINDOWS\ime\sptip.dll - ok
19:00:54.0484 0x05c8  [ E5A0609A36161F9CA277F3E4EEE339F7, E8E300F5535DBDE4682A2263CD3AF12C5CF778412AA97A8D124B3130ED2B7BEF ] D:\WINDOWS\system32\devmgr.dll
19:00:54.0484 0x05c8  D:\WINDOWS\system32\devmgr.dll - ok
19:00:54.0484 0x05c8  [ 5543A9D4A1D0F9F84092482A9373A024, 6A400462579D71046074FA49A34E0F909C43DCBFA05D1875084FA7FF260949E4 ] D:\WINDOWS\system32\linkinfo.dll
19:00:54.0484 0x05c8  D:\WINDOWS\system32\linkinfo.dll - ok
19:00:54.0484 0x05c8  [ 6AD81A33FE1E1DBB7A1E332C20160D05, 128AA71D3E4CEF642F9C1568349ADFA2AD2A5C4F5E5AA2702380C02783129DE1 ] D:\WINDOWS\system32\ntshrui.dll
19:00:54.0484 0x05c8  D:\WINDOWS\system32\ntshrui.dll - ok
19:00:54.0484 0x05c8  [ A7A221F7ED230E24A3186A5234751A08, D22B3BE8690FB6BA0586640C67212D5C6105B437086C96572BF3FB01CF308582 ] D:\WINDOWS\system32\winhttp.dll
19:00:54.0484 0x05c8  D:\WINDOWS\system32\winhttp.dll - ok
19:00:54.0500 0x05c8  [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{3FD7D3B1-7E4B-4753-83FB-C0E0704BA945}.tmp
19:00:54.0500 0x05c8  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{3FD7D3B1-7E4B-4753-83FB-C0E0704BA945}.tmp - ok
19:00:54.0500 0x05c8  [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{0010087B-C20C-4D16-984D-AE8E8171396F}.tmp
19:00:54.0500 0x05c8  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{0010087B-C20C-4D16-984D-AE8E8171396F}.tmp - ok
19:00:54.0500 0x05c8  [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{A7770DBC-62AC-4EB0-95AA-1B5E0DEDBD3C}.tmp
19:00:54.0500 0x05c8  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{A7770DBC-62AC-4EB0-95AA-1B5E0DEDBD3C}.tmp - ok
19:00:54.0500 0x05c8  [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{1351E434-CDFE-49B2-AAC2-1CAE86A08046}.tmp
19:00:54.0500 0x05c8  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{1351E434-CDFE-49B2-AAC2-1CAE86A08046}.tmp - ok
19:00:54.0515 0x05c8  [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{1D6D9C62-7611-4858-BE54-79392DBA0D5B}.tmp
19:00:54.0515 0x05c8  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{1D6D9C62-7611-4858-BE54-79392DBA0D5B}.tmp - ok
19:00:54.0515 0x05c8  [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{5CF0DCA3-F141-4559-BBDC-A303E821DA2B}.tmp
19:00:54.0515 0x05c8  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{5CF0DCA3-F141-4559-BBDC-A303E821DA2B}.tmp - ok
19:00:54.0515 0x05c8  [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{52E86C98-3C39-464D-8AAD-CFCF392C500C}.tmp
19:00:54.0515 0x05c8  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{52E86C98-3C39-464D-8AAD-CFCF392C500C}.tmp - ok
19:00:54.0515 0x05c8  [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{DC2CAAE1-A2C2-4EAF-B470-680493993AFD}.tmp
19:00:54.0515 0x05c8  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{DC2CAAE1-A2C2-4EAF-B470-680493993AFD}.tmp - ok
19:00:54.0515 0x05c8  [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{CF4F0EDD-537B-4CAC-AAAB-70AF6E29EF2E}.tmp
19:00:54.0515 0x05c8  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{CF4F0EDD-537B-4CAC-AAAB-70AF6E29EF2E}.tmp - ok
19:00:54.0531 0x05c8  [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{9F458773-C585-465D-B055-57334463312A}.tmp
19:00:54.0531 0x05c8  D:\DOKUME~1\Arbeit\LOKALE~1\Temp\{E0C977E1-DDDE-4A33-ACD0-029868781FA0}\{9F458773-C585-465D-B055-57334463312A}.tmp - ok
19:00:54.0531 0x05c8  [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] D:\WINDOWS\system32\imapi.exe
19:00:54.0531 0x05c8  D:\WINDOWS\system32\imapi.exe - ok
19:00:54.0531 0x05c8  [ C1DA9CCE6295AA435877CFBF0C61005D, 63B6B70CF3E535F7863DAA3A2DC904E2FA8470E2E35A4C1368468F4015B80F81 ] D:\WINDOWS\system32\webcheck.dll
19:00:54.0531 0x05c8  D:\WINDOWS\system32\webcheck.dll - ok
19:00:54.0531 0x05c8  [ F84AC3459F5ED9B77BC38C481F744729, 14DB981F2256858F144183C0C66ACF1100D65CBEF73ADD31E1B41D6F648DAF56 ] D:\WINDOWS\system32\batmeter.dll
19:00:54.0531 0x05c8  D:\WINDOWS\system32\batmeter.dll - ok
19:00:54.0531 0x05c8  [ DE2CD737BB7C6B2F391D54A06C1B80A1, 364E8F5088E0B9B7A7672D752BB1CED92DC2FFEEE4F9A1F16C46839462CB48A6 ] D:\WINDOWS\system32\stobject.dll
19:00:54.0531 0x05c8  D:\WINDOWS\system32\stobject.dll - ok
19:00:54.0546 0x05c8  [ 3F541BFA1043223844EBBFEBE3ED1AD8, 7A78013B9DC714FEF40B445653E1B901E3476C38724F43AEFC5715F26448D063 ] D:\WINDOWS\system32\ssdpapi.dll
19:00:54.0546 0x05c8  D:\WINDOWS\system32\ssdpapi.dll - ok
19:00:54.0546 0x05c8  [ 24ABEFFDE26EDD53F33187FB46068876, 988157B737163DEAAFDB8157DBC3D37C05DADC4433A864D7C811CF23087E86F2 ] D:\WINDOWS\system32\upnp.dll
19:00:54.0546 0x05c8  D:\WINDOWS\system32\upnp.dll - ok
19:00:54.0546 0x05c8  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] D:\WINDOWS\system32\drivers\http.sys
19:00:54.0546 0x05c8  D:\WINDOWS\system32\drivers\http.sys - ok
19:00:54.0546 0x05c8  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] D:\WINDOWS\system32\ssdpsrv.dll
19:00:54.0546 0x05c8  D:\WINDOWS\system32\ssdpsrv.dll - ok
19:00:54.0562 0x05c8  [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] D:\WINDOWS\system32\rasmans.dll
19:00:54.0562 0x05c8  D:\WINDOWS\system32\rasmans.dll - ok
19:00:54.0562 0x05c8  [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] D:\WINDOWS\system32\tapisrv.dll
19:00:54.0562 0x05c8  D:\WINDOWS\system32\tapisrv.dll - ok
19:00:54.0562 0x05c8  [ 67F2A1E0D4EF9F276346E9FE5007C6A2, 8790C9560BEF428634D3824E129B57CC70DCE59FD27CBE86BD1DE36FBCD1CED1 ] D:\WINDOWS\system32\rastapi.dll
19:00:54.0562 0x05c8  D:\WINDOWS\system32\rastapi.dll - ok
19:00:54.0562 0x05c8  [ A0D8D3E40071A2D46A174F358E579FF9, 2AEFE14B4B789878A067686056D35A09B8C7D2FE10833FF4526ABE4B0FAF7CC5 ] D:\WINDOWS\system32\unimdm.tsp
19:00:54.0562 0x05c8  D:\WINDOWS\system32\unimdm.tsp - ok
19:00:54.0562 0x05c8  [ 6880D17F2120260DED52864711FD5D40, 5B2AF29DD885F58B6137D6F0D9CF2F4417388E2C6A7D0E823844238E64352DF9 ] D:\WINDOWS\system32\uniplat.dll
19:00:54.0562 0x05c8  D:\WINDOWS\system32\uniplat.dll - ok
19:00:54.0578 0x05c8  [ E1A725D3FAC63C1D61EDA9D01D52018E, E6C43143A63FB8D168D50D90BDD7E0228D5C4CEB44F51FC6D80E5ABAF83850AD ] D:\WINDOWS\system32\modemui.dll
19:00:54.0578 0x05c8  D:\WINDOWS\system32\modemui.dll - ok
19:00:54.0578 0x05c8  [ F7F6B41973142FACBCB0227051B8758C, E9068499EFDE0BBAF7F3AC2A28858FD4D4D7D68BF0F11625C2F35FE3A81F4DDF ] D:\WINDOWS\system32\unimdmat.dll
19:00:54.0578 0x05c8  D:\WINDOWS\system32\unimdmat.dll - ok
19:00:54.0578 0x05c8  [ A46C35D2222289E11498E63DC255D9EE, 52E4AE39EE6E7026F7C5E9698773A7C6AB98DBBF298BD6C7482033DB5ED7DA70 ] D:\WINDOWS\system32\h323.tsp
19:00:54.0578 0x05c8  D:\WINDOWS\system32\h323.tsp - ok
19:00:54.0578 0x05c8  [ FAB9161D01BAFED0FBA37B7EDC2E6C3E, 4FC6445C53AB9ABA555ACD77A46725ADD25185ECAB775A65981B931758BF1781 ] D:\WINDOWS\system32\ipconf.tsp
19:00:54.0578 0x05c8  D:\WINDOWS\system32\ipconf.tsp - ok
19:00:54.0578 0x05c8  [ B88E7C1BECF19CB7DF5D14C139E1B129, A0AFE18EE94B3A5621639B99766289339780470077FCCBD4D8592EC11D6BAF83 ] D:\WINDOWS\system32\kmddsp.tsp
19:00:54.0578 0x05c8  D:\WINDOWS\system32\kmddsp.tsp - ok
19:00:54.0593 0x05c8  [ B6368A01066D60B47927E70C3FCC4F4E, 2BAA8A00B3CDC2559360D83E53981404E8945D25A21BA411D96630B80FB0879F ] D:\WINDOWS\system32\ndptsp.tsp
19:00:54.0593 0x05c8  D:\WINDOWS\system32\ndptsp.tsp - ok
19:00:54.0593 0x05c8  [ B469B24EB3B6A5FA2E9AD4679F209A5A, 057467DE813719DA55E8A763E7DB54CB078EA248FCE1964A7DE48E74791BE115 ] D:\WINDOWS\system32\hidphone.tsp
19:00:54.0593 0x05c8  D:\WINDOWS\system32\hidphone.tsp - ok
19:00:54.0593 0x05c8  [ 784CE11452CEE7FA71BE94ACABC8D241, 8808A42B819D17921C417AFE4EF8653D6D63E62E86E26994CF1D6DF7A878646C ] D:\WINDOWS\system32\rasppp.dll
19:00:54.0593 0x05c8  D:\WINDOWS\system32\rasppp.dll - ok
19:00:54.0593 0x05c8  [ 41AA6EB6D03E14F64CAE4E661C45F5FC, F3B6FE36CBD517D05EF6E78585D612583C99237B3A1C4F12EC5533111E9C39CB ] D:\WINDOWS\system32\ntlsapi.dll
19:00:54.0593 0x05c8  D:\WINDOWS\system32\ntlsapi.dll - ok
19:00:54.0609 0x05c8  [ 1F869848291EFDBE3883B101EDD39025, F2771C370D1BE7AEDBC88140CAD704A96906F6ACC5F2D67F87909B8BF209F5A8 ] D:\WINDOWS\system32\rasqec.dll
19:00:54.0609 0x05c8  D:\WINDOWS\system32\rasqec.dll - ok
19:00:54.0609 0x05c8  [ 31940D74AE890495C73E37482F150DC3, B557CF9608AB3F31980EE36587F66CFF19017FD28398306590A783CBEDB9A58C ] D:\WINDOWS\system32\rasdlg.dll
19:00:54.0609 0x05c8  D:\WINDOWS\system32\rasdlg.dll - ok
19:00:54.0609 0x05c8  ================ Scan generic autorun ======================
19:00:54.0609 0x05c8  BluetoothAuthenticationAgent - ok
19:00:54.0656 0x05c8  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] D:\WINDOWS\system32\CTFMON.EXE
19:00:54.0734 0x05c8  CTFMON.EXE - ok
19:00:54.0859 0x05c8  [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] D:\Programme\Spy\TeaTimer.exe
19:00:55.0000 0x05c8  SpybotSD TeaTimer - detected UnsignedFile.Multi.Generic ( 1 )
19:00:55.0000 0x05c8  SpybotSD TeaTimer ( UnsignedFile.Multi.Generic ) - warning
19:00:55.0015 0x05c8  [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] D:\WINDOWS\system32\ctfmon.exe
19:00:55.0093 0x05c8  CTFMON.EXE - ok
19:00:55.0203 0x05c8  Win FW state via NFM: enabled
19:00:55.0203 0x05c8  ============================================================
19:00:55.0203 0x05c8  Scan finished
19:00:55.0203 0x05c8  ============================================================
19:00:55.0203 0x0328  Detected object count: 3
19:00:55.0203 0x0328  Actual detected object count: 3
19:01:13.0750 0x0328  D:\WINDOWS\System32\Drivers\41d78ef79c384a09.sys - copied to quarantine
19:01:13.0750 0x0328  HKLM\SYSTEM\ControlSet001\services\41d78ef79c384a09 - will be deleted on reboot
19:01:13.0765 0x0328  HKLM\SYSTEM\ControlSet004\services\41d78ef79c384a09 - will be deleted on reboot
19:01:13.0765 0x0328  D:\WINDOWS\System32\Drivers\41d78ef79c384a09.sys - will be deleted on reboot
19:01:13.0765 0x0328  41d78ef79c384a09 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
19:01:13.0765 0x0328  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:01:13.0765 0x0328  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:01:13.0765 0x0328  SpybotSD TeaTimer ( UnsignedFile.Multi.Generic ) - skipped by user
19:01:13.0765 0x0328  SpybotSD TeaTimer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:01:15.0265 0x0328  KLMD registered as D:\WINDOWS\system32\drivers\89806009.sys
19:01:18.0765 0x0200  Deinitialize success
2. TDSS Log
Code:
19:07:23.0562 0x0634  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
19:07:25.0453 0x0634  ============================================================
19:07:25.0453 0x0634  Current date / time: 2014/11/30 19:07:25.0453
19:07:25.0453 0x0634  SystemInfo:
19:07:25.0453 0x0634 
19:07:25.0453 0x0634  OS Version: 5.1.2600 ServicePack: 3.0
19:07:25.0453 0x0634  Product type: Workstation
19:07:25.0453 0x0634  ComputerName: INTRNET
19:07:25.0453 0x0634  UserName: Arbeit
19:07:25.0453 0x0634  Windows directory: D:\WINDOWS
19:07:25.0453 0x0634  System windows directory: D:\WINDOWS
19:07:25.0453 0x0634  Processor architecture: Intel x86
19:07:25.0453 0x0634  Number of processors: 2
19:07:25.0453 0x0634  Page size: 0x1000
19:07:25.0453 0x0634  Boot type: Normal boot
19:07:25.0453 0x0634  ============================================================
19:07:25.0453 0x0634  BG loaded
19:07:25.0593 0x0634  System UUID: {78DF7FD0-1D0E-3939-D90F-C6BA596866FA}
19:07:26.0125 0x0634  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
19:07:26.0125 0x0634  Drive \Device\Harddisk1\DR3 - Size: 0x7A800000 ( 1.91 Gb ), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:07:26.0140 0x0634  ============================================================
19:07:26.0140 0x0634  \Device\Harddisk0\DR0:
19:07:26.0140 0x0634  MBR partitions:
19:07:26.0140 0x0634  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C25FE
19:07:26.0140 0x0634  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C267C, BlocksNum 0x1C7FE044
19:07:26.0140 0x0634  \Device\Harddisk1\DR3:
19:07:26.0140 0x0634  MBR partitions:
19:07:26.0140 0x0634  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x5F0, BlocksNum 0x3D3A10
19:07:26.0140 0x0634  ============================================================
19:07:26.0156 0x0634  C: <-> \Device\Harddisk0\DR0\Partition1
19:07:26.0187 0x0634  D: <-> \Device\Harddisk0\DR0\Partition2
19:07:26.0187 0x0634  ============================================================
19:07:26.0187 0x0634  Initialize success
19:07:26.0187 0x0634  ============================================================

Combofix Logfile:

[CODE]ComboFix 14-11-25.01 - Arbeit 30.11.2014 19:39:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1918.1443 [GMT 1:00]
ausgeführt von:: d:\dokumente und einstellungen\Arbeit\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\dokumente und einstellungen\Internet volker\WINDOWS
d:\dokumente und einstellungen\internet\WINDOWS
d:\dokumente und einstellungen\ve\WINDOWS
d:\windows\IsUn0407.exe
d:\windows\system32\DC120fc7_32.dll
d:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSHOST32
-------\Service_SYSHOST32
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-28 bis 2014-11-30 ))))))))))))))))))))))))))))))
.
.
2014-11-30 18:01 . 2014-11-30 18:01 -------- d-----w- D:\TDSSKiller_Quarantine
2014-11-30 10:31 . 2014-11-30 10:31 114904 ----a-w- d:\windows\system32\drivers\6EDC00ED.sys
2014-11-29 21:18 . 2014-11-29 21:19 -------- d-----w- D:\FRST
2014-11-29 19:29 . 2014-11-29 19:29 114904 ----a-w- d:\windows\system32\drivers\06AF4E76.sys
2014-11-29 18:50 . 2014-11-29 18:50 -------- d-----w- d:\windows\system32\CatRoot_bak
2014-11-29 17:31 . 2014-11-29 17:31 114904 ----a-w- d:\windows\system32\drivers\29F57440.sys
2014-11-29 13:14 . 2014-11-29 13:14 114904 ----a-w- d:\windows\system32\drivers\20342FBD.sys
2014-11-29 13:12 . 2014-11-29 13:12 114904 ----a-w- d:\windows\system32\drivers\49F22E28.sys
2014-11-29 13:12 . 2014-11-29 13:12 -------- d-----w- d:\programme\Malwarebam
2014-11-29 13:12 . 2014-10-01 10:11 54360 ----a-w- d:\windows\system32\drivers\mbamchameleon.sys
2014-11-29 13:12 . 2014-10-01 10:11 23256 ----a-w- d:\windows\system32\drivers\mbam.sys
2014-11-29 10:41 . 2014-11-29 10:41 114904 ----a-w- d:\windows\system32\drivers\113D3A7C.sys
2014-11-29 10:39 . 2014-11-29 10:39 114904 ----a-w- d:\windows\system32\drivers\2CAF392C.sys
2014-11-29 09:52 . 2014-11-29 10:04 114904 ----a-w- d:\windows\system32\drivers\241A155A.sys
2014-11-29 09:49 . 2014-11-29 17:29 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Package Cache
2014-11-27 19:19 . 2014-11-27 19:19 110296 ----a-w- d:\windows\system32\drivers\48230029.sys
2014-11-26 18:54 . 2014-11-26 18:54 -------- d-----w- d:\dokumente und einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files
2014-11-26 18:34 . 2014-11-26 18:35 -------- d-----w- D:\AdwCleaner
2014-11-13 20:06 . 2014-11-26 18:28 -------- d-----w- D:\Bewerbung
2014-11-13 19:53 . 2014-11-13 19:53 -------- d-----w- d:\dokumente und einstellungen\internet\Lokale Einstellungen\Anwendungsdaten\PDF24
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-13 04:49 . 2014-09-13 04:49 1409 ----a-w- d:\windows\system32\tmpE80A8.FOT
2014-09-13 04:49 . 2014-09-13 04:49 1409 ----a-w- d:\windows\system32\tmp120A8.FOT
2007-03-12 17:59 . 2007-03-12 17:59 299008 ----a-w- d:\programme\navigram_register.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- d:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2014-05-14 08:34 191016 ----a-w- d:\programme\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHIWebOnDiskManager]
2014-05-15 14:46 245760 ------r- d:\programme\SHIWebOnDiskManager\SHIWebOnDiskManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"mnmsrvc"=3 (0x3)
"CiSvc"=3 (0x3)
"ACDaemon"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Programme\\Windows Media Player\\wmplayer.exe"=
"d:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Programme\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\49F22E28.sys [29.11.2014 14:12 114904]
R2 MBAMScheduler;MBAMScheduler;d:\programme\Malwarebam\mbamscheduler.exe [29.11.2014 14:12 1871160]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [29.11.2014 14:12 23256]
S2 MBAMService;MBAMService;d:\programme\Malwarebam\mbamservice.exe [29.11.2014 14:12 968504]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [29.12.2009 21:54 1684736]
S4 Norton Internet Security;Norton Internet Security;"d:\programme\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "d:\programme\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> d:\programme\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - d:\dokumente und einstellungen\Arbeit\Anwendungsdaten\Mozilla\Firefox\Profiles\2t452zou.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-53460251.sys
SafeBoot-70922823.sys
SafeBoot-72734582.sys
AddRemove-ArCon - d:\windows\unin0407.exe
AddRemove-Frhed - d:\programme\Frhed\uninst.exe
AddRemove-Loewe2 - d:\windows\IsUn0407.exe
AddRemove-Loewe4 - d:\windows\IsUn0407.exe
AddRemove-MozillaMaintenanceService - d:\programme\Mozilla Maintenance Service\uninstall.exe
AddRemove-QuickTime 3.0 - d:\windows\unin0407.exe
AddRemove-S3 - d:\windows\IsUn0407.exe
AddRemove-Secret Of Six Seas - d:\progra~1\SECRET~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-11-30 20:00
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"d:\programme\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"d:\programme\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
d:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2040)
d:\windows\system32\msi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-30 20:01:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-11-30 19:01
.
Vor Suchlauf: 32 Verzeichnis(se), 140.248.481.792 Bytes frei
Nach Suchlauf: 35 Verzeichnis(se), 140.675.706.880 Bytes frei
.
- - End Of File - - 659632314552B1CFE387B372BED0F767
72B8CE41AF0DE751C946802B3ED844B4
/CODE]

Kann ich die Lssrvc.exe beim nächsten Lauf TDSS abschießen lassen oder ist es besser, diese irgendwie zu deinstallieren?
Was mache ich falsch mit dem Code-Tag? Mal klappts, mal nicht...
Danke.

schrauber 01.12.2014 20:37
Zitat:
Kann ich die Lssrvc.exe beim nächsten Lauf TDSS abschießen lassen
warum willst du das?


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

tymara 01.12.2014 22:49
Hauptsächlich, weil ich die Lssrvc gar nicht brauche (hab jetzt erst mal nachgeschaut, was das eigentlich ist). Die läuft dauernd im Taskmanager. Also weg damit.

Logs folgen. Mbam und adwcleaner habe ich schon, soll ich das alte mbam Log von letzter Woche auch mal posten? (adwcleaner hatte nichts gefunden). Aber ich lade mir alles noch mal neu und frisch runter und mache die Läufe gleich.

Hey, diesmal hab ich nur eine Stunde gebraucht ;)

mbam (frisch)
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.12.2014
Suchlauf-Zeit: 21:48:31
Logdatei:
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.09.19.05
Rootkit Datenbank: v2014.09.18.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows XP Service Pack 3
CPU: x86
Dateisystem: NTFS
Benutzer: Arbeit

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 400950
Verstrichene Zeit: 14 Min, 54 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
adwcleaner(frisch)
Code:
# AdwCleaner v4.103 - Bericht erstellt am 01/12/2014 um 22:09:48
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-01.1 [Local]
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Arbeit - INTRNET
# Gestartet von : D:\Dokumente und Einstellungen\Arbeit\Desktop\AdwCleaner_4.103.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v12.0 (de)

[4316qnym.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[4316qnym.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
[fv1votu1.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[fv1votu1.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
[fv1votu1.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
[fv1votu1.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");

*************************

AdwCleaner[R0].txt - [1188 octets] - [26/11/2014 19:34:48]
AdwCleaner[R1].txt - [1466 octets] - [01/12/2014 22:06:06]
AdwCleaner[S0].txt - [1249 octets] - [26/11/2014 19:35:27]
AdwCleaner[S1].txt - [1441 octets] - [01/12/2014 22:09:48]

########## EOF - D:\AdwCleaner\AdwCleaner[S1].txt - [1501 octets] ##########
jrt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Microsoft Windows XP x86
Ran by Arbeit on 01.12.2014 at 22:13:56,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.12.2014 at 22:15:07,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
frst
[CODE]
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Arbeit (administrator) on INTRNET on 01-12-2014 22:24:26
Running from D:\Dokumente und Einstellungen\Arbeit\Desktop
Loaded Profile: Arbeit (Available profiles: ve & internet & Internet ***** & Arbeit)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(Hewlett-Packard Company) D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes\mbamscheduler.exe
(Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Winlogon\Notify\AtiExtEvent: D:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-789336058-879983540-839522115-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-789336058-879983540-839522115-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
URLSearchHook: HKU\S-1-5-21-789336058-879983540-839522115-1006 - Microsoft Url Sucheingriff - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
HKU\S-1-5-21-789336058-879983540-839522115-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Programme\Spy\SDHelper.dll (Safer Networking Limited)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: D:\Dokumente und Einstellungen\Arbeit\Anwendungsdaten\Mozilla\Firefox\Profiles\2t452zou.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\Programme\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> D:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 LightScribeService; D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [73728 2005-12-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; D:\Programme\Malwarebytes\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\Malwarebytes\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 ose; D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 ACDaemon; D:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 MozillaMaintenance; D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [X]
S4 Norton Internet Security; "D:\Programme\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "D:\Programme\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; D:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Ambfilt; D:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 AmdPPM; D:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 BlueletAudio; D:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; D:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
S3 BT; D:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; D:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; D:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; D:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 BTNetFilter; D:\Programme\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.)
R3 MBAMProtector; D:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
S3 Monfilt; D:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 RTHDMIAzAudService; D:\WINDOWS\System32\drivers\RtKHDMI.sys [3733760 2009-05-21] (Realtek Semiconductor Corp.)
R3 VComm; D:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; D:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
S3 catchme; \??\D:\ComboFix\catchme.sys [X]
S3 gdrv; \??\D:\WINDOWS\gdrv.sys [X]
S4 IntelIde; No ImagePath
S3 NAVENG; \??\D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
U5 ScsiPort; D:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SRTSP; \??\D:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\D:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 22:15 - 2014-12-01 22:15 - 00000582 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\JRT11214.txt
2014-12-01 22:13 - 2014-12-01 22:13 - 00000000 ____D () D:\WINDOWS\ERUNT
2014-12-01 22:12 - 2014-12-01 22:12 - 00001581 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\AdwCleaner11214.txt
2014-12-01 22:04 - 2014-12-01 22:04 - 00001193 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam011214.txt
2014-12-01 21:48 - 2014-12-01 21:48 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 21:47 - 2014-12-01 21:47 - 00000000 ____D () D:\Programme\Malwarebytes
2014-12-01 21:47 - 2014-12-01 21:47 - 00000000 ____D () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes
2014-12-01 21:47 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-01 21:47 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys
2014-12-01 21:46 - 2014-12-01 21:39 - 01707646 _____ (Thisisu) D:\Dokumente und Einstellungen\Arbeit\Desktop\JRT.exe
2014-12-01 21:46 - 2014-12-01 21:38 - 02154496 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\AdwCleaner_4.103.exe
2014-12-01 21:46 - 2014-12-01 21:37 - 19828376 _____ (Malwarebytes Corporation ) D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-30 20:01 - 2014-12-01 22:24 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00008391 _____ () D:\ComboFix.txt
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\ve\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\temp
2014-11-30 19:42 - 2014-11-30 19:42 - 00008192 ____H () D:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\system.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\software.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\SAM.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\default.tmp.LOG
2014-11-30 19:38 - 2014-11-30 19:30 - 04614888 _____ (Microsoft Corporation) D:\Dokumente und Einstellungen\Arbeit\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
2014-11-30 19:15 - 2014-11-30 20:01 - 00000000 ____D () D:\WINDOWS\erdnt
2014-11-30 19:15 - 2014-11-30 20:01 - 00000000 ____D () D:\Qoobox
2014-11-30 19:15 - 2014-11-30 19:15 - 00000000 ___RD () D:\Dokumente und Einstellungen\Arbeit\Startmenü\Programme\Verwaltung
2014-11-30 19:15 - 2011-06-26 07:45 - 00256000 _____ () D:\WINDOWS\PEV.exe
2014-11-30 19:15 - 2010-11-07 18:20 - 00208896 _____ () D:\WINDOWS\MBR.exe
2014-11-30 19:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) D:\WINDOWS\NIRCMD.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) D:\WINDOWS\SWREG.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) D:\WINDOWS\SWSC.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) D:\WINDOWS\SWXCACLS.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00098816 _____ () D:\WINDOWS\sed.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00080412 _____ () D:\WINDOWS\grep.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00068096 _____ () D:\WINDOWS\zip.exe
2014-11-30 19:14 - 2014-11-30 18:52 - 05599228 ____R (Swearware) D:\Dokumente und Einstellungen\Arbeit\Desktop\ComboFix.exe
2014-11-30 19:01 - 2014-11-30 19:01 - 00000000 ____D () D:\TDSSKiller_Quarantine
2014-11-30 11:31 - 2014-11-30 11:31 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\6EDC00ED.sys
2014-11-30 10:57 - 2014-12-01 22:24 - 00008580 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST.txt
2014-11-30 10:57 - 2014-11-30 10:47 - 04184008 _____ (Kaspersky Lab ZAO) D:\Dokumente und Einstellungen\Arbeit\Desktop\tdsskiller.exe
2014-11-30 10:57 - 2014-11-29 23:12 - 00013418 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\Addition.txt
2014-11-30 10:57 - 2014-11-29 21:52 - 01109504 _____ (Farbar) D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST.exe
2014-11-29 22:18 - 2014-12-01 22:24 - 00000000 ____D () D:\FRST
2014-11-29 20:29 - 2014-11-29 20:29 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\06AF4E76.sys
2014-11-29 19:51 - 2014-11-29 19:51 - 00001014 _____ () D:\WINDOWS\UpdateRollupPack.log
2014-11-29 19:50 - 2014-11-29 19:50 - 00000000 ____D () D:\WINDOWS\system32\CatRoot_bak
2014-11-29 18:31 - 2014-11-29 18:31 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\29F57440.sys
2014-11-29 14:14 - 2014-11-29 14:14 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\20342FBD.sys
2014-11-29 14:12 - 2014-11-29 14:12 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\49F22E28.sys
2014-11-29 11:41 - 2014-11-29 11:41 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\113D3A7C.sys
2014-11-29 11:39 - 2014-11-29 11:39 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\2CAF392C.sys
2014-11-29 10:58 - 2014-11-29 10:58 - 00001693 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam2711.txt
2014-11-29 10:52 - 2014-11-29 11:04 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\241A155A.sys
2014-11-29 10:49 - 2014-11-29 18:29 - 00000000 ____D () D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
2014-11-27 20:19 - 2014-11-27 20:19 - 00110296 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\48230029.sys
2014-11-26 19:54 - 2014-11-26 19:54 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files
2014-11-26 19:54 - 2011-07-10 08:19 - 00000590 _____ () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2014-11-26 19:34 - 2014-12-01 22:09 - 00000000 ____D () D:\AdwCleaner
2014-11-26 19:15 - 2014-11-26 19:15 - 00002104 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\hijackthis.log
2014-11-24 18:09 - 2014-11-24 18:11 - 00001228 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\Arbeit.lnk
2014-11-23 17:16 - 2014-11-23 17:16 - 00040888 _____ () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2014-11-14 18:00 - 2014-11-14 18:00 - 00000393 _____ () D:\Dokumente und Einstellungen\Internet *****\Desktop\Verknüpfung mit Bewerbung.lnk
2014-11-13 21:06 - 2014-11-26 19:28 - 00000000 ____D () D:\Bewerbung
2014-11-13 20:53 - 2014-11-13 20:53 - 00000000 ____D () D:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Anwendungsdaten\PDF24

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 22:17 - 2009-12-29 21:01 - 00337416 _____ () D:\WINDOWS\WindowsUpdate.log
2014-12-01 22:11 - 2009-12-29 21:06 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-12-01 22:11 - 2009-12-29 19:40 - 00000159 _____ () D:\WINDOWS\wiadebug.log
2014-12-01 22:11 - 2009-12-29 19:40 - 00000050 _____ () D:\WINDOWS\wiaservc.log
2014-12-01 22:10 - 2014-09-23 20:55 - 00000190 ___SH () D:\Dokumente und Einstellungen\Arbeit\ntuser.ini
2014-12-01 22:10 - 2009-12-29 21:06 - 00032622 _____ () D:\WINDOWS\SchedLgU.Txt
2014-12-01 21:47 - 2009-12-29 19:38 - 00000000 ___RD () D:\Programme
2014-12-01 21:47 - 2009-12-29 19:38 - 00000000 ___RD () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-12-01 21:43 - 2004-08-05 13:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2014-11-30 20:01 - 2009-12-29 21:05 - 00000000 __SHD () D:\Dokumente und Einstellungen\NetworkService
2014-11-30 20:00 - 2004-08-05 13:00 - 00000227 _____ () D:\WINDOWS\system.ini
2014-11-30 19:42 - 2009-12-29 20:36 - 19431424 _____ () D:\WINDOWS\system32\config\software.bak
2014-11-30 19:42 - 2009-12-29 20:36 - 05505024 _____ () D:\WINDOWS\system32\config\system.bak
2014-11-30 19:42 - 2009-12-29 20:36 - 04124672 _____ () D:\WINDOWS\system32\config\default.bak
2014-11-30 19:42 - 2009-12-29 19:37 - 00049152 _____ () D:\WINDOWS\system32\config\SECURITY.bak
2014-11-30 19:42 - 2009-12-29 19:37 - 00028672 _____ () D:\WINDOWS\system32\config\SAM.bak
2014-11-30 19:15 - 2014-09-23 20:55 - 00000000 ___RD () D:\Dokumente und Einstellungen\Arbeit\Startmenü\Programme
2014-11-29 20:26 - 2009-12-29 20:32 - 00000000 ____D () D:\WINDOWS\security
2014-11-29 20:25 - 2009-12-29 19:37 - 00652795 _____ () D:\WINDOWS\setupapi.log
2014-11-29 19:51 - 2012-01-29 17:25 - 00509760 _____ () D:\WINDOWS\svcpack.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00399028 _____ () D:\WINDOWS\iis6.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00173443 _____ () D:\WINDOWS\ocgen.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00171810 _____ () D:\WINDOWS\FaxSetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00106383 _____ () D:\WINDOWS\tsoc.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00071997 _____ () D:\WINDOWS\comsetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00051834 _____ () D:\WINDOWS\ntdtcsetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00018238 _____ () D:\WINDOWS\MedCtrOC.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00012342 _____ () D:\WINDOWS\ocmsn.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00010726 _____ () D:\WINDOWS\msgsocm.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00007006 _____ () D:\WINDOWS\tabletoc.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00003788 _____ () D:\WINDOWS\imsins.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00110046 _____ () D:\WINDOWS\msmqinst.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00031938 _____ () D:\WINDOWS\netfxocm.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00003788 _____ () D:\WINDOWS\imsins.BAK
2014-11-29 18:32 - 2012-03-29 17:10 - 00000000 ____D () D:\ebayneu
2014-11-27 22:07 - 2014-02-24 09:54 - 00000000 ____D () D:\Arbeit
2014-11-27 21:34 - 2009-12-29 21:00 - 00000000 ____D () D:\WINDOWS\system32\Restore
2014-11-26 00:01 - 2011-07-04 20:59 - 00000000 ____D () D:\*****
2014-11-26 00:00 - 2014-06-12 20:11 - 00000000 ____D () D:\Vodafone
2014-11-25 18:31 - 2010-01-10 16:37 - 00000116 _____ () D:\WINDOWS\NeroDigital.ini
2014-11-23 23:11 - 2014-09-23 20:55 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit
2014-11-21 14:44 - 2010-03-05 16:24 - 00000190 ___SH () D:\Dokumente und Einstellungen\Internet *****\ntuser.ini
2014-11-21 14:44 - 2010-03-05 16:24 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****
2014-11-20 11:46 - 2014-05-31 19:42 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Anwendungsdaten\vlc
2014-11-17 13:52 - 2010-01-09 18:12 - 00000000 ____D () D:\BJPrinter
2014-11-17 12:59 - 2010-01-08 23:50 - 00000190 ___SH () D:\Dokumente und Einstellungen\internet\ntuser.ini
2014-11-17 12:59 - 2010-01-08 23:50 - 00000000 ____D () D:\Dokumente und Einstellungen\internet
2014-11-17 11:21 - 2013-10-19 03:26 - 00000000 ____D () D:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Temp
2014-11-15 13:27 - 2009-12-29 22:57 - 00000000 ____D () D:\******
2014-11-14 19:31 - 2012-09-13 21:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Desktop\*****
2014-11-13 21:06 - 2013-09-01 12:53 - 00000000 ____D () D:\Bilder_Video

Some content of TEMP:
====================
D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\temp\Quarantine.exe
D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

schrauber 02.12.2014 20:40
Dann deinstalliert man erstmal die Software bevor man einfach nen Dienst killt :)



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

tymara 04.12.2014 21:43
Zitat:
Dann deinstalliert man erstmal die Software bevor man einfach nen Dienst killt
Jo, jetzt wo du es sagst, klingts logisch... *schäm*
Deinstallieren ist zuviel gesagt, ich hab den Task manuell beendet, die Lssrvc.exe (mehr war nicht da) jetzt erst mal in den Papierkorb geschoben (nachdem alle Scans durch waren). Sie kam wohl mit Nero mit, aber ich bezweifle stark, daß mein alter Brenner überhaupt Lightscribe-fähig ist.

Nun zu den Logs:
Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d2d0c3912da8134b9a588359daab0b43
# engine=21401
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-04 07:54:02
# local_time=2014-12-04 08:54:02 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# scanned=89980
# found=1
# cleaned=0
# scan_time=2431
sh=9A7E8554E215D14BA92E96FFCEF40D233DBB7122 ft=1 fh=c19f3e448b4bf44f vn="Variante von Win32/Rootkit.Kryptik.ZL Trojaner" ac=I fn="D:\TDSSKiller_Quarantine\30.11.2014_19.00.05\necurs0000\svc0000\tsk0000.dta"
Code:
Results of screen317's Security Check version 0.99.91 
 Windows XP Service Pack 3 x86 
 Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Warten Sie, w„hrend WMIC installiert wird.
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware Version 2.0.3.1025 
 HijackThis 2.0.2   
  Adobe Flash Player        14.0.0.145 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox 12.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive D:: 
````````````````````End of Log``````````````````````


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Arbeit (administrator) on INTRNET on 04-12-2014 21:13:35
Running from D:\Dokumente und Einstellungen\Arbeit\Desktop
Loaded Profile: Arbeit (Available profiles: ve & internet & Internet ***** & Arbeit)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) D:\WINDOWS\system32\ati2evxx.exe
(Hewlett-Packard Company) D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes\mbamscheduler.exe
(Microsoft Corporation) D:\WINDOWS\system32\wscntfy.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes\mbam.exe
(Malwarebytes Corporation) D:\Programme\Malwarebytes\mbamservice.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Winlogon\Notify\AtiExtEvent: D:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-789336058-879983540-839522115-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-789336058-879983540-839522115-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
URLSearchHook: HKU\S-1-5-21-789336058-879983540-839522115-1006 - Microsoft Url Sucheingriff - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
HKU\S-1-5-21-789336058-879983540-839522115-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Programme\Spy\SDHelper.dll (Safer Networking Limited)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: D:\Dokumente und Einstellungen\Arbeit\Anwendungsdaten\Mozilla\Firefox\Profiles\2t452zou.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\Programme\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> D:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\Programme\Mozilla Firefox\firefox.exe

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 LightScribeService; D:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [73728 2005-12-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; D:\Programme\Malwarebytes\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; D:\Programme\Malwarebytes\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 ose; D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 ACDaemon; D:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [X]
S4 MozillaMaintenance; D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [X]
S4 Norton Internet Security; "D:\Programme\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "D:\Programme\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; D:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Ambfilt; D:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 AmdPPM; D:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 BlueletAudio; D:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; D:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; D:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; D:\WINDOWS\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; D:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; D:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 BTNetFilter; D:\Programme\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.)
R3 MBAMProtector; D:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; D:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-04] (Malwarebytes Corporation)
S3 Monfilt; D:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 RTHDMIAzAudService; D:\WINDOWS\System32\drivers\RtKHDMI.sys [3733760 2009-05-21] (Realtek Semiconductor Corp.)
R3 VComm; D:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; D:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
S3 catchme; \??\D:\ComboFix\catchme.sys [X]
S3 gdrv; \??\D:\WINDOWS\gdrv.sys [X]
S4 IntelIde; No ImagePath
S3 NAVENG; \??\D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
U5 ScsiPort; D:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 SRTSP; \??\D:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\D:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 21:13 - 2014-12-04 21:13 - 00008825 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST.txt
2014-12-04 21:11 - 2014-12-04 21:11 - 00001139 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\checkup.txt
2014-12-04 20:11 - 2014-12-04 20:11 - 00000000 ____D () D:\Programme\ESET
2014-12-02 21:34 - 2014-12-02 21:22 - 00852490 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\SecurityCheck.exe
2014-12-02 21:34 - 2014-12-02 21:20 - 02347384 _____ (ESET) D:\Dokumente und Einstellungen\Arbeit\Desktop\esetsmartinstaller_deu.exe
2014-12-01 22:36 - 2014-12-01 22:36 - 00021496 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST011214.txt
2014-12-01 22:28 - 2014-11-29 22:51 - 00017092 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST291114.txt
2014-12-01 22:15 - 2014-12-01 22:15 - 00000582 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\JRT11214.txt
2014-12-01 22:13 - 2014-12-01 22:13 - 00000000 ____D () D:\WINDOWS\ERUNT
2014-12-01 22:12 - 2014-12-01 22:12 - 00001581 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\AdwCleaner11214.txt
2014-12-01 22:04 - 2014-12-01 22:04 - 00001193 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam011214.txt
2014-12-01 21:48 - 2014-12-04 20:16 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 21:47 - 2014-12-01 21:47 - 00000000 ____D () D:\Programme\Malwarebytes
2014-12-01 21:47 - 2014-12-01 21:47 - 00000000 ____D () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes
2014-12-01 21:47 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-01 21:47 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbam.sys
2014-12-01 21:46 - 2014-12-01 21:39 - 01707646 _____ (Thisisu) D:\Dokumente und Einstellungen\Arbeit\Desktop\JRT.exe
2014-12-01 21:46 - 2014-12-01 21:38 - 02154496 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\AdwCleaner_4.103.exe
2014-12-01 21:46 - 2014-12-01 21:37 - 19828376 _____ (Malwarebytes Corporation ) D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-30 20:01 - 2014-12-04 21:13 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00008391 _____ () D:\ComboFix.txt
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\ve\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Lokale Einstellungen\temp
2014-11-30 20:01 - 2014-11-30 20:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\temp
2014-11-30 19:42 - 2014-11-30 19:42 - 00008192 ____H () D:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\system.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\software.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\SAM.tmp.LOG
2014-11-30 19:42 - 2014-11-30 19:42 - 00000000 ____H () D:\WINDOWS\system32\config\default.tmp.LOG
2014-11-30 19:38 - 2014-11-30 19:30 - 04614888 _____ (Microsoft Corporation) D:\Dokumente und Einstellungen\Arbeit\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
2014-11-30 19:15 - 2014-11-30 20:01 - 00000000 ____D () D:\WINDOWS\erdnt
2014-11-30 19:15 - 2014-11-30 20:01 - 00000000 ____D () D:\Qoobox
2014-11-30 19:15 - 2014-11-30 19:15 - 00000000 ___RD () D:\Dokumente und Einstellungen\Arbeit\Startmenü\Programme\Verwaltung
2014-11-30 19:15 - 2011-06-26 07:45 - 00256000 _____ () D:\WINDOWS\PEV.exe
2014-11-30 19:15 - 2010-11-07 18:20 - 00208896 _____ () D:\WINDOWS\MBR.exe
2014-11-30 19:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) D:\WINDOWS\NIRCMD.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) D:\WINDOWS\SWREG.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) D:\WINDOWS\SWSC.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) D:\WINDOWS\SWXCACLS.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00098816 _____ () D:\WINDOWS\sed.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00080412 _____ () D:\WINDOWS\grep.exe
2014-11-30 19:15 - 2000-08-31 01:00 - 00068096 _____ () D:\WINDOWS\zip.exe
2014-11-30 19:14 - 2014-11-30 18:52 - 05599228 ____R (Swearware) D:\Dokumente und Einstellungen\Arbeit\Desktop\ComboFix.exe
2014-11-30 19:01 - 2014-11-30 19:01 - 00000000 ____D () D:\TDSSKiller_Quarantine
2014-11-30 11:31 - 2014-11-30 11:31 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\6EDC00ED.sys
2014-11-30 10:57 - 2014-12-04 21:12 - 00022430 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST1.txt
2014-11-30 10:57 - 2014-11-30 10:47 - 04184008 _____ (Kaspersky Lab ZAO) D:\Dokumente und Einstellungen\Arbeit\Desktop\tdsskiller.exe
2014-11-30 10:57 - 2014-11-29 23:12 - 00013418 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\Addition.txt
2014-11-30 10:57 - 2014-11-29 21:52 - 01109504 _____ (Farbar) D:\Dokumente und Einstellungen\Arbeit\Desktop\FRST.exe
2014-11-29 22:18 - 2014-12-04 21:13 - 00000000 ____D () D:\FRST
2014-11-29 20:29 - 2014-11-29 20:29 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\06AF4E76.sys
2014-11-29 19:51 - 2014-11-29 19:51 - 00001014 _____ () D:\WINDOWS\UpdateRollupPack.log
2014-11-29 19:50 - 2014-11-29 19:50 - 00000000 ____D () D:\WINDOWS\system32\CatRoot_bak
2014-11-29 18:31 - 2014-11-29 18:31 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\29F57440.sys
2014-11-29 14:14 - 2014-11-29 14:14 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\20342FBD.sys
2014-11-29 14:12 - 2014-11-29 14:12 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\49F22E28.sys
2014-11-29 11:41 - 2014-11-29 11:41 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\113D3A7C.sys
2014-11-29 11:39 - 2014-11-29 11:39 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\2CAF392C.sys
2014-11-29 10:58 - 2014-11-29 10:58 - 00001693 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\mbam2711.txt
2014-11-29 10:52 - 2014-11-29 11:04 - 00114904 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\241A155A.sys
2014-11-29 10:49 - 2014-11-29 18:29 - 00000000 ____D () D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
2014-11-27 20:19 - 2014-11-27 20:19 - 00110296 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\48230029.sys
2014-11-26 19:54 - 2014-11-26 19:54 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files
2014-11-26 19:54 - 2011-07-10 08:19 - 00000590 _____ () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
2014-11-26 19:34 - 2014-12-01 22:09 - 00000000 ____D () D:\AdwCleaner
2014-11-26 19:15 - 2014-11-26 19:15 - 00002104 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\hijackthis.log
2014-11-24 18:09 - 2014-11-24 18:11 - 00001228 _____ () D:\Dokumente und Einstellungen\Arbeit\Desktop\Arbeit.lnk
2014-11-23 17:16 - 2014-11-23 17:16 - 00040888 _____ () D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2014-11-14 18:00 - 2014-11-14 18:00 - 00000393 _____ () D:\Dokumente und Einstellungen\Internet *****\Desktop\Verknüpfung mit Bewerbung.lnk
2014-11-13 21:06 - 2014-11-26 19:28 - 00000000 ____D () D:\Bewerbung
2014-11-13 20:53 - 2014-11-13 20:53 - 00000000 ____D () D:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Anwendungsdaten\PDF24

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 20:56 - 2009-12-29 19:37 - 00655135 _____ () D:\WINDOWS\setupapi.log
2014-12-04 20:11 - 2009-12-29 19:38 - 00000000 ___RD () D:\Programme
2014-12-04 18:57 - 2009-12-29 21:01 - 00346669 _____ () D:\WINDOWS\WindowsUpdate.log
2014-12-04 18:51 - 2009-12-29 21:06 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-12-04 18:51 - 2009-12-29 19:40 - 00000159 _____ () D:\WINDOWS\wiadebug.log
2014-12-04 18:51 - 2009-12-29 19:40 - 00000050 _____ () D:\WINDOWS\wiaservc.log
2014-12-03 22:46 - 2010-01-08 23:50 - 00000190 ___SH () D:\Dokumente und Einstellungen\internet\ntuser.ini
2014-12-03 22:46 - 2009-12-29 21:06 - 00032622 _____ () D:\WINDOWS\SchedLgU.Txt
2014-12-02 21:59 - 2014-09-23 20:55 - 00000190 ___SH () D:\Dokumente und Einstellungen\Arbeit\ntuser.ini
2014-12-01 21:47 - 2009-12-29 19:38 - 00000000 ___RD () D:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-12-01 21:43 - 2004-08-05 13:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2014-11-30 20:01 - 2009-12-29 21:05 - 00000000 __SHD () D:\Dokumente und Einstellungen\NetworkService
2014-11-30 20:00 - 2004-08-05 13:00 - 00000227 _____ () D:\WINDOWS\system.ini
2014-11-30 19:42 - 2009-12-29 20:36 - 19431424 _____ () D:\WINDOWS\system32\config\software.bak
2014-11-30 19:42 - 2009-12-29 20:36 - 05505024 _____ () D:\WINDOWS\system32\config\system.bak
2014-11-30 19:42 - 2009-12-29 20:36 - 04124672 _____ () D:\WINDOWS\system32\config\default.bak
2014-11-30 19:42 - 2009-12-29 19:37 - 00049152 _____ () D:\WINDOWS\system32\config\SECURITY.bak
2014-11-30 19:42 - 2009-12-29 19:37 - 00028672 _____ () D:\WINDOWS\system32\config\SAM.bak
2014-11-30 19:15 - 2014-09-23 20:55 - 00000000 ___RD () D:\Dokumente und Einstellungen\Arbeit\Startmenü\Programme
2014-11-29 20:26 - 2009-12-29 20:32 - 00000000 ____D () D:\WINDOWS\security
2014-11-29 19:51 - 2012-01-29 17:25 - 00509760 _____ () D:\WINDOWS\svcpack.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00399028 _____ () D:\WINDOWS\iis6.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00173443 _____ () D:\WINDOWS\ocgen.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00171810 _____ () D:\WINDOWS\FaxSetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00106383 _____ () D:\WINDOWS\tsoc.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00071997 _____ () D:\WINDOWS\comsetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00051834 _____ () D:\WINDOWS\ntdtcsetup.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00018238 _____ () D:\WINDOWS\MedCtrOC.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00012342 _____ () D:\WINDOWS\ocmsn.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00010726 _____ () D:\WINDOWS\msgsocm.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00007006 _____ () D:\WINDOWS\tabletoc.log
2014-11-29 19:48 - 2009-12-29 19:38 - 00003788 _____ () D:\WINDOWS\imsins.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00110046 _____ () D:\WINDOWS\msmqinst.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00031938 _____ () D:\WINDOWS\netfxocm.log
2014-11-29 19:47 - 2009-12-29 19:38 - 00003788 _____ () D:\WINDOWS\imsins.BAK
2014-11-29 18:32 - 2012-03-29 17:10 - 00000000 ____D () D:\ebayneu
2014-11-27 22:07 - 2014-02-24 09:54 - 00000000 ____D () D:\Arbeit
2014-11-27 21:34 - 2009-12-29 21:00 - 00000000 ____D () D:\WINDOWS\system32\Restore
2014-11-26 00:01 - 2011-07-04 20:59 - 00000000 ____D () D:\*****
2014-11-26 00:00 - 2014-06-12 20:11 - 00000000 ____D () D:\Vodafone
2014-11-25 18:31 - 2010-01-10 16:37 - 00000116 _____ () D:\WINDOWS\NeroDigital.ini
2014-11-23 23:11 - 2014-09-23 20:55 - 00000000 ____D () D:\Dokumente und Einstellungen\Arbeit
2014-11-21 14:44 - 2010-03-05 16:24 - 00000190 ___SH () D:\Dokumente und Einstellungen\Internet *****\ntuser.ini
2014-11-21 14:44 - 2010-03-05 16:24 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****
2014-11-20 11:46 - 2014-05-31 19:42 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Anwendungsdaten\vlc
2014-11-17 13:52 - 2010-01-09 18:12 - 00000000 ___HD () D:\BJPrinter
2014-11-17 12:59 - 2010-01-08 23:50 - 00000000 ____D () D:\Dokumente und Einstellungen\internet
2014-11-17 11:21 - 2013-10-19 03:26 - 00000000 ____D () D:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Temp
2014-11-15 13:27 - 2009-12-29 22:57 - 00000000 ____D () D:\******
2014-11-14 19:31 - 2012-09-13 21:01 - 00000000 ____D () D:\Dokumente und Einstellungen\Internet *****\Desktop\******
2014-11-13 21:06 - 2013-09-01 12:53 - 00000000 ____D () D:\Bilder_Video

Some content of TEMP:
====================
D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\temp\Quarantine.exe
D:\Dokumente und Einstellungen\Arbeit\Lokale Einstellungen\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Zitat:
Probleme?
Im Moment nicht. :)

schrauber 05.12.2014 17:12
Flash und Firefox updaten. Und unbedingt über ein anderes WIndows nachdenken.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

tymara 06.12.2014 11:55
Moin moin,

hier das Fixlog.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by Arbeit at 2014-12-06 11:29:29 Run:2
Running from D:\Dokumente und Einstellungen\Arbeit\Desktop
Loaded Profile: Arbeit (Available profiles: ve & internet & Internet ***** & Arbeit)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.

==== End of Fixlog ====
Was hatte es mit diesem Schlüssel auf sich?


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:23 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131